Analysis
-
max time kernel
146s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2024 01:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazE2MFItTm9mbVBnejBYT1paekg1aXpYaVhOQXxBQ3Jtc0tuZzdFcDVNRE1qSldYUWFUbGhaOXF1SWZ1ME0wWkVhM0ZONlpRWHlwb252b0dRV2RnQTZIVmlUNVk1a2Z3Qm1xSDNTaHhhd2RLbTJHSHl0WnZzbHdwcm5lb2NNSzlLcjBSUllmcXpwRjJRRXRyd3FaZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=dfSZEMp8hFQ
Resource
win10v2004-20240221-en
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazE2MFItTm9mbVBnejBYT1paekg1aXpYaVhOQXxBQ3Jtc0tuZzdFcDVNRE1qSldYUWFUbGhaOXF1SWZ1ME0wWkVhM0ZONlpRWHlwb252b0dRV2RnQTZIVmlUNVk1a2Z3Qm1xSDNTaHhhd2RLbTJHSHl0WnZzbHdwcm5lb2NNSzlLcjBSUllmcXpwRjJRRXRyd3FaZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=dfSZEMp8hFQ
Malware Config
Extracted
lumma
https://woodfeetumhblefepoj.shop/api
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Installer.exeInstaller.exepid Process 4472 Installer.exe 2836 Installer.exe -
Loads dropped DLL 1 IoCs
Processes:
Installer.exepid Process 4472 Installer.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Installer.exedescription pid Process procid_target PID 4472 set thread context of 1952 4472 Installer.exe 113 -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 3040 msedge.exe 3040 msedge.exe 3628 msedge.exe 3628 msedge.exe 1516 identity_helper.exe 1516 identity_helper.exe 4632 msedge.exe 4632 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid Process 4304 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid Process 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
Processes:
7zFM.exe7zFM.exe7zFM.exe7zG.exedescription pid Process Token: SeRestorePrivilege 1572 7zFM.exe Token: 35 1572 7zFM.exe Token: SeRestorePrivilege 4868 7zFM.exe Token: 35 4868 7zFM.exe Token: SeRestorePrivilege 4304 7zFM.exe Token: 35 4304 7zFM.exe Token: SeSecurityPrivilege 4304 7zFM.exe Token: SeRestorePrivilege 4644 7zG.exe Token: 35 4644 7zG.exe Token: SeSecurityPrivilege 4644 7zG.exe Token: SeSecurityPrivilege 4644 7zG.exe -
Suspicious use of FindShellTrayWindow 62 IoCs
Processes:
msedge.exe7zFM.exe7zFM.exe7zFM.exe7zG.exepid Process 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 1572 7zFM.exe 4868 7zFM.exe 4304 7zFM.exe 4304 7zFM.exe 3628 msedge.exe 4644 7zG.exe -
Suspicious use of SendNotifyMessage 26 IoCs
Processes:
msedge.exepid Process 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 3628 wrote to memory of 544 3628 msedge.exe 57 PID 3628 wrote to memory of 544 3628 msedge.exe 57 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 2204 3628 msedge.exe 87 PID 3628 wrote to memory of 3040 3628 msedge.exe 84 PID 3628 wrote to memory of 3040 3628 msedge.exe 84 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83 PID 3628 wrote to memory of 3984 3628 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazE2MFItTm9mbVBnejBYT1paekg1aXpYaVhOQXxBQ3Jtc0tuZzdFcDVNRE1qSldYUWFUbGhaOXF1SWZ1ME0wWkVhM0ZONlpRWHlwb252b0dRV2RnQTZIVmlUNVk1a2Z3Qm1xSDNTaHhhd2RLbTJHSHl0WnZzbHdwcm5lb2NNSzlLcjBSUllmcXpwRjJRRXRyd3FaZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=dfSZEMp8hFQ1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9314a46f8,0x7ff9314a4708,0x7ff9314a47182⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:1288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:82⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1572
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4868
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4304 -
C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe"C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:4472 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe4⤵PID:1952
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2856
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2448
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4824
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7909:78:7zEvent272781⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4644
-
C:\Users\Admin\Downloads\Launcher\Installer.exe"C:\Users\Admin\Downloads\Launcher\Installer.exe"1⤵
- Executes dropped EXE
PID:2836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
522B
MD58334a471a4b492ece225b471b8ad2fc8
SHA11cb24640f32d23e8f7800bd0511b7b9c3011d992
SHA2565612afe347d8549cc95a0c710602bcc7d7b224361b613c0a6ba362092300c169
SHA51256ae2e83355c331b00d782797f5664c2f373eac240e811aab978732503ae05eb20b08730d2427ed90efa5a706d71b42b57153596a45a6b5592e3dd9128b81c36
-
Filesize
152B
MD5a65ab4f620efd5ba6c5e3cba8713e711
SHA1f79ff4397a980106300bb447ab9cd764af47db08
SHA2563964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76
SHA51290330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9
-
Filesize
152B
MD5854f73d7b3f85bf181d2f2002afd17db
SHA153e5e04c78d1b81b5e6c400ce226e6be25e0dea8
SHA25654c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4
SHA512de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize600B
MD5b2a77bfefc7836dc34c2bd8555228865
SHA167cf6a77599ab491a8d27ee28c8a167c227dc8cb
SHA256215d9f7f7362cdae794b0eb6e1dda7010479a234b96e0bfd567082b769adb88e
SHA51284c56bcb92c6f4dd642cfb2b4e06d8904f49197936a71740be870534ca6f65b4ef870e62adbe25d525a449bc90017ce199a5cc0df053615ea8e7bc94c0e981e1
-
Filesize
3KB
MD576cfb9ab706411fb4a5b8c51adb7c265
SHA1cf7ce00b1b0daf03c37332868081a9cf610a3a62
SHA256667389bb08d4ce6ef0a7b0302acc4d912bc215f4c3e8b3fcbb33801ca6f938e1
SHA512a51c8128cfa2da511ef122b00f1de279bf1f17a7e01685161ac78002e7dec06ab1b7f195f756c1f8918c536014593f470536578ea5980dec1cf452b1de340599
-
Filesize
3KB
MD5d0d8d63d9307cd4320111e6293c69d22
SHA1adabaa95454b4cbd9005618a21d4134157db2a7a
SHA256fe5605385f91d28b20ab5d2bce89d423dc594d4366814d51f5ba168118a14409
SHA5124d66e6e9f0c9dcc1b4d6813f9b26eba044510b9dcecbc4aeafca496cda770597c71e93fff11c60cd7ddad23ac112053f98c75c4a0c0fc06fbed3fc6bcccb3570
-
Filesize
6KB
MD5f26fa74571e7be47b9268a5280b77724
SHA13d8e7b3cc12992ff4a36f09c03fc95a849012adb
SHA256056e523c0aa3ef986941bee9f9651b6ae576bde25ffe74a7cccebc1a13d3cd52
SHA51245c538a635867191c4218641b7012ccfa0a6d025c3746ec2e5fb0ea5b77e4aed17f02d1d7e8a01c9484a92f515a60387117347c08af90ee12be9858df467c6d0
-
Filesize
8KB
MD55bcda075b950085516df129b31279e83
SHA10ded4024c98a418f3ce3f892fb2d4601f87224d0
SHA256d66b892d166cbd64e224a9ee2275e7daca5e84704b46b2c8e5e09249f72d1f2c
SHA512e2ad43a733d95af336d178bfc5d36dc8ffe6cb93800976a1ddea8c6e34f6bae260c4f79bf4ba7d9f3ea22610d4fc1e1f4e3b09e64e561a576f0548ae96ab97f9
-
Filesize
8KB
MD5ece0566d21bc5c02a7d00e90a015d008
SHA15391354c905593f926141bc24174e2367cd86966
SHA25676468fccdfb4faf716df974a1b8a4b13dbaa605bea2ca042983f3a88d216e159
SHA512b15c33d3f9930cfd9d59ae83fd720eaac3d1ec6d225878e488c204ab0fd08a4a3e9712bb9593dce56d91daf194011ee80a8b674f2304212626a8e5c7602e6d3c
-
Filesize
8KB
MD5da44f888bffc3e7fa69b8e9982ddf137
SHA1d765d897c72defbd38a60623359ea1d4f907cd80
SHA2564e8335b70dc13bbac68a767d57d6b786052bed403ac980917e612088251bae72
SHA51293328e165d967e7ce98d55594ff1af7d50c39f8a729b551aa8b71679541695c126deb0d2a22e18edc49c9834dd7877fc32be8cb224cb8cf63c1ca3cedc188bbf
-
Filesize
1KB
MD583292bc324d17836103720c9b4469d5d
SHA108f5d117d48f7560b6fd039c1211c7179ac03623
SHA2568180822595f6c37f56b1d2c55c9db249658d91b532455aed235e2f7eb3b2959d
SHA512dd490914fd66969a5bc70593b419e78fa184283d66ccd069d2e416b4336dae62a0f99e9189bb9852be37d621d15abc1b7e3e9c3d33adc149d4026e6cb64ac019
-
Filesize
1KB
MD5ce76de05fccf4023d2cdcfddfcb56cf4
SHA148a5ebb2ff65aca71727900ebc5c7b00eebb6ffa
SHA25609e66fa893e42d092771a6f9e927598a7f13f4a32ae9c192ccd0b4de1422154a
SHA512d2d86e58743f6fe02c9e102c6560511bb47862299766402fd1a173f73d29512d707905afcef960a5972ff24e03807bfe513befa6aafa66c4acbc07b4e078daf2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5cbf15ca243e5c97fd0276cbf2f84079c
SHA11603560f8f6f3974055d0189f832b274248b5d69
SHA256758733544289e87cf79b5792a749a0c7e06ef15b3470fabecce1fa2af179822e
SHA512a506276d15e828a595d31e58ab2e443f3059c1fb568d9bca6d686d4d51d48df952fef7fafbb45d167318f8e19a76e6589d0f2a10dad844d9e3f2336f8f104f81
-
Filesize
11KB
MD58ef04da36c9bdf3bcead5ea8709c3ce6
SHA1bd24ca92fd8ae1dd795d8f1476ed92acdd4e211a
SHA25657512887ef1532f95d638ab76bba643da88d0b783b40c44bfcb719206525c064
SHA512d4582026169d76e9d4e0823d0903ddca0400e6ed8a3e6a8a367a94fee5fc0cda0d4d5914fb12dd5ff084400d306a7d5b98fc207f65114e7eeb047dc78d92bee8
-
Filesize
11KB
MD5e1994cbe039b728d2a6d2e35025f40e4
SHA1a8f01ad4f77b8201eb2f6197e9c142153ee58e8d
SHA2565a808fecb9991e5a6d55b60fec6a67dfd05aab75855fa9574e8340b9f5f67f89
SHA51272e8bba02f263e9097165744fcd2f588d4407a6782ac600e78750f51dc3e78ec741f994541f3d2d27891666a765cbe0f3021351710bb2afe5c20a8e452496967
-
Filesize
7.5MB
MD5326bb55042949472ab9a787a48d4ad64
SHA1e38d33295bfd38dfaa7b2ca77ce893eae50905b4
SHA2562666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e
SHA5126d11f8ee8470c70cb6cea582bf25252af530bb4925f8025bd66c0749156a90521a09ac4154d25a1cc6622ffaf7153192c3e30248d464de7bcceda418febb1340
-
Filesize
742KB
MD5544cd51a596619b78e9b54b70088307d
SHA14769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719
-
Filesize
21.2MB
MD523883bb679436861f349f6a820b2dee3
SHA19f19c5c898d88d1a063255bd83561c3a1bf948b7
SHA2569c8d275628c64875023571f42df74c61fea0c1b96982b852a08f2dbc9406856c
SHA512596ec1131af418ab2d31650121cad2e8052c1de55f62e9d1a84b0e17dc4ef49fa0d6d9e8a31bdc4554c1351200bc65877e958ad5378e00e665893a884c90eabb
-
Filesize
12.4MB
MD56a2906acd5ef404d2bd71b6074cd2b3a
SHA14a9eab1816fcd3d8c0cabd7990ad9180cab88618
SHA256cf7d0766437ff3cb6760c6ca59063e3c7a8395d9e82ff6065da286ca710e1b54
SHA51230b2be7c3243364b775ad45cf006490adecab44721fb138f3116684cb1caca0f614b4c4c5a9261571b6910a3a0a335277e68c695979446d960979b4d948dfb73
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e