Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2024, 04:10
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Detect Lumma Stealer payload V4 3 IoCs
resource yara_rule behavioral1/memory/2948-773-0x0000000000570000-0x00000000005F8000-memory.dmp family_lumma_v4 behavioral1/memory/2948-778-0x0000000000570000-0x00000000005F8000-memory.dmp family_lumma_v4 behavioral1/memory/2948-779-0x0000000000400000-0x000000000049D000-memory.dmp family_lumma_v4 -
Executes dropped EXE 1 IoCs
pid Process 2948 Cheat.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4720 msedge.exe 4720 msedge.exe 2024 msedge.exe 2024 msedge.exe 3532 identity_helper.exe 3532 identity_helper.exe 6800 msedge.exe 6800 msedge.exe 6336 7zFM.exe 6336 7zFM.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 6336 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
pid Process 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 6336 7zFM.exe Token: 35 6336 7zFM.exe Token: SeSecurityPrivilege 6336 7zFM.exe Token: SeSecurityPrivilege 6336 7zFM.exe -
Suspicious use of FindShellTrayWindow 57 IoCs
pid Process 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 6336 7zFM.exe 2024 msedge.exe 6336 7zFM.exe 6336 7zFM.exe 6336 7zFM.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2024 wrote to memory of 4700 2024 msedge.exe 85 PID 2024 wrote to memory of 4700 2024 msedge.exe 85 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 1960 2024 msedge.exe 86 PID 2024 wrote to memory of 4720 2024 msedge.exe 87 PID 2024 wrote to memory of 4720 2024 msedge.exe 87 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88 PID 2024 wrote to memory of 1752 2024 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/y0gyidy1hc9zkov/Password_-_rusthack7615.rar/file1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa09f346f8,0x7ffa09f34708,0x7ffa09f347182⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:1752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵PID:4068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:12⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:12⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:12⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:12⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:12⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:12⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:12⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:12⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:12⤵PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7244 /prefetch:82⤵PID:6348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:12⤵PID:6356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:12⤵PID:6892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:7008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:12⤵PID:7056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:12⤵PID:6316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:12⤵PID:6652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2251336980137753428,3236494268841185268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:12⤵PID:6304
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Password - rusthack7615.rar"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6336 -
C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe"C:\Users\Admin\AppData\Local\Temp\7zO0C89A549\Cheat.exe"3⤵
- Executes dropped EXE
PID:2948
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
19KB
MD548f1bb392d4cf86123e80420497fd7f9
SHA1d93e1b87852b3664d4863aba65691772e9b516a2
SHA25667dffef53ad5c00c67b5ec3a9f4e603ff710cfe14588087c2703074eaa223369
SHA512dc986587ed25b08b194e1232313e6499af0576857786ddb39bdf2a066c36ce654aaa5355d920319d2a46d28735318d471db91c32c316ee426601e9c3506b2d08
-
Filesize
62KB
MD574c240d81e71ae376913677111b6fc7e
SHA19002418d668b0b5c3541a86fd6195693384b9fe3
SHA256e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea
SHA51266abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c
-
Filesize
31KB
MD5c30d2da9fb20e32f49471c06ab0b4683
SHA10d1aa96700760ed1564756a24a0eaba66fa27430
SHA25628c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e
SHA512431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5391a04be092e9cb85bb4ddaa12f62798
SHA1110ebb68a6b6abe4e3a6a0186fd0f42cce83bbd8
SHA256346d1e7fb75c1a07cfac26282fb433d3cb9ea548d21b6dde7957f5a787fd780d
SHA5126539383f4ca95be503facfe2b774b8d0647c4cdf1860176b7ae3700d6f8a977586eeb80a4861c49a16f47209b9049c0eaf4ed497b23df75e745213a7f79ed473
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
12KB
MD5972ca55662bcc8ae1d9927478c63f186
SHA12cad6c9e649b272e34a47c197d7a38fb131a3bef
SHA256e9d04cfe80661578ee2e3db52e1f6b27fa6ad82d5f191d40ca83f79f76163112
SHA5123a68aca230624fdd6be28a100eb07cd96ed29f8bc5a495efcbc7d592805083ce297724bbabf6b79f950830bba4622d1f5f5c90426be8a70db130dedbc8ecaec2
-
Filesize
13KB
MD5ed4b24f920ba8c2c2a3a7f796ee18d89
SHA1a520bf9899186e048c702315d685b23c2e7f15c0
SHA256054ad15e8a38d0bc1853d6efd49399359e0ed40725116e45c43b090560a62daf
SHA512d1327277542f652efea1ba2690d078212c42d9fe3be9caf33e4d018c4f0cfc6e9d215f9bf5a08aa8480da60f04e8440f4bf995d9c72edb2426fcfae1678b0b9b
-
Filesize
15KB
MD531d9e0dc5ab6f0bac3458d14f5b9d5e4
SHA183b2e3d6ee0ca369ac16803e8515ce38bdfe13bd
SHA25607ff393ee331d32e37234b8874cb10e587c7acb1d6119f0cc4c8be4c31b77419
SHA5121e5ba64839fd8bf1351dd8ed21193e09ff7078c6ee4d9fb37e11347f8c9168a5db44ad064ca335e3265c6e0a5caa5ffbd6f030c6ee9f10a6502236e0ea65ae44
-
Filesize
6KB
MD5f2211b41e449b5291a62a10ac1715d77
SHA1b83db34f276994d985f068aed6770e7909bdcc05
SHA25668da518149668b1b599cbf60f9e97848a8adf0378bacae5472f56daa08418598
SHA512fe3ddc46644c9532f0f84aeb4dc8e776bfcadc5e4f8c75c21e9b4e4aa69ee9d0673699b2a1684d4b14729f8e9c275675de6d814dd04033763fdab72117111925
-
Filesize
13KB
MD57003947925c15af921307c604e24d787
SHA155ac0401837b0004660f5cf9f193bf5739349ed4
SHA256b9ec20ce4d318c97d46e84ee3449a1fe13585d26a0f475398aa1e4a1077f1fdb
SHA5120df68a20d064994659d16f48067d9f6ad7c87ad805607229c4e8f5cde6b5294d9e1444b2f26a7ad3c8d4b4d40b16199f14f731358f290198f322d67f2e980cdb
-
Filesize
8KB
MD5f59f2d8256e29e7c0fcbb7f8368c84f7
SHA1b45720b9e383078ac929959c1ecb1597209584e3
SHA256bd5ff7801ae4bbe5a1f61020aec13768fc4d8d5b2b1f4777fd929a3d6252115c
SHA51218bc9eb9e5443b512296cb08d0dba42f886ecf552e8be10e3f5bf5beab7695d6bdbed10fa1076cecd0cef9159a54a96caae20c142989c04e252179fcea05e264
-
Filesize
14KB
MD51b49a4304b1e5d404928909f44746201
SHA1e558266eb58d66d42a61ae9f7b22df4814ad964e
SHA256589fce9636d9811b1634f98a595de3000127301de7e792367523d68078f6795a
SHA512bdfc8e54efe58b880bfc0e9df09ada11a78d0957fa5e3ef4dbbec65ceb059bc87e8c571479af33e28b50a1413d8dc1e75fd66c90819e802b9074d3b971eb63b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe57e05d.TMP
Filesize99B
MD5a0bfeab40fe64267fd36c9e965ffab34
SHA1cf18c4b5b536af0ee7131a4831946bf87699b925
SHA256f6d44ae7879a6fb78e206f74c510b025ee6295a3ce4fd6fe98439f06b94ec613
SHA5122a41c92abe8b794c38cb7b805abcac43b4ac07ca9ccef00f504105ed297a327afd9e8e853c77c18be4ab2099010828a1faec6a3b6d163bbea62a6823724c76fe
-
Filesize
5KB
MD5bbdf9f827502315755720f7641f818c6
SHA1e7aab523f391f6a8f2e9f3e09a54e625618adc67
SHA256ecdb0ec145d31e68dd70ba77543b5f222879ae72df954262a1deefc977c79af7
SHA5129485cfc6a52fe85f64da02e79a5b085266917f17714312db72fc8f5ac9e6443dea7e8cff710091a55abc600f19cc183a30e424978a12cc4daaf844b649a3dff1
-
Filesize
5KB
MD5f45a2984cf6aac9c5534087343adf61b
SHA16d3f3accb555d304b3b91283a0dd8c6aab4d7e2e
SHA2562bf5733522dce97ff61bb660372a1290352cff372bf7e623c7d068fe7ad4030a
SHA5121f159e295b165f494eb826e35c7d0efc497debb683b083b0b0affb78369d5d89b78d496ebb1506e1850f4f3a67605d08bc3f0060f2c446252d94605732922792
-
Filesize
5KB
MD5a4b3551bab612104ddace80fb33f4f84
SHA128bfb9a7628b21ddea7f7a3a270930a5bd135410
SHA25620031a6ef6a9bb72b653ee8e2b94bd55363f8bcea527550ad0fe5932921336dd
SHA5120b603d1ac36ad1a512f751b4ca937fcfa487abaa846175dbbde5ca50bd8f8b023f5a180760abbc89d06eaa62a32787598c4b53b1ac7cf33125f296083006034b
-
Filesize
5KB
MD5ed776adf2e5b599bea170ac09cd0dfdb
SHA15cb652bd33e33d3a1751232404a7b8243fe012c9
SHA256314fb9160a887e9e32fb1b39d9125ea3715bc53ac05785b029325992c122c365
SHA51202b62c77f5dcc36466d6bac088751e561cb7594233a67857c5a84b49def86fca4e15f7282d0144991612f3d0b46670bcf7cdbd6530d566088fa05d9ab7cebdac
-
Filesize
3KB
MD54b7ffe2794a6ad2e8ab50e362b789180
SHA1451170d9d9c754366849be16bf3821632e302907
SHA25668ddf5bed36aab4d1ef6fa8b2fecc04940d1e61465e6b58e0863a4d74f76944f
SHA512b8db48f93ff200c924d53183bb18e8880e8856118a0ccd8baca8d9ea89fe3770e7da139cba1026f41975bf7b3083c647ef09f248f376f55a3f4bc630565fe49f
-
Filesize
872B
MD5020d6183673cc6cdd6ecc9a68190f551
SHA13217b25c2365462493f9130ac0cc5b2805ae5fe7
SHA2566a3f30a386a046b67217ee985328e3b2c678be417a81c77fb6775d2cb0cab650
SHA51249f43ff4923cae099c01eedfdb1cbe6c201e93769ac33e0566724d91ec19480e248b2117653d2764686a3a55772a9d84931f286f00887b21e1edc9350935775f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5a39f44ddb1dd0de94225519c141c0629
SHA1ad94c2216b7afd6906f175053fe842ce0f37aa74
SHA25659ad3a1d55e0127411f510dc4fc4fec278a1e22dc0394bb1e4eb30e2b86d22e0
SHA512aa99cd1cefa9ae39a41a448b3b07a654c1bf7896546b9126c8911863f75d7d39104551a3e15dbeaec06aba3bfd1057690d2c9b5c98b68b624bc93be3990cc2ee
-
Filesize
12KB
MD50b48c63d90ab85c561616e842c8e9c04
SHA117f3ec4dbf28b8958d7c6b15bdd3f638399ff344
SHA256e696f4baaa7b95ad71512f582cc7bced63d67e25379541e3fbedb4f5c67b31ac
SHA51212d782c8de2b0fe9cdec149dcf9fffcb533cd29d8861b7d170d5ac7f12becac74ad54008206e7662868f95979e7c13746c96407af1fabe5fea6bed9cf6f8dc73
-
Filesize
11KB
MD555bb2c6f3988f55ec2b85654a9abaa89
SHA140068b126d465b3db22e3df00498980bf2f7ba5f
SHA256f4b4f4dd53efc7efd78213678c1ee97365052f3de6de818fe5bf704e1f49a244
SHA51274fea3ac610d34b79a7b2cc8f04c069e677ef6ca25556b5107880494d883714f53f90bd37a71c7460def01fd2becf4033e3c2a137ea13796d3ec8fea49951ca6
-
Filesize
613KB
MD557f87e9b995f252db533eef34964e6dd
SHA11ca4adcbeb8f0cec08fffa6381f252780d818af4
SHA25642b01349cc6daf4d06658de2995317737ac4ea73c4594473939e5716e4e03165
SHA512e81ae0707d81020387968f64b70e8f3ba35644f593a43744fa842b823457d39e8b291ebae425c493a12565993bf1afafdad65021d903c2b9d56441e8d6364587
-
Filesize
13.6MB
MD53855744fdda67fc8bc5da8b9855099e7
SHA1248d4fc090c65d0231e53d4fae84e0ef895d5554
SHA256c3eb1fbc5e4536fecf46121419c0aadf786c0e4db748f07800a8df0dbe767b56
SHA5124fb996d00c9cde76d2cf2768c3f43867a8eb46919490e4c7ebd2d29a935aafd7c3b3208a8e67150411190ca2f1bfb24c9182b8e49c8dd6f0958b1fc642766f13