Analysis
-
max time kernel
165s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
21-02-2024 20:26
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
lumma
https://modernizepledgeoi.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Trainer_ V21.2.exepid Process 5184 Trainer_ V21.2.exe -
Loads dropped DLL 1 IoCs
Processes:
Trainer_ V21.2.exepid Process 5184 Trainer_ V21.2.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Trainer_ V21.2.exedescription pid Process procid_target PID 5184 set thread context of 3580 5184 Trainer_ V21.2.exe 121 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3844919115-497234255-166257750-1000\{0E7B91BF-2806-4604-AC95-29536F64AF9C} msedge.exe -
Suspicious behavior: EnumeratesProcesses 58 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exemsedge.exepid Process 664 msedge.exe 664 msedge.exe 516 msedge.exe 516 msedge.exe 2720 identity_helper.exe 2720 identity_helper.exe 5796 msedge.exe 5796 msedge.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 384 msedge.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5984 msedge.exe 5984 msedge.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
Processes:
msedge.exepid Process 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
Processes:
7zG.exetaskmgr.exedescription pid Process Token: SeRestorePrivilege 5984 7zG.exe Token: 35 5984 7zG.exe Token: SeSecurityPrivilege 5984 7zG.exe Token: SeSecurityPrivilege 5984 7zG.exe Token: SeDebugPrivilege 5504 taskmgr.exe Token: SeSystemProfilePrivilege 5504 taskmgr.exe Token: SeCreateGlobalPrivilege 5504 taskmgr.exe Token: 33 5504 taskmgr.exe Token: SeIncBasePriorityPrivilege 5504 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid Process 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exetaskmgr.exepid Process 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 516 msedge.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe 5504 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 516 wrote to memory of 2468 516 msedge.exe 80 PID 516 wrote to memory of 2468 516 msedge.exe 80 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 4560 516 msedge.exe 82 PID 516 wrote to memory of 664 516 msedge.exe 81 PID 516 wrote to memory of 664 516 msedge.exe 81 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83 PID 516 wrote to memory of 1244 516 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/05620wh6arbfx/Helldivers_2_Trainer1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacabe46f8,0x7ffacabe4708,0x7ffacabe47182⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5676 /prefetch:82⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:12⤵PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7344 /prefetch:82⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:12⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:12⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3272 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6496 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6444 /prefetch:82⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,717763764089307190,13977201123931382675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:12⤵PID:1880
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1836
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2464
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Helldivers_2_Trainer\" -spe -an -ai#7zMap27083:102:7zEvent80061⤵
- Suspicious use of AdjustPrivilegeToken
PID:5984
-
C:\Users\Admin\Downloads\Helldivers_2_Trainer\Trainer_ V21.2.exe"C:\Users\Admin\Downloads\Helldivers_2_Trainer\Trainer_ V21.2.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:5184 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe2⤵PID:3580
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=Trainer_ V21.2.exe usagardenwintexture (32 bit)"1⤵PID:3232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffacabe46f8,0x7ffacabe4708,0x7ffacabe47182⤵PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5360dd5debf8bf7b89c4d88d29e38446c
SHA165afff8c78aeb12c577a523cb77cd58d401b0f82
SHA2563d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA5120ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542
-
Filesize
152B
MD56fbbaffc5a50295d007ab405b0885ab5
SHA1518e87df81db1dded184c3e4e3f129cca15baba1
SHA256b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD56248869961ac89fe75234500d74536ed
SHA1d6ad6220663778f09d2205db954ceb321c88d096
SHA256cffa5089244c727aa520890176cf15a37707b26c09dcfe359f9ad8b27ec368ba
SHA512cd6e85fab360c81af477722a76b62b993847b23b654fcb7211b2942546a39f5aa24539c1e8be57846eeaf8366769dc326e8f84ee4792d15f77d8fc3198e82fc5
-
Filesize
9KB
MD5802ee180de5a57b7214b75b10ef80a20
SHA1f71089a1a6f71cdde26f9b8912ec0fece57dbf24
SHA2561aa71e1a40fe791d737336cb509b69d102e0424616133c067b8048f37a94d8ca
SHA5129a8ec38ec7fce52690e89f981a1143a9f5932da1bdc1c9db24a3f23913eaec95d71ee3b0d1f5ff34da26cb2fc77181d73cf1fb9e227a56e0243e1788b21e023d
-
Filesize
8KB
MD50b0fa843be3b826c1162676d5a81f647
SHA1b5db82ecc7af736725defe6d37189e74dee328c5
SHA256e31470dea90623db628b9921f8c357bf35fc8a437880cffc4ec2cca39cd88251
SHA5125a2134911cd1b1e1a5c9fc0772a47e34a4416b0786cd8f52395569779345dd7020c1d56b1983656759835e55170f62d7c0ef2078d56072d609248b44142383b1
-
Filesize
6KB
MD5c09cef05a86e314952ce508c286c016d
SHA158c07087f5dda6abf83323804c985912fe702f0f
SHA256ba93fc6061c0e1e616f9d6772abe1fba1e074947a024f71c80e8dfb3cc59c2cd
SHA512cefe149473aa1d4f081d1e4595e24258ff2f908af170b8911fec84c28c6d48d9d19c4be4ffcc8cc7951025d74e169a163d5c684b31afd4e9c914578769659c9a
-
Filesize
9KB
MD58be5c35eb249fab9a0dcb98d29773921
SHA13f6845cbcd7a611bd19659b2fc1f242c220a6b47
SHA256003232d651fc9a39a0d6caafdaa5e73c8444145cd3850aef82cda488061d97dd
SHA512a855de1c37910735f424a8ea796a0c5b3b8f090c93fceb4f90c702efe2b0201ccde376bc401c9f379007fb78dae98c6ff56f7080830252ea7ccc1aeff27dd963
-
Filesize
12KB
MD5a2583ea0c99215335aeb74ddab743d5d
SHA19ae6788828133b4ff98e26db90f1f4ed874e6f49
SHA256aa0150f3fe5ed2e4e291f7c30a6faa4ca777c17373c911166f15e4672b67358b
SHA5121c5352e290085910600f9f8849eb3674de5d7b36b0af9f21eb07053babe6734a5043dfbf7578917c281fd436f61de1351fcbe0f838a7f35e51e67a1937739a7f
-
Filesize
7KB
MD57f628a708dab79c0ff4f0e75112044a7
SHA14f60a0fbb3bfdb40a8c49104134f3c5f0b62aafe
SHA25603ecb89aef73023417a1756c559feaf4ffa975633233db018bd3693e8dc3d8d7
SHA512106ab3fb69950b4f1b5dc1be0d3a06cf8f2074a8bf2c9e48006749d0a63aaf3158c1da16f7d8141f5bf662403790e4c86b06b150cbf018be9fe90089c871181f
-
Filesize
12KB
MD5479421e4f96f0d9bbc9d6c1665130294
SHA1c030a28455ec4dd3e4b4c7895901e3799f23f5f4
SHA256b1b54127388363dd3c9a4d084fdfcda1ea6ad18a9b2931e66a8458388b9519fd
SHA512357d5f3c075c7447a979d90307ace7a6862c0a74875fb74d6f3ad23134283287831e0ddb139c81c95500dcd63dddc95ef843131e05e285d9be356ce835b853c5
-
Filesize
1KB
MD53cdc9ee2dec03ef51e59b85575a556fa
SHA12acc85fdb357209979c90b17b53cb436df6aeb50
SHA256b2e89a5615bdc5bfcd9e8a54deb28f0747d11d6e6aa96fd1790a31b988cda0f4
SHA5122bd5f25f666265e7edbe25b0996df645b48d29c9f0d7f8410e68744865e91ed38266c7a165afc38ffe86c04356df36166a6e7cbb3c557013222b798c0f813ba5
-
Filesize
3KB
MD5841e4506417e0756e0c73af0d4e9493a
SHA129f563f0701544e59faa94c2c60f3c7323f7efa2
SHA256fbcf9098b85da52c42b1ce7864610cfc3cdee598f93982bcc5de15a8849224e0
SHA512a5a48467d5a895fba9f1b19ee1608ee6d783ce5a450a0a25bec0ada8fde2241349913fce1442a930c93d75f13249e42e881b8ca2847d4eeeb2e2b5a5289d4dcc
-
Filesize
3KB
MD5e2b16fb16d213c57a55e6d6bd66893a3
SHA1a28f3a69f22c7e3f21e9f7e1b364dd2456bcb683
SHA2561548bce53e9309f09c1956045c213647a8bfeeac87c9af319944a27fdc7c7907
SHA512b99b5558666b7412d0cfaf8ea82ca642149f1a32530f084f9264d5fc8e6bfb7e222647ba2e073146fa0a7052dc453427e803eada4c5693b88b0a30d7c89b7413
-
Filesize
3KB
MD5d99a676d2c6d695f92e74dadb82af0ee
SHA13daf7c377cdbd3403a7c643ad8292a31469a28e4
SHA256da8665831e7961b050fa2738cf2cb9ada1d13b22a2e864246a89871814064130
SHA512f9c4ae041cfa136dd7f50d0d3226351b618ae798c33387d2797fdb20772d54eda3ec9c6de25e6e48479021a890721b18ded6e3ac9943ffaac30965632a0b6f85
-
Filesize
1KB
MD5a19b073838bbcc17484687178d0ab777
SHA1a7cdb7976451e885bd5fde204f95cfe979fdedfb
SHA2567ac07b2b5a2e69eed1eeabdd33bec3c89b48f653d8f824eeff168df6c8aeae72
SHA5128f744fa04e963f51d3bab186a051ec45857a6b92df63612d7caba93404e85369855546b03367da53c42138136fbc772152c90a00be19a050f9b7c80a0c950593
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5757370f92ed4f638c469e457d4a69f59
SHA1f6f8e2beacb3112ee82dd9895483ba466ab0c8da
SHA256c58eefab46cb031a385737a003a041b11990e85c8a92b0fb981dde7f0e42a8c7
SHA512baf9cfbfffe2c7c5eb4c72743ea6983ff15983ff22b2032be1a49ed80387542e29ae86ab752a2838b2dfaa50a42fcd2b961c118552eb579cba2e485cd42f91d4
-
Filesize
11KB
MD545281579527e1124281cd5d104abe777
SHA15e9c3677f9b807503640f890e86caf09d6e9b997
SHA256584a2e51d77b01879fbe01b26de0a873fd17ef965c445b0c0ed3deb0e460fc5f
SHA512c6cf791726021ba14042300d8accaa8346a3fcf93b82bf025ac7bb59dccf3667ee9838323caea1292b426500a264cd0df3ac98dd3359b345a5e1d956e8577797
-
Filesize
12KB
MD53c738f12068b3b8160c8ac050d464dbb
SHA13ef401a8bb7620c998d1f0901b127026a6f1f423
SHA256b73807b58038e8fa67d15dcc7d0028e01c186f4b0cf753cac683671123d71b5f
SHA5128d0f4c8e15206d3dffb09629fb58a4f6e9c3a56e18d9a95e560b0ce995e80358a1637596a4332618c24ecd24891f26d570a8084b8f4ab74636b87d3e9230e98e
-
Filesize
742KB
MD5544cd51a596619b78e9b54b70088307d
SHA14769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719
-
Filesize
8.9MB
MD5e0c9ae58ac0deb408e58303d8cecfed3
SHA1be62937c64d1c359f61760beb76f2a5192ea051d
SHA256346c10f042c06b5737c595b22b519726e775157d1c82c30f0939d82303cee3fa
SHA5128b0e31d39e374e7604adf41614e5b65444ba24c6ae975e4ac3c8f723a889591e82c5c1a99f2b6ae91c6ddba0d9abd624b3d9b44df3bf73cb4c3ec7cfd80870af
-
Filesize
106KB
MD50333d6e50c04b77eb9838d4f372c9760
SHA1fd7e2998be379ebeb166ece3550a8aa6a838e921
SHA2569773a4c5caac18155ae916b8f02a0f9e4f2d8042795eab384eba13846a9edc40
SHA512a12539f1b573204cbfc22a48a0145d720f3da65d3522feef875e7e9a28059f95f203b6ed0ecc230accab2c4e10b7947c9954c482d580bcb264ea17e49f6fac71
-
Filesize
2.7MB
MD5b4162691464d7eebb01600047c5a91bd
SHA181feb189ec0a5b61cf61c96ceb69fe6b4b7271a0
SHA256195b0073e5b2fa352de9196731c7b3c8d52cdda9e36748e80d5d01ba2b4c9029
SHA51282414d100cf23af83939e070b41961001c99db8f24f7a8544964efe2c699903054fad4249f2a9c72d8ff5c8facea2b159f29f30485a0eef372f9a5a4e9738051
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e