Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
990s -
max time network
1054s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
11/03/2024, 21:33
General
-
Target
NexusMClauncher.exe
-
Size
78KB
-
MD5
28bc9d7b03c0193c8e39356a3918c283
-
SHA1
aa8a0449e50ab88b7581d030dae27656d3ce750a
-
SHA256
e45f355a20da8f62a76ecfe9c4a8bf771a758da2a94e5f21b3f40fdf4e495577
-
SHA512
17249d646e8b890fd2472b5b71637286fbf3d9d8e989b3b0bd8c4d8aa3358bc55dd8bcb7949a85f6f6a218bca0e079c967115715f1457e867c3ebec20b78a8d4
-
SSDEEP
1536:h2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V++PId:hZv5PDwbjNrmAE+6Id
Malware Config
Extracted
discordrat
-
discord_token
MTA1NTYxMjI2MTEwMTc0ODI3NA.Gga7En.nff0UktfNY9-rOMpPI8K8TtWuYMsw82Ms30hDY
-
server_id
1206669799229489283
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Executes dropped EXE 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NexusMClauncher.exe"C:\Users\Admin\AppData\Local\Temp\NexusMClauncher.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultffc378d7he1aeh436dh9119h9122626a096f1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa7eeb46f8,0x7ffa7eeb4708,0x7ffa7eeb47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16276884740295558511,1643313799472286596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16276884740295558511,1643313799472286596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,16276884740295558511,1643313799472286596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7eeb46f8,0x7ffa7eeb4708,0x7ffa7eeb47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1256 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1600 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,16601679642907930814,11153442475813194407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x464 0x4f01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\NexusMClauncher.exe"C:\Users\Admin\Downloads\NexusMClauncher.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\NexusMClauncher.exe"C:\Users\Admin\Downloads\NexusMClauncher.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\NexusMClauncher.exe"C:\Users\Admin\Downloads\NexusMClauncher.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b206e54d55dcb61072236144d1f90f8
SHA1c2600831112447369e5b557e249f86611b05287d
SHA25687bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2
-
Filesize
152B
MD573c8d54f775a1b870efd00cb75baf547
SHA133024c5b7573c9079a3b2beba9d85e3ba35e6b0e
SHA2561ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94
SHA512191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8
-
Filesize
152B
MD58c758ec1c1c8331b564df2f61390f55a
SHA18e25ca49f0b792eebb15e1dfb0644e9772da8806
SHA256e3ea8c3967e6a1a1ea855733c6c52e8ddb517fed68222133de90c7d75eeb46fa
SHA5126f5e2b3ae039f99b5f1e9284f26534b14ea95dff1fd2eb68d4a79f410ff865da046d9dda95e8705d968aac528209e6639489dcde86c53f8cc186219c2f7008f0
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
Filesize
2KB
MD515c3a6bbac7373005af88f21b50cf5d5
SHA1fa67b30cff8dce508c04d1ece09ca8ba93df591b
SHA2568d278a3e33189b4a329a6267c4eac8a27f24e6a4cae4924d74a0edb66dbb64c4
SHA512699d9bd2950b5c41057f04cb2d04d7bd3a531b4f5fc3cf3df88961cc457d61753f9434ec0ff45ce99f70ad0bc3a6c90e9381469aad69742855970ef508ec7481
-
Filesize
2KB
MD58738757e7eff1dd9947056ca2593a0f3
SHA1d6a18818795c4c1386d75263ac10be5ec10293c4
SHA256d867b520fd9e40f288df0202b4a5e37acb0e78cc10680d1cec8f56ef4a7ff4fa
SHA51291a00e44588ddefe66596726128ebeaeeb799520ecd18db540259977f4e5bd1612c6b691a65b0d0a5e391aef308d7db8b1ae8a04b41c1c741ea811ed38fa1c3d
-
Filesize
2KB
MD5eca69ffc11cac64a337c33274a518a4a
SHA1add8a191e92fb8deddb43c1ffc59233508f91671
SHA256fa610a75dfdc5c428116f0e02b6278075de07bb146c9e7bf669b0acba6c2feef
SHA512f93359797dd618ea989307e361e5f96b35648b0ec6a9b6df15a4d9f4edf1d9fcf6db65dfb270edb911def5dd6b33bd2ceaf781ba8c0472709d7d72aac1b81541
-
Filesize
2KB
MD5be9aa4f8861600d7777a475c5bf33154
SHA1deb72ca4c84a5ed4e751eaf5d9102634783910fe
SHA2562eb2b13407186f8239787991bf7cbc67e26c667896800bbbdaed96bf4e641bf6
SHA512681621efbaa9471301d123c16ce5d2012f56af4e86d1b107d03208bded3186d398e8c67b6e89c3363a8cf671885f9aa170b3a7c322dc48b5c4758fa1530e91ba
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
334B
MD5dbf34764632a2c42eb77242be670ef12
SHA18bb6ccc0710d9cae9c8b93546e2df9b46d87ada2
SHA2569e61e546a24c60d9afb79e65b368429fabcce0cc210ddbf1c88a89f97def86fc
SHA5126aecb1b39e4774196c1d152d9a120d60a321e30e34cf0cad75c48ed3b1673eb629cf9beeb852d49bd94dd08fb9bf406c70e778ba24a08a1ef8a94e48c417fc55
-
Filesize
180B
MD542eea3d789ad8d8f68e53cca4cab511d
SHA163d1b15db47d8e3ce0af33cb9af1359f3c98c8b5
SHA256fac4a5a322ea932e685e7d5fffc1f921a125a190d4b279239b9deecd2a3d042b
SHA512dcfcd6c7b017898abd7af74a9da1acd62dd43d84be15163160d9eba60229ee6d4f750bc5006f348a982871504f2f7b99ac6b5f6296c7cc6a970b05970fe3507e
-
Filesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
Filesize
1KB
MD521f8555852176a0c88bc7ad10b2a0ddd
SHA1909867a73fc5080c6c8388ab93380c080018ff1d
SHA25634cf75b5f4e08be947a74ecd968494478160a7b905c87de4eb26c3227674c45d
SHA512c8bb634c2d5b657f761086e067e7cce2e46a5e652879c0d84824a399b391c6e62239e61482ba8422062b9306ab3840b75da66cbcde9af2a2274ee92f8379c406
-
Filesize
1KB
MD501cea959bb3320f7ffc49e80b7aa2271
SHA1bb2b83faf1d418a3cafacd117097927bdfd84151
SHA256a6ceb242e4807c4f60e61644b19cbd485adc1186501685983a527eedb2452608
SHA512457733907126e75cb10e7d3303230a7309ad053b72cb2a01211338d0e4d173a41275754b54012d83b19302e900a8882ceebab38b28fac7a9c16befff2c1f41d6
-
Filesize
1KB
MD58dda30aeb0fdde20067f339deb0b7eb7
SHA15972f32834f99ce54847674a48c76e321b1d8796
SHA2560f0efba84f7754c3506272736986cb88b16df398d70c0bc42164ecfc3e105f48
SHA5120cb3bd01058721119562465a8d8d67cb3ca7b125fec32dea754779f9c714f6ab5d908f697027426dab17ab296cfa69eccde8ea284332f77f47d92b45c0b16430
-
Filesize
5KB
MD5aba5428cf58aae23ceac345ea50f623b
SHA10f92a183348afa7ea277a57927c634bc9ca0c9c6
SHA256b5275d9e82f462aadcf433e11521de95022ccafd68bc05620c378cb46705eae0
SHA512f6c623152ef8b9864075cbcbcc987f9b8caafef788228d7c8dca635c443fb2f3c9da6017a6c1449c80dd79f3fee934219c117fb31d9eae687e764a0bb0404de3
-
Filesize
6KB
MD58aa1f0bead52baeb3e4a1ff7c94a1416
SHA1143f33921ca099f916de437277a2f9f6fc288910
SHA256d027f8fd031ea3016378c21d7c3f0b98915ce7b2ff43ffb7335a377c8a56895e
SHA512e65a01c91054f7def012ae49814bb80083cf03c74ba5945e58bb8c25d4b9d1fb8f4d424d47742222df8e1d726cf3b90db470feb54e4d302cfc3874aa9f3464df
-
Filesize
6KB
MD51477aae406b985044754b64c30f07c1a
SHA16928ede2653442133cf009cf352b3184ea700b26
SHA2562f6dc5c3f39d6d7754dc3dfe03c78475d936895ea6311621a757437e097c702f
SHA51247ac02b2ac682e5ededc3e28560c18820ed08f0b60f4d9ab429dd65d09bb8e692a43fd435592f621a52129e43247d2f17455973253f2a5a02bb5ed20020621d6
-
Filesize
6KB
MD54d3c5fe80e675561d597fdc3e2277e7c
SHA1e76d2270f25f8e8a419df4519fa10bf0c7d34f09
SHA2563d2e191d191ff4572a4cf866b09d21303da10430af5abc797145afc43e8ca677
SHA512b75b600c2d4f3fdeaa61c025a0125281d56d754011c563849747405035d54413cd66b3990fc5bbedcb3f052ed1b53a14efa88e68dc40bce9f3134225ded98575
-
Filesize
7KB
MD593b688b2ea749394f12890dd72b14a89
SHA19ca2197baf1e3d8cb380bfa6c972a7da2f31ce29
SHA256cce9a67e14958626b1b8ffc1db0c9c1c79941ac1f466e6677e520c647e659b03
SHA512831c883ee6e0f452897d722bf8de99a215ac05936ad0c1dae6f3934de0563d6ba72ba8a758e758b7facc3c1fed8fea9279902a9c00b7b3c0dfdbbc4f714198e7
-
Filesize
7KB
MD57697d004aef538748cb8bf20a843c2cd
SHA1270e0a513eb41bae450a0579cd21abde0ac79e3f
SHA2568453e966d311300407dd3f169427690ad55e99a191421f0cd7f2aca0f7774855
SHA51242f3c999fa90a39a8727489e044cdec52cd58debf1a45374f2e00b30d2cfc30d04aea44e9743f843c76fc2c72b96b54472d5d4c7111407c90548f3753323c47f
-
Filesize
7KB
MD5d213b8ba053211d4d2a5d748677f8738
SHA1e9dcc2373f721d9bb5ad6c84d13d9885b547f8d2
SHA25682cc2af96a3cf92fa1702a4930d9dc8bc975f8d92e0eb9832e1f98b72d1365b5
SHA5120d068886f116b49ce9c3cf651fbfc74cb0bb6f2d43ef29eacd6313af565f2303305be50801c09c8d4df34690a557ccdd679482a5453cd8433ae2555248a06dee
-
Filesize
8KB
MD5a80463bdc8481f65a1a76c48be4c2437
SHA143d0dbf6b70f7c5228949d0de39655ed1d7a76df
SHA256e1b83e95ba8a3b9e5079266b0b73bbd0550a522a7697d99957badbf1d1e0e9aa
SHA5125ab3448f3982201ac9b07e8d823d660f350871d7f4adf9c8dcf51f254740245dec9f46126e575e9ef0febcb5bd6463be2adc7070cf592651345ffcc1b01fa82f
-
Filesize
8KB
MD5d0a917806f4431e35c46517e22fc518d
SHA1beb3c0f836304b3d91857a5082789b577f23cd2a
SHA25660483e87474af38451246e653dee6a67ccd3fbfcc23024c5b142bc86bf43c26a
SHA5125f85ddf123d79748105fe8d0ab1171b5b1473f3da9432664090b6ab4aaa794b9f73d732b9a1781881817dd9a98def9d20b965c0e4eccb39b5e5a150935713867
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
72B
MD581187686882c543f304dd35c6ea8b1ae
SHA1816fa3339de6717cd557f255bc7ec52c6cc1699f
SHA256f66c4478873fa8b617211dacd54baccd2b135016d1c8d9c1579f6548c0439515
SHA5124fc03ba6e8e4abbbee7f8ff664da578db856bf037787abfb24047beda90e69c9b3e6e07950e151cbb008a316dbbea511b2a332aa08385a15dc1af7ae6a305740
-
Filesize
48B
MD5ce30d8a6b8733316e0c5cbed7c930ae8
SHA19cf27511937f15e72ef2ea2d62196d8078af1443
SHA25655c3fae382f1466540ed204d6c8e02c5c72c86d3a507e527d6a87d5496291ac6
SHA5120274c5bb6fa6c31624208e474519cc8fc16d23b3f397e20096d2c7b2e8fc1047103498f81503d24858a5e647e30ab8ac8f841b7692ef3270a73eae789a4fec81
-
Filesize
347B
MD56dfa8892b17d13fcf803179db1216692
SHA1e0d9222bfaa2b9cc96a9fa85951eb17dbfe2de24
SHA256659a3f8ded77a5484538b02d579bd028b3352e988afeea69b8154dec85630234
SHA51207ef36e9781db1f1f49295656f6d9bae88ae3312f0e084bdacb7062276ffa41002050f34f9def67dedbf3840ae2c5ec491aee55d10a8d910c87bf25eb94d5888
-
Filesize
323B
MD5aba83638ed51df337dcab5dda693eb9f
SHA1b2e5efcc3ba82c5d84f6f7b5d947dea70d3ab55f
SHA2562c92059ce041741b222698ccf4d442f089795626c99d54d6ab43535907a20fcb
SHA512d94708ff8b65e8de65796b7a84c02e548c4df740e4ca4a7ceb5c880177d6cd877ce53cfdce1f8af4774274155f203c1ca03591ccb355fb21eaa60d8df56fab18
-
Filesize
705B
MD5b150c108abab56fa895edf039e64cb0c
SHA1ceffba27b598250c291d84d42d416ae680335db2
SHA2560f44ec3a767e9b565e9cae6c6fec7e8ec26ff5e20ce067305eafce39717f9277
SHA5124ae8e33dc311d0c63491f690481959bb1c6934e309b3d1c18dc4e268e7e558af71a0daa4782128a7c14bff9a7cd661a22dd3dc5ba8c7192763d67acbf19790ba
-
Filesize
705B
MD58c3dcd850e1e09942ff01d2f12059d35
SHA1e9b0aa3aba6cbb8f01ff36022c2aa7feb69adad8
SHA25653f217c0c79ce3919e83eac4a50aba2e7ccf10320c1829c7c39537fca5cc0e07
SHA512faf2201454c9a4d7b48ee8cf0682f40ddf5bcdef57b924cb1f0e6c278fea13916daf8cec6aff39486826d4aeba19cec883c8faa38706dec2a2a4a66b50b3619c
-
Filesize
705B
MD5a31a9e3fc410f7c61f4ee0b5ec438bab
SHA12e972a540ca5e29c66e832e9c70ac462e325405a
SHA256e2c0a2faa0618fe237541be520cb411ba89635eb2fa8b5aa5528be66c36513f1
SHA512041ece0dbd43d2d4bf6a9e754dff32fe72c27daa180329c0670c6b8c0ccf2cf4abd59cf39dbebad114f1a22c89c011eec147f7d37558a51ff31ffddeb63c1907
-
Filesize
705B
MD54db21555e72aefaa984d49008a9c7715
SHA16308832c8445472b85696a73677dc3a9a3178915
SHA25638867eef97f13706ad2ba603fe24f33e701b63b5d8efe4dc862f2d65864e8c33
SHA512daf3598c41dd854857241efcaede99fc95769c27387d4cef78fa78efb6260aa87861dfce53ae39ab533055ab2dc27d5b42cdf3c1f67aee2b671e7707afcdd44c
-
Filesize
872B
MD58c98011ce200b027f5de290e9c4b9a1a
SHA1ad2b308d0a10f5a00fc494a9742cbdfddbf060d2
SHA2568107db94b27892ef1efe68a7b726c9f3c822ede476cab766f97f28e7c7a12eef
SHA512c396358d674eefbf87cdd35cd44286c2b804e8f71655cc88a351c87c64d226e5820ca714733feb954d2c461205849f552cde0b4909a61e8de520212945808298
-
Filesize
537B
MD5c66650f41d6d830dc8cb0d07a89cb1dd
SHA14c07e06ceaab58df1034009fe07021e77f716e82
SHA256621779cdc2c8716ef01d670537a1918e6258d3053b98e3f4502a119316a65067
SHA512b1f8ecc798ed2da816c796d4ed19da70f70dd6ba36f9e84c4a512d56f2f4ee5cc9f110922e61cad01177c45d805991bc581491d6348c2b5bf4690acb71df76d8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
8KB
MD5ee51589ed2d7af821f1bd836fdd7c852
SHA1ce0843432781bc2acc41bc5df78f97a82757da01
SHA2561add80153c0ab3f07e1544658cb7c45d12d4d5b03cac8cba60343c1163c7c755
SHA512d6550abc3e141d582b69f90b09998ed798305454b84e6f2e60be9f51902c38dd1750c57b18aebb8385fea5306c80f68f0949a6263bc8a2e19a69a04d831e00e6
-
Filesize
12KB
MD54c893145415bb8eade83a80bfdac526b
SHA175ea985e6e5b88e472757b00fba91037995e60fa
SHA25631f3c30f8c1dce9bd9301f308988bc92e3307b17795ab74075d325028b80987d
SHA512164c3f3dfca6461d6ad686a100b87f0d8a02d4516c44b2670382718f6c863c4fb32ba258a7cde9a33a23e68be170adff8d71d2727688f0b73ce15aa25426f422
-
Filesize
11KB
MD5dda0e62f628f3d3d6fabebfd6297d9db
SHA14b2dc0743f00a0741e2d0c4ece4c3584a9ac83d6
SHA2563d02b4030124d5c28814cb84acc6fa1cb8164805118d899f523a246c68373bec
SHA512bb26355e2f0d4b207df01f07342734b936dd8de2cf6208984b61e250ce8d0a0adab12d51cd37ff5a2a1ca5ed15e7fffefcf5ed05e92130f4d21d0d9f53aff501
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
11KB
MD528691c4248870f41d31412fb4d693baa
SHA154b4390245e4e056ece34f45f8a527fcc8d336a8
SHA2568f4785088a9af9a1951586d50fb11d14ea42202a9e5549076e78bcb163b58956
SHA51292624dc536a0ed4f9b95b24c167c64b1a79a3b2db7541225b8b7876fe8c223e28fc1f581927b796516e44e768743d5fd10293a09d4b200c6bef7ea529c70fa90
-
Filesize
78KB
MD528bc9d7b03c0193c8e39356a3918c283
SHA1aa8a0449e50ab88b7581d030dae27656d3ce750a
SHA256e45f355a20da8f62a76ecfe9c4a8bf771a758da2a94e5f21b3f40fdf4e495577
SHA51217249d646e8b890fd2472b5b71637286fbf3d9d8e989b3b0bd8c4d8aa3358bc55dd8bcb7949a85f6f6a218bca0e079c967115715f1457e867c3ebec20b78a8d4
-
Filesize
1.8MB
-
Filesize
64KB
-
Filesize
5.2MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
96KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB