Analysis
-
max time kernel
191s -
max time network
192s -
platform
windows11-21h2_x64 -
resource
win11-20231222-en -
resource tags
-
submitted
12-02-2024 18:44
Errors
General
-
Target
https://www.mediafire.com/folder/8no97trzbix8y/Laun4eer
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
-
Suspicious use of SetThreadContext 4 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/8no97trzbix8y/Laun4eer1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9df5c3cb8,0x7ff9df5c3cc8,0x7ff9df5c3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,7867820827488227891,10223429671481803691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"C:\Users\Admin\Downloads\linstalIer2024!___Pswrd--1231\linstaIler2024!.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39e5055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56dbe72a1f5827efc08f70d06ef815d46
SHA16aacd61519fce53ecb92e5e61207a6c29c01f47b
SHA256dd673404dd6deb2d2b331316370fd05e47c01b9dc489640f05b50898d536a6e3
SHA5122e6115ca818df5f5b7985caf3ce2324e266b376f6180f84b44e9ae725e037a8456c2cd63e22b9750e2ba27f4c7460dfa429ce9910517a728b056e5f1e730e25a
-
Filesize
62KB
MD59d24f8e471644bbef0c94d4bd57d503a
SHA181cd9121d379dce0baac0190f86092ab8e948bb4
SHA256e44cf8e17283de26a37965dccd2e9da783de62167d1fe268cbdc716150cd6463
SHA512b0740cee06b8a8847f5f4786f20810a915f5d8d3a732b9abf7ab6ff5f3a763400981559dea303212a3d7d64524999f46c6f57653c918164f75e0bb32e740f100
-
Filesize
31KB
MD5227d55d385fabd6f05eb8c67b9733999
SHA13eb8f335c07a52588634281e5d5a66f7933d7449
SHA2565aea8852d89fe365202a39392d67498224d7985f90edf063719002b07fdb62af
SHA51298531fcf1ecfeb22e2c5d1956d58211e9dd3d801a142140b0fba8e5b7a732ee29558dccd29393d437e2acde28da555d84491b78856696873ea6e8efcd26c9450
-
Filesize
2KB
MD5a59ba79651ccb6bb4255a669b13c402b
SHA1cbdac256e0857c8c0251e30ec5e8c2b0b8f17f1f
SHA25664c96cd20062c5bd30a5dca61787807185d91915e7b10031fbced35736781ca0
SHA5129e5c8610b0621167da08f9242bc26ec2b2f5d97e28079e6aff2f8718b2dd5e5d675cfbef7997413821da564f94f34e8460eb36f73142d8f5f9146e9043427feb
-
Filesize
2KB
MD59a32949792ab21ef3ab6c517ff65e758
SHA1c60707e79bfe910b7ee37c2be5e74f15232c6b7a
SHA256969c220bb9790c0925b5f33a44b220a8f975d871b2f64f2438b8cbb68368c436
SHA512db1e4fb2c6a89f3ddc3ddb7eece607c43c820b20ea4ed17c4e3cd336c8b8df8f4a58f7fed572ff89f1162e230437468c4d5af6a3e5b3848e00e5cef9b2a73d30
-
Filesize
12KB
MD532b75061b4fb6e840bf87239edbaabbd
SHA101cfb245696bb5cdf4716386210025c42937fd91
SHA25621245589348a2492638bfe7dca088588263d8c3618e2fc44f80de3a5e30afe2c
SHA5123760b1a9d2d4ea9b993192e1da8284771fd7c47f6bf344e5b01883ea2c3d4136d3985be8ede4480a0e238d5d5af856fe6a81b9d3d51e89fb808148a2a8e110a7
-
Filesize
4KB
MD5727bcf3514ec5993680e713813b65c00
SHA1a95e4dedc082ab3e489da4400461e9ff1fcfa7cf
SHA256f2fae230528ecba91719181acdd64015cee836d8b41052ab9f69857a3ad08c62
SHA5126a57d939a8cf5d9823a04aaf5abc8bdf14a0a6875cdd14d11f5b65c36e3c14d21f9e2e74a72f52019620d0938b3f2537fcc74f0674b4be9b90d9aece86712f65
-
Filesize
12KB
MD5fc43f7453ef1c212015bbf0f8fd8416c
SHA19ad014ebf11406bc7a154381f9c00eee6522a9a1
SHA2565b77cea8e6aec578b9503eb7f22a38cff4fa92c94217fb93e2edf1308a092692
SHA512963ab7a92a3f8cb7050e31501e0827f02e4e58209f8ad27db9b46db093ecede073466678015063bf26a2905d5e0f8111e9c3ee6b247d99710da3ea352119c28a
-
Filesize
6KB
MD5bbeedfebda60cd1f75d2afd5386af6db
SHA1286544cbed3fa00dded4753c0cd0690b8459efef
SHA256a99d89fcf1df9a604dbcb4e249cd2367ad22f387820a24925f9de0a3575bb8b9
SHA512de6bf22ae7b03c6b0867810d04961f245f69e74de9d14d5a973380b0f879ffef63cc6ce7726c636ad939709768ee3252cadfca78ab0bea2ca17d303bd808b470
-
Filesize
14KB
MD5ff55c46069b3262a9b542854bb09555a
SHA1c1b4bdee3248c1b1666c3d15e41c634b7e386b96
SHA256291bd4b71ca799966c69334b26695f4db6edebadfebc7ce62caea67dec82aed1
SHA51263d5b4daed6bf1ca9513c568abb0b0baad1e3f875207587f00de9997b92c7730ae2c30ab5b5bdcd37b607e56ec82b41be757bea3c46baace6d7b06c4f2280366
-
Filesize
25KB
MD5e5477be1e6c4cc9f570c69a84dd4f681
SHA1fdcbdc83ccfef1c270b927c6815e641f6d96a132
SHA256f06ab204d1d24ecd2d13e473bf807a8fc65ed09114a227966b4a308bd7eaa531
SHA51224eb3338f0a7be6df183c5d5f22831bed07ce0779dcc124e805364a128a08f571160a6809556cd1de323c9d3cc64299855978967c8693b8324cd9bb22f5ffe14
-
Filesize
4KB
MD5ae02775f2a4fad25024d71518038a09c
SHA1d98bc743ae0fbe65a885e17e07653fa7b27d5290
SHA2568970f88fbaa43c2ac30127e2a10e1b08ba1bb33b3163c07e383567df7c525164
SHA5122911a821755c448d4fbaa7de7dee0858f88440c9cbaa533925370ff6867126be84d9be27e82290a0697f1ceefb70832a075457fab44a8ee464d37c004ac81c71
-
Filesize
4KB
MD5c92e41598980738993edf495a3abd99d
SHA1a1f21107787bf64d3798361d97f4024af5aaff71
SHA25682b520e8cccc65ff6d2818ae1ee79e72c4886b2bc46ad0945cb6df6a12357a5a
SHA5120da49094fc9a80e8f3b42cfd8ff3d89b2d2b3a90b7b01e31e0b459930222176718811f0ca490bc8472838ac1bb7b7d090e7262e99ffe632ea3985bdc693b9265
-
Filesize
1KB
MD59aba983ef3a1a2c3d31561fa25fb1255
SHA17bb2f982d52571caac25615f949020e3d85f1fa2
SHA256828d98d0d9ad3f1bbe1e9dfe2acc6c2955f171c4bb953e5011af95c07eb8e3fe
SHA51235ba0eef46f016116455171d0806d69fda379fdbeb8f463898111e633128a41a493282c1ed33b3e2b5bcdab30e60560596aceb2dd8c64f86e980dbebfb76ebe3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
4KB
MD5e6f02835f62b65ec5ae0b37273f95e31
SHA1a29cdf472f0d8213a04ad2270488de0d801c669c
SHA256c92618158841d52edc60eab9b115834bd9c12dca9b71f6f82be1938cfe21e38f
SHA512f2a1f629cc2799835a03a122752fa56284c8a91af0a8ddfcc6f168eacfad98d0a621f7278c03ed57ac6c0dc6b95e9a1b4f42cc69fb7948372a74edc8414932d5
-
Filesize
9KB
MD59f5ce8f67c59cbce9c83c6cf9eac4a29
SHA10ca7be22d0218f248b825ac348386b06e5f37279
SHA256e6e21f7671738442031c394cd26def2ae9c6ea15256343f24e94e7d6aa94292b
SHA512906d7909732f8a54114f8d62df8a8fb087583473d279c2d47addecb59cd73330259006a00dcda8f81fcb56c21e8197b12337c0aa929d62d768b100147b910051
-
Filesize
10KB
MD5d831ebe795913760ecd1e3e507838efe
SHA15aba8962caec7245f4bc30b59cefa01e240d2a98
SHA2560ce25aa0bb9e384c063685fcde6f5b12c76e5e44e6a0e432b2f71eab0bb31aae
SHA512093c2f02cdfe459b093249b86fcd6e0cf53a6c60e9c5e1b7ce31dba1b2869f2a8e3180732dfe8d41f01ced68171dc9d049be519f0110a99fcbdc03b978659c2e
-
Filesize
11KB
MD59aca0b837cd2ddfa9834cb2ec27b031a
SHA1ed77fb8aea281ed5c2a7cb561f6ca03235cd4563
SHA256a68af6e6ba223369324e68c5a985a789a40ca02ecfaa0e58b9503e1ec45338fd
SHA5122750f682d12a31fe293e0168083777a4d44d670aca47b5beb9b789cf4232ebfd42e317ff774b2209b060aafef0ffb17410e6e08d4c3e1ffb1d47b08d3d91ea3b
-
Filesize
10KB
MD50ccf27785c0d10368d5ebeb3fa743f71
SHA16e32a7ea18e5b0e142fa9c8cd398e89233147be5
SHA25691eec1b94610931f62ac4b57593154f243a77fc1c56d99a9cfa2b6b8f5b990af
SHA512bbaf9e6abad5a29a4c8774902fcaf87c63b0280f4cf63c63bf7a8acb8cf007f23c1c394e8353490b3883e5a74ff672bf9c9e04c6af034e3222c1c3234450acc7
-
Filesize
1.8MB
MD5f15bed07d714fa0ed0fe810a63045814
SHA13b752bba39d9f58b97478f426c0460e248780c3c
SHA256120e88ecd75a1d412f8fc007c8a34bf92d2eeb563d5203feef892513742e0b1b
SHA51243b182e5ed55625c7055f5fd4385ce7aaef85210b1a7ccd679a3eaf267ae3acc26d9ec7e5342d66d66dbcf2e00f3b247ed9485108665858f373e414a5fb579ba
-
Filesize
38.2MB
MD5a669d89a16152133c9ffed93814b3dd7
SHA1a9c274a108877a5659f0619dc21c3d24139859ca
SHA256b12d3b7a3ad9eef1093daea9fe0790d2853b16ac8f6d6e394aa2c0b4024f2d6a
SHA512512e70264dc644eee5414a90a05bdac9bf8f71b9a5bf85787e3664cbeb1432a42ac8abf14f5e7510b648420dfb0a846f5ea5c9d608ddc2139590dbe381e7d311
-
Filesize
6.8MB
MD51f25ee5abe606c4bc112466217476163
SHA16dd9adb510502f1ba9963421d48b55ec93eb976e
SHA2569eaebc12b5bb46b9535cbdf34d4cfd38e6a83a54339f1f5e937a91421c26238b
SHA5121780d284893ac9820a03031e68f672f631c25cc29c1c02daf53667c7b2cc668453d445118360d7fb3ece1cbd51c72b0f336424bb5ea0a3434a4bff77417e9437
-
Filesize
16.1MB
MD5f1e5e7caeb84c7319cb034da4fc57ec3
SHA1cde149c97e35e389ef655f50010c8427ece57a88
SHA256c68cba452918f4ef2ee9113049ef9218e38fdbcb4228d79d03e1f93b88cd7d77
SHA5120bc60a75580484d1762d04125f1309566fce11350057c59a345073f457ab6b0de3f2deb4dab347cf797a0071547a5c0d7dcbf54eab149bc21efbd9101006e6d1
-
Filesize
20.9MB
MD54a4f11993800b6ce188b8826f01c8154
SHA1cc9bafe78b958958da7197e38be79b6e2c827276
SHA25604715d02e05e9cf3771ba9be8b25e9d7adbf6298c1d357ef109c3b9a0245cae9
SHA512df1da132f3d8574aed6f38d5183e7106679266cee1a912f34f7e97cad2062d3f37d4719c225a07c0843a512b90299f6daaad8a2a0b8878985efe46fbe15481a1
-
Filesize
74.2MB
MD561df622f550753a37d7deb0d0e851356
SHA1684e347f2d77f7a13977f38cd8acdaae0ba4f828
SHA256221b39a92076c4b7a2f6ce45908d98a49de2fa627fb833ed2e1f7bb032363352
SHA512470b1dac52c0e1d8f978d8140bfc8123fde1422dcc5b8f56bde74da2ca38dd723492f5e124d160ea1e243df98d5aca2f3bdf633dbff4003d5b3ef5b7b9c3b4f4
-
Filesize
14.3MB
MD5de9bd6e7b03d28321a18ec70850e7638
SHA19f36f297ca9e6935f7844fda1a79c8c7a3ae695c
SHA256fd55f0ed7279c34b088c7e3c3dab6bf6c757d162ab5067feede865eb896ace01
SHA5124800d264f4e30df2b0b253beffc13d02f4d0b2768fd7966b56c00cb9b86edd6b946b3533f5e5d89435d49271fa59c9f4953f8711be79d8205065b03ca491c59b
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
74.9MB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
4KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB
-
Filesize
484KB