Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DefendUpdate.exe

Overview

General Information

Sample Name:DefendUpdate.exe
Analysis ID:829698
MD5:d9c8a47ef46ec852f3eddad0ea93a799
SHA1:d8abd4904ce2a225226278556511473c1d0ea406
SHA256:ae3e61c6db3e5886a7265c46658833259e5342e0f233fd980e9b4243d16f3336
Tags:exe
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Sample execution stops while process was sleeping (likely an evasion)
Queries the volume information (name, serial number etc) of a device
Program does not show much activity (idle)
Creates a process in suspended mode (likely to inject code)
PE file contains sections with non-standard names

Classification

  • System is w10x64
  • DefendUpdate.exe (PID: 6016 cmdline: C:\Users\user\Desktop\DefendUpdate.exe MD5: D9C8A47EF46EC852F3EDDAD0EA93A799)
    • cmd.exe (PID: 1536 cmdline: C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\user\Desktop\DefendUpdate.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • choice.exe (PID: 6136 cmdline: choice /C Y /N /D Y /T 0 MD5: EA29BC6BCB1EFCE9C9946C3602F3E754)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: DefendUpdate.exeAvira: detected
Source: DefendUpdate.exeReversingLabs: Detection: 28%
Source: DefendUpdate.exeVirustotal: Detection: 30%Perma Link
Source: DefendUpdate.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Cache\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\Jump to behavior
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: flate: internal error: frame_goaway_has_streamframe_headers_pad_shortframe_rststream_bad_lengarbage collection scangcDrain phase incorrecthttp2: handler panickedhttp: request too largehttps://www.youtube.comindex out of range [%x]interrupted system callinvalid PrintableStringinvalid URI for requestinvalid UUID length: %dinvalid escape sequenceinvalid m->lockedInt = invalid response code: invalid scalar encodingjson: cannot unmarshal left over markroot jobsmakechan: bad alignmentmalformed HTTP responsemissing 0xff00 sequencemissing port in addressmissing protocol schememissing type in runfinqmultipart: NextPart: %vnanotime returning zeronet/http context value net/http: abort Handlernetwork not implementedno application protocolno space left on devicenon-zero reserved fieldoperation not permittedoperation not supportedpanic during preemptoffprocresize: invalid argreflect.Value.Interfacereflect.Value.NumMethodreflect.methodValueCallruntime: internal errorruntime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timeskipping Question Classspan has no free stackssql: database is closedstack growth after forksyntax error in patternsystem huge page size (text/css; charset=utf-8text/xml; charset=utf-8time: invalid duration tls: invalid PSK bindertoo many pointers (>10)truncated tag or lengthunexpected Huffman codeunexpected address typeunexpected map key typeunknown empty width argunknown error code 0x%xunpacking Question.Nameunpacking Question.Typeunsupported certificatevarint integer overflowwork.nwait > work.nprocx509: invalid key usagex509: malformed UTCTimex509: malformed version() => this.parentElement, equals www.youtube.com (Youtube)
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: got CONTINUATION for stream %d; expected stream %dhttp: putIdleConn: CloseIdleConnections was calledhttp: suspiciously long trailer after chunked bodyhttps://www.youtube.com/getAccountSwitcherEndpointmallocgc called with gcphase == _GCmarkterminationnet/http: HTTP/1.x transport connection broken: %vnet/http: Transport failed to read from server: %vnet/http: cannot rewind body after connection lossrecursive call during initialization - linker skewreflect.Value.Slice3: slice of unaddressable arrayruntime: unable to acquire - semaphore out of synctls: invalid signature by the client certificate: tls: invalid signature by the server certificate: tls: received unexpected CertificateStatus messagex509: RSA public exponent is not a positive numberx509: invalid RDNSequence: invalid attribute valuex509: missing ASN.1 contents; use ParseCertificate{ equals www.youtube.com (Youtube)
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.bohemiancoding.com/sketch
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://go-rod.github.io/#/compatibility?id=os:
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://go-rod.github.io/#/compatibility?id=osfunction(e)
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://golang.org/pkg/time/#ParseDuration)
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://playwright.azureedge.net/builds/chromium/%d/chromium-linux-arm64.ziptls:
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://registry.npmmirror.com/-/binary/chromium-browser-snapshots/%s/%d/%stls:
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://storage.googleapis.com/chromium-browser-snapshots/%s/%d/%sreflect:
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://studio.youtube.com/reauth
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://studio.youtube.com/youtubei/v1/ars/grst?alt=json&key=net/http:
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://studio.youtube.com/youtubei/v1/security/get_web_reauth_url?alt=json&key=tls:
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.youtube.com/getAccountSwitcherEndpointmallocgc
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.youtube.comindex
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://youtube.com/inconsistent
Source: DefendUpdate.exe, 00000000.00000002.250506545.00000000010D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://youtube.comif-unmodified-sinceillegal
Source: DefendUpdate.exeReversingLabs: Detection: 28%
Source: DefendUpdate.exeVirustotal: Detection: 30%
Source: C:\Users\user\Desktop\DefendUpdate.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: mal60.spyw.winEXE@6/0@0/0
Source: unknownProcess created: C:\Users\user\Desktop\DefendUpdate.exe C:\Users\user\Desktop\DefendUpdate.exe
Source: C:\Users\user\Desktop\DefendUpdate.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\user\Desktop\DefendUpdate.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 0
Source: C:\Users\user\Desktop\DefendUpdate.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\user\Desktop\DefendUpdate.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 0 Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:676:120:WilError_01
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: DefendUpdate.exe, 00000000.00000002.250506545.0000000001B66000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: DefendUpdate.exeStatic file information: File size 4510208 > 1048576
Source: DefendUpdate.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x44ce00
Source: DefendUpdate.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: DefendUpdate.exeStatic PE information: section name: UPX2
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\DefendUpdate.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: DefendUpdate.exe, 00000000.00000002.256167775.0000023CE217C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Cache\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\Jump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\DefendUpdate.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\user\Desktop\DefendUpdate.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 0 Jump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior

Stealing of Sensitive Information

barindex
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\IconsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MaskableJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MaskableJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\IconsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform NotificationsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\c22ad13a-a322-4fd2-af93-38f6ee0e683cJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\IconsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\IconsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldbJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code CacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibagJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MaskableJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\CacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MaskableJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\IconsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MonochromeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldoomlJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MonochromeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MonochromeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\IconsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_apdfllckaahabafndbhieahigkjlhalfJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\jsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgiclJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MonochromeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\defJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing NetworkJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MonochromeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MaskableJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MaskableJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform NotificationsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosedJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dirJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MonochromeJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfakJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform NotificationsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session StorageJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pjkljhegncpnkpknbcohdijeoejaediaJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
Source: C:\Users\user\Desktop\DefendUpdate.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception11
Process Injection
1
Software Packing
1
OS Credential Dumping
1
Security Software Discovery
Remote Services1
Data from Local System
Exfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
Process Injection
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information
Security Account Manager11
System Information Discovery
SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet