Analysis
-
max time kernel
104s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
04/04/2025, 06:45
General
-
Target
OVALWantlist0325.exe
-
Size
180KB
-
MD5
081a892310290038e4ba646c488bad8e
-
SHA1
b3d36e18d2a94eb5060bb725a1d9a4e70629777d
-
SHA256
a777a2eec9933c95e419cce77b09cffb73f0c4afcffde00942b9665098aa7fb4
-
SHA512
44412a2305cd5d34825d2bd3b3857d0a724e57e9aca586e7d50d8314bd2b7cd717f4010c5632bce94452b8a3ddde0b2e4eeb0660bdba7f08309eef58358875f9
-
SSDEEP
3072:4ZkluvUjaqwHyXzid7sIMcTzMkg8j/xGc5ptYhlcNZ+XayDwVsSrgIN4ftnr:80u3SXzIvng8N3tMM+qw
Malware Config
Extracted
Protocol: smtp- Host:
mail.lightstartrading.com - Port:
587 - Username:
[email protected] - Password:
Mushtryati$#@Mushtryati
Extracted
stealerium
Signatures
-
Stealerium
An open source info stealer written in C# first seen in May 2022.
-
Stealerium family
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Uses browser remote debugging 2 TTPs 10 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\OVALWantlist0325.exe"C:\Users\Admin\AppData\Local\Temp\OVALWantlist0325.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
-
C:\Users\Admin\AppData\Local\Temp\OVALWantlist0325.exe"C:\Users\Admin\AppData\Local\Temp\OVALWantlist0325.exe"2⤵
- Checks computer location settings
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- outlook_office_path
- outlook_win_path
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --disable-gpu --disable-logging3⤵
- Uses browser remote debugging
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9779dcf8,0x7ffd9779dd04,0x7ffd9779dd104⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1848,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=1840 /prefetch:24⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2164,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2160 /prefetch:34⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2436,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2432 /prefetch:84⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2944,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2948 /prefetch:14⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2996,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2992 /prefetch:14⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4116,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4108 /prefetch:24⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4548,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4532 /prefetch:14⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5108,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5104 /prefetch:84⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5396,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5352 /prefetch:84⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=4760,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5128 /prefetch:84⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5684,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5680 /prefetch:84⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5428,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5432 /prefetch:84⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5172,i,2403409794272025958,16207081802133068372,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5552 /prefetch:84⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All3⤵
- System Network Configuration Discovery: Wi-Fi Discovery
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
-
C:\Windows\system32\netsh.exenetsh wlan show profile4⤵
- Event Triggered Execution: Netsh Helper DLL
- System Network Configuration Discovery: Wi-Fi Discovery
-
-
C:\Windows\system32\findstr.exefindstr All4⤵
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid3⤵
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
-
C:\Windows\system32\netsh.exenetsh wlan show networks mode=bssid4⤵
- Event Triggered Execution: Netsh Helper DLL
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --disable-gpu --disable-logging3⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x2ac,0x7ffd9717f208,0x7ffd9717f214,0x7ffd9717f2204⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2252,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2244 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2284,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2280 /prefetch:34⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2852,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2452 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3472 /prefetch:14⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3480 /prefetch:14⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4076,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=4072 /prefetch:14⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --extension-process --renderer-sub-type=extension --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4128,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=4116 /prefetch:24⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=3596,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3420 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=4032,i,12286504296921469903,15580807805974277598,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=5024 /prefetch:84⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\119d7c9e-7479-4482-9bb2-daccc58dedb9.bat"3⤵
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /F /PID 16844⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\timeout.exetimeout /T 2 /NOBREAK4⤵
- Delays execution with timeout.exe
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
173B
MD570e1643c50773124c0e1dbf69c8be193
SHA10e2e6fd8d0b49dddf9ea59013a425d586cb4730c
SHA2564fe3f09cb4d635df136ea45a11c05f74200fc6e855a75f9a27c0a0d32a2f632a
SHA512664e5d9263c0137f841daeb3dff00010ffeb7291ed08ccf6d0483200cd6d6bd3c9d31ea7e67a9de6aac591397060d8f01e8469bbad67d8e2f1c3900ef24c3679
-
Filesize
1KB
MD5785a8220ba6ac40f2a5484d306e78df1
SHA1ec25182048fff8cf58f5a98b8ae199c08539ddf1
SHA256735cca2fd2a07340da80847b6ac631a1962e98fac064d5ec55d6eb112d82a0e1
SHA512d388e37ce19f1f37c4d3e12e9350f6e04a105e33c88953ca848b6a055e7a311acad26e8370ee52a2eb1817c3dd9cdee3a46c7c142621d9aef5bef93e376b655f
-
Filesize
6KB
MD5ba60566019a99ea07cddebde63fe156b
SHA14f8458f0fabd775476e68ce181fc89ac561f9d50
SHA256e01e475fc8e56138b32b9005bb70b9d39e8cac0a83beb393aef6a4b6be3db565
SHA51205b2986fe266ec11ebaece5b71b19ffa77347038d624a5b53952fb5b265784cce0228b5ce0ad1d5bc94cb4208dc116c9f875f3c04ac2a5a2b85e0ca2d928e6cd
-
Filesize
522B
MD551e0cac4f0c5793089ab41486ad4befe
SHA10dff402aedeac3f4d7807b7062189602178bcaae
SHA25612d4b9fe58c39ccbe91d29f2a0e8d6714a8ea2a3e893a00a5c5462a9ddef9284
SHA51252dba909081356cb6e8b1beb9100aab6003df740cf09df8c0427bcdb1405e40f10ac28d1a01987492c5686c55164e77be533f87dc154c115080a7c7a94c96b70
-
Filesize
1KB
MD5081a9e7843a00e36c0707a3af4380343
SHA168d9add2a1d1dded842b32ddf16041b1ace41d7f
SHA2563c620da9435620bb58ced97072896df5abe650b91f460a4b7bf3586f6e8c9180
SHA5129f284ece6b93485f7c5a60686f750f210056f4d2906b6743cf7660b61569b0f6215a19154853821df3ec1f7e9e92ad4b47daf1658f5292d4fb8bd20386f2ff64
-
Filesize
1KB
MD5314b804f1b24e292f1284e486b947d4b
SHA172f73c8e13c8e4e887a13a4004fd18e3c347b0cc
SHA256aadab55d6a5173d9cc9cbd8d4b66c632d130e339ed2c153c98fe96c0637e3613
SHA5125e07ef832131f32e7faa672c1c451e750552b5f259026153c71aebce466e555cfcccc7e4d2f314af8aee5ef295c4105c6115bc9699fb6f47021024045ca52e03
-
Filesize
3KB
MD5dd8b05d353f9d0dddebc73ea9c913f2b
SHA1d3f46fb6fccc4ba078ef1fb7c98b28770bb13556
SHA25604186059a55e5599bab22390a182480145778069bcadf70b9241a31a501d4a9d
SHA512e9f212494a76a9afb365ab8cd08ea43b4d61ded4d18d3c3bed06a5d3ed7e9d56ab79e5c2dfe73dee2b77bc292883676f5c90808aef047d5aac5b5ae10b612315
-
Filesize
4KB
MD56b4152d081a2eccab8c8ce498faaa9f1
SHA1e34fa67d96abf7d830a88d8ad4f8d9a1bc6091b3
SHA256091f5814525b84461bd98f9e57c85cdaf9ed442c34ee789dee64c98df515cb9a
SHA51259da57fbf91852335669c04fa163a4282336b7b955962a0d25617d1f1a082663b6dca6285290a602b68b2904a1d45609afe2d0a9c98118b6831825550a177c5e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
80KB
MD57c281221d87203c256f7d8f091ffe702
SHA150cd5b716dc0087cedd281cba75d311fed8e4b80
SHA256bc50f924c22e78f6ef2d2705f0aadfb0e6a2b91beff6d314d7b99ba1f1489d96
SHA512e119bdbb331aad5538113b5c06797f2429787ebd79448d4fa885997fc1604a7ca7d610bfcc614dc60b1904285e8909bc16afd96d1fbd9448d044a943297a185d
-
Filesize
280B
MD5049e5a246ed025dee243db0ba8e2984c
SHA115ec2d2b28dcfc17c1cfb5d0c13482d0706f942d
SHA25633071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12
SHA512bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b
-
Filesize
280B
MD54facd0ff10154cde70c99baa7df81001
SHA165267ea75bcb63edd2905e288d7b96b543708205
SHA256a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b
SHA512ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
720B
MD597a2d00af5d6062bc3bc6929d20c96d0
SHA12e3963d9c2b923ae7295d580348243dd4db1e8bc
SHA2567d37aa554cae3570a79d81b938c28b13555009ec7640efdd3d0bd4074de41d1e
SHA5123fbab9781b8fff77df0f812b2bc9b43a8e27b2a0fdb5e76372c2778f05b1736a9a03df04051b4a6b588d2e38a82d87fa8feb1c66d2ace286ff0704009f66f402
-
Filesize
720B
MD5d8d1ac90795253720079c10b0ff5b04b
SHA11e7c2af404d1c561f0f12904e8dca9782cbf33ad
SHA2567f88dae682de533bcf814141ff3cf70e97c880355f08954efcf1ed9d052f023d
SHA5127abd34ad00059e0fa7e1ee3ca3cfa69382ee21ea9fbf047ad55ddda7640fa12b83c90d93c785cd22410058ae7c04ac9ddae67eb8d2a7140264b66f3bdcbc7deb
-
Filesize
6KB
MD5f2881662414a4fd8eef4c43f3acd16de
SHA1f5a509fbba44afd0066c048319d4a77b5c3c422b
SHA256746c490e995fd9524d5ae8580c1f5e4ee66cefaaa7c2396ea3a39a2f30a551ee
SHA5127bc271eef4c29ada4c23a0575d8967b64a4431f1cf630bd46d7c70993f15709224df55741be8718e8ff1c865d5e8d2d730f4635c55639b73cbf414a5608fe13e
-
Filesize
7KB
MD5a8fab115529c11f470b170f152f19682
SHA174176da14dc59674188d2c3bab13fd7eea3b4385
SHA25656715f1b49cfa4a678d5b6657b989ba0fb5fd55da93b0dbb1c7d654c534c3e79
SHA512e08268dc13d6fdb306ae8fba4c0ebd119a5853214b7335075e85c85a662f3b4050cae0360af8c75bedfd9f6218a933ea2819216fc71274199726db631fd23294
-
Filesize
152B
MD50ccabb16b02577d5002c1ed8aef5a0a4
SHA18c8638ab93bedd97ab47bde5c0198b8832632b28
SHA2562b0eb2d0fb924e9a6a2cff1905d87d8891d1a185402f45f8f7a5e7ec2c37051a
SHA512ba041bba4c691329dda505d2ecacebd2632952d0284adbfbad77210142560484c5391cc1ea3b72d1e746dc94fd306413d45b9139280b6a7dd4e71fff6dff4d10
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
104KB
-
Filesize
136KB
-
Filesize
272KB
-
Filesize
7.0MB
-
Filesize
10.8MB
-
Filesize
712KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
7.2MB
-
Filesize
7.2MB
-
Filesize
304KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
336KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
8KB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
10.8MB
-
Filesize
200KB