Analysis
-
max time kernel
114s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 16:45
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
loader.exepid process 5420 loader.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
loader.exedescription pid process target process PID 5420 set thread context of 3148 5420 loader.exe RegAsm.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings msedge.exe -
Opens file in notepad (likely ransom note) 3 IoCs
Processes:
NOTEPAD.EXENOTEPAD.EXENOTEPAD.EXEpid process 6092 NOTEPAD.EXE 5920 NOTEPAD.EXE 5268 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3380 msedge.exe 3380 msedge.exe 3460 msedge.exe 3460 msedge.exe 5328 identity_helper.exe 5328 identity_helper.exe 5368 msedge.exe 5368 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 5804 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
Processes:
msedge.exepid process 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 5804 7zFM.exe Token: 35 5804 7zFM.exe Token: SeSecurityPrivilege 5804 7zFM.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
Processes:
msedge.exe7zFM.exepid process 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 5804 7zFM.exe 5804 7zFM.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe 3460 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3460 wrote to memory of 2840 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2840 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 1684 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 3380 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 3380 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe PID 3460 wrote to memory of 2404 3460 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdf1746f8,0x7fffdf174708,0x7fffdf1747181⤵PID:2840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/5pucqbtukexooys/gamesensecracked.7z/file1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:1684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:2404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:3960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:3812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:1544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:3400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:12⤵PID:3892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:4988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵PID:2704
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:82⤵PID:5308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5368 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6772 /prefetch:82⤵PID:5352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:5344
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:12⤵PID:5580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:12⤵PID:5572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:12⤵PID:5564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:12⤵PID:5556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵PID:5548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:5956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵PID:4272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:3812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:5168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7203988599470093199,9673928999274541450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:12⤵PID:5136
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3644
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4168
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\gamesensecracked.7z"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5804
-
C:\Users\Admin\Desktop\loader.exe"C:\Users\Admin\Desktop\loader.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5420 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:3148
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\readme.txt1⤵
- Opens file in notepad (likely ransom note)
PID:6092
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\cfgforpaste.txt1⤵
- Opens file in notepad (likely ransom note)
PID:5920
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\cfgforpaste.txt1⤵
- Opens file in notepad (likely ransom note)
PID:5268
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51af9fbc1d4655baf2df9e8948103d616
SHA1c58d5c208d0d5aab5b6979b64102b0086799b0bf
SHA256e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135
SHA512714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3
-
Filesize
152B
MD5aa6f46176fbc19ccf3e361dc1135ece0
SHA1cb1f8c693b88331e9513b77efe47be9e43c43b12
SHA2562f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819
SHA5125d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52fb5d2e41f1be8820196bf145468db83
SHA19bba8cbd4b572fe5d9d341f96f1f6eb53ac21459
SHA256f8f838095b0247c75f0323aff8d6d4636ca99ff960f57875fde4bfb1525588b0
SHA5125d0630313258180cb666ee4945f98b48317cf7d9083bd9a279619af0cf79dabbab443c9cea7bf0a815b908daa774fb6a8c87b0c1e7973d3598ed45286dd35d5d
-
Filesize
9KB
MD50fa168ebbdc8f22a0ab0405fc5cde74d
SHA1331c57bca791c3162566f68b460bb02a844de5ff
SHA25681feec0baddbf2d3fac0e9842c76e3736f1def46882aeb8f1767bf633313f8e6
SHA512d7936c04e221bb6990c708f86730b1e8b06272de196b180d75d1f84c7c7fcd8020e4aa5ae507d6875145a1badca6dc7e3276c4e620b41c33de5ea96e437cc0f2
-
Filesize
6KB
MD587dbe0aa7dbc8a3d6d6981ec9000e70f
SHA121b7d3e406270651a7b7199871d29e10aa33cf1c
SHA25639f8895f992d69c39f8292bd0f9c28779eb74f801798bb24e88281d15ac1c565
SHA5120c70d39fc44fd5aabe43e26cde6be1cc7ee5861f5ed2a8f7dd69918f8f1acf6718973df1c9276a32a221831d735651499bdc51c8442f9194f794afc05b5582a0
-
Filesize
12KB
MD5c4c88c5568c7fa7be288ebc6ca0193d4
SHA1e6e5a1448bb7710a6e80c68ece907250b42aa531
SHA2562d7dafd14d938ba7889a10b6d0a1ac7c017e95ad1f419fdd2a7c247f96adee4f
SHA512872a1b09c480e419a1ce0a6fc3f237ed0deaa8bffef508e5b4274891b4da65ccef3e3f4929e426d7f331fac4ef8fe311ffabdedb84313b135708b52c5b53bf58
-
Filesize
11KB
MD5e9776ed937fa32cdaa68df30fd334a25
SHA13b78a43e1e44a9f5580040d9fb3fcd8f8f3eee7b
SHA2563e5988352d2f8a23331d6061a5aae374db305951d1b7b4a27483f32cb45396e7
SHA512e68325a1c0f9a2b593ac458c57678b9f9e3d87e8d4906610077f28688bb50bf78bdb46eb104e5f437bddc36099bb2ea799d62725ef65434db11c6421d8eb288b
-
Filesize
2KB
MD55ec0ab8713dab6ef312398213a43888d
SHA14b177c91db57f6966aad0cdd24c8d1528c6a8103
SHA256f7b596db6ef0b9d3dcb1fbc500a2165d89c32c2566ad91fcf87096629bd059a2
SHA5124f1b6dad4803e970ed1c1fe7051e1bcb08167ff7063cc84e0a854c665880520eba08da20dc023ee07f762a7690b97488449366a80381c7a0a7dc01014afe4db2
-
Filesize
2KB
MD54fc3c824fb4556614832a06e6771fee4
SHA182c6192924dc7e1988c9052fb57c3222894786c0
SHA256f5cb96e2a71711662fc29b3e24174358cea119f32d7bf7338845880f0a24d039
SHA51230ac2dfd9d02270e1918abd63adbd3f94fbfff791826f57092517b1cbd272273aec0263933c3bc636e38c356f351820aba6a86121102db14696ef4211a5b46a7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b640182eb7f806d8fa5a08a8f93ca3fa
SHA1a5a91547ace6ce9523d33c70bb3576978c6a0d1e
SHA256529c4d331633889a2105909399df4a683f18b69a0f2f3ab72efb32aa33e2b948
SHA512c8bd388a586cb0cb4fc08c127a496ee7b7a77b858bf55fbc895ebd38df6aba8d590c6cd414883a09235a98c43a403efbf78d1d94d596911d0a5155ee6d11215f
-
Filesize
11KB
MD50a8a6aeafcb21920ddf9b047b69298e9
SHA1585d1fff5c525dc27c638c5c51f80704b482c493
SHA256f9a4314712e03161a364a7d9194cf97f0e2dafb64a6e020e375058b983dcbe38
SHA512332ee04a66fc4702ee9865a4de9621821c89b17a9c5c54f95cc93dffc3d8ef75860e957e5bd71274a9894ed02b138d846c32aa125827e7c1d2c1b1a8c2e75f01
-
Filesize
14KB
MD58de612cd4039d8545b5ecf8cd376f558
SHA1a219beb297b0414e43d7b9e7e47808ff48e1a852
SHA256b94797ebc7b99e6be4be1bab0dd45d709f7fdc7de5f635090f09d40c267f29cd
SHA51296dacabb26dfc92ad9e306b4df058960d2fa3590e77c10b3960fd136a13862064c89ee19f5f2544a65bd3b7e15d3e2591a0086af1450348614fbbd79051391ab
-
Filesize
317KB
MD5e16b1c8f933e7ed1910f3d7b24965ad8
SHA1ffe0fb314091dd670dd8e63e7a2fe2e0596c0da7
SHA256a2dbe98775a67aefb660b86f7f0895a792577f945bd840187c54600597d7cad0
SHA512eeb2db6d4bd22a7f59473afac9f12dafbfd36435993a39953d0d228f65e7355fbdb51f1ece3280c0fa9a419ee6eb95bc46bcf3acb905a6cf8640a50fe709628d
-
Filesize
366B
MD5ff65af3c35b7159b468ca8442494e64b
SHA17d3c7017447128d9c9d6f1afdcf0f34831b5a7bb
SHA2568740c54630fc1e660c5b93031e20fed607bfcea662e6610d4eeff7ee6a9e8781
SHA512dd8ad5f16f699ec4368a8b5007dfd405efbafca94c23b78626ac64773c14d757242451d16625b06ecee388fb11a8c134e69f93c3d223b97b1b9a45e1bc745469
-
Filesize
742KB
MD5db8619289412c31f7aa86ec45c57e9df
SHA1468b37bc11b6a1e6bde9f7bd1c2911d9a05a9931
SHA25649af97149c950b07077a72d982fc314434a963def8bd1dbcdca664dc532d2eb0
SHA51224a4fa9190b88582544d368ff4a4145aff4ad56c3583684585fadbd76200c771db4553799f4529f4065193fa6c77f697c915c783b6acdb6172c62dd87214dc90
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e