Analysis
-
max time kernel
135s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13-05-2024 19:36
General
-
Target
Yuqu_v_7.98.html
-
Size
312KB
-
MD5
2ec301ee8351ef1c26b0d20c8dfca571
-
SHA1
7803bc561d9c2a45e5bbd7143322ac8e03af2a9e
-
SHA256
58c5cdcc3d86ea378fbae69fbe43d6f47dd556d2b5343fd558f87f5450fba185
-
SHA512
89800c85098f80c3d3096aa25ad5f6659bd07ea501143696596a7af53528b919f09a1e492c820856c424d74b0d042c13a3afad7ea5e5f7e0d1401c40337864f0
-
SSDEEP
3072:BiSgAkHnjPIQ6KSEX/gHePaW+LN7DxRLlzglKz4i/4:JgAkHnjPIQBSE4+PCN7jBz4i/4
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Yuqu_v_7.98.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffc5d46f8,0x7ffffc5d4708,0x7ffffc5d47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8488 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,18406575173768849324,3904497872863234432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Yuqu v_7.98\README.txt1⤵
-
C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\Downloads\Yuqu v_7.98\Debug\pingsender.exe"C:\Users\Admin\Downloads\Yuqu v_7.98\Debug\pingsender.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD560ad21e008a8447fc1130a9c9c155148
SHA15dfa21d14dc33de3cc93a463688fe1d640b01730
SHA256bb65e24fd8681e7af464e115fba42ff7713e933683cbd654a124c0e564530bb9
SHA51242a2753f717a4984967907fa69200e8a464068a6d4a226803cf9503ffb7fee540ffc611b4c905cc84f3623639a6aa93003b390f9c38e601b59f171a9e90bd9b6
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
21KB
MD5660c3b546f2a131de50b69b91f26c636
SHA170f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA5126be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2
-
Filesize
69KB
MD5e40d88692d4f85e076d36737611db7e0
SHA134856d72b33b7b28dbd2f07031dc133bfda51a6a
SHA25640718fbb7da9fe0c637f524b776bc4670f04931567082d4f3096d10395bf86e3
SHA5128ebc1cb601e2c00d2a6fdfafc6ed9169d0a48b30ca4ac7b23419439c306d39acfd5dce221ecf1307972b0ba567e36042b49316db9c0a440350908208ab508df2
-
Filesize
88KB
MD5b7cd0e7105b3e2cf0aed6c2b3ec864b4
SHA178dc93d4324634f3116934f2873af824ea6400fa
SHA256986d641b3418363060f2491a6b9716a370d9275f55d942393f5dfaf14ba618eb
SHA512e2cd93633fa1d9e7c03fd0c9c670612b92b55890ec6ee04398b7e85f4d6aa56f81e647718f2da6a7ea5d526fca3ff218fb91c708d1c46275dd922af555527888
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
74KB
MD5827fdf605bcf265c6c89519b54b06b5e
SHA18ca7db93e55967fe6e5359f9c4604bac921ccd15
SHA25637b50df4d7f650cfbcf130a03406b635abdaba4743249aa078a09e50880e03c8
SHA512a4ab1e1f6d52907b6517fefaf3dff42057b0e3115faa6d4e75b181298cdf2cd18cf9e17cb9a8d06bb0d263fba6dcd4f84d5c3ccafae02a3b0ec0436f348224b6
-
Filesize
20KB
MD58dc2756f85fccea2e456061d06bdea5e
SHA1cdb7f846722ae88cfcca334697b1c61e7945d8ea
SHA256ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e
SHA512585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69
-
Filesize
64KB
MD5475b50689dfe5ac600b3de04ace088ea
SHA1fbb328c285b985d98e436e1a2025dc2ef814f08d
SHA256bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1
SHA51255bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381
-
Filesize
1KB
MD5b9005fc2b0e5bda642dfd609c98d52f6
SHA136226f2c7a540dca00f06b9235cb5b0d219a9e8f
SHA256aa997be1c083c3a35af4b78f170e84f7696e60f62b7586c754e38d01e7dbafc9
SHA51268df8597473204a08fff9bd8bd909915efcbb1978a9affdfc1de53f5610b9e06d51e64e90ee819047bb8a0eeb83a9f55b451016a836bd71d04392065841a6c61
-
Filesize
44KB
MD576c250bdfc2231630e2452b440e9124c
SHA1ef05ea1aefd5e39c6b0eb39768c12452ecedb20e
SHA2560e0bc96eb9313b357c5d226e2373265b9f81bf625572344b8d09dcf55db96ea9
SHA5123b01d0bc32caa960a66475e69b5b69272797180275bc79094956bdeea33013d56afb471d1e7ddaaca4215e8bb2404188fcc169f8248dd57d14b23be76e45275e
-
Filesize
12KB
MD59ecc5e7e3bfcd2ef298d284cb3d4abd6
SHA1ac81b3b2764c05c6f55c68fbe15b59bc6963deaa
SHA256839c3258e9c43c30d4bfd02d8ea9723f0a2671894a366ee7b2a823479f99bc3f
SHA512af1a8a395f629979cfb44e8932343e52116e7bbc1134bff6ecfee8055dd81d5c5725033c296cea5633e244fcd012f0dd5672cd74523e185fa0b53d963904c421
-
Filesize
5KB
MD5afb385ac0f085f5af4f8be6cc7b7740c
SHA170e7c01f7a393aea099e7ff35cdea15efa5793ca
SHA256a4e0eba9fc53e67b9304d92a58c514031032ab565de6c3cc6040b309ff31a40e
SHA512084308b90d00c8084dd56e4125d2e9f94639a3213a44d1b5086047a427a3b6d4da0491bbf022058866c2113a814830d834dfe5dce9dda3dc6cf2165caf11586c
-
Filesize
10KB
MD5b90f590890e055671e3650e7a376db5a
SHA1e4fb6c8cc888c9e52183326b8308e6deab5e546e
SHA2562cc326b7576516bef1bc9a2908c87711802c9e0c0b1bf16eb035e5b20ae64b9d
SHA512c4c6488b45afd0af59ec8379c9c8642f06d8c05124d2a09829f7bdfc691083607f20270efdd9e97beea4b59e790c5ee8826ae8b4b85e4c079ea39a46ec6f90e3
-
Filesize
6KB
MD55e452659ef6f694099c8d34d5ae66dbf
SHA1065596f41d2a37eb38144de63cd882900917ab76
SHA256244222444a20258637a07139dead0897f8c7d0a3ce267d256a20d3a7ede0db92
SHA512652f89e993a3ecd924757aa27fc68f2b5e3b144dacd7a8baa86a564fe8ee5c63b28202c14ce3aa1f2e73b444991d28e0cbcc3aa669003c10d2f9da552ae138d4
-
Filesize
14KB
MD56a6474ca61723b8f4a3c43093244e0b6
SHA116b6ffe505d24a1fc73bc38e96ab43605189d68b
SHA2563ae76dbf3298c141c5beaaba40d295498cb772abf7f60f675a325d32740f5c9c
SHA512ef80268bfbd79fa7ca3f9f08a4f46186acbc525c6db735896a597f05b1722efbb2b5f6c695496a9a7313b5654dd2b763915f8ac25f67ffeb67ada298996a5d3b
-
Filesize
14KB
MD51e605a00164e9bf655ebe268a65ed56b
SHA1afeef01caddf3e7e4eba17279a58d5464212fe3a
SHA2568875255d26e9f0d7bdc0afaffba6ac677d64d67538f6093fe8164fa808e41d55
SHA5123e884824f6f881502cb44be6a1ce76545634d1287e275fce270f360fcf7b32ff040709d86155ea6253e70ebe6e4153350a1e3d13ca21f832aa13d85f34a1edfa
-
Filesize
2KB
MD5308eb7d1c2446e926946bc56b1fcd8da
SHA126563b665b05edd14d659d096c2677219471e408
SHA25640ec26c541123d9bfb335f5c5d0486f23b811c31db04eff506f29937fe39861a
SHA512bfe7a86af3be0caaa2a9c7c679224cf2f38eeb518c43791fe24faad5a70da9cabbaf1baadf55c2964d107e8d2d51a4818360939c927510f23c267a6e0fdec932
-
Filesize
3KB
MD571f723a300e4f46112baf3603d5d2b84
SHA1c11f641d5a3020b458ac9a5f17147c76dd2278ff
SHA2563ca13a7e698cad398574dfe9f76430cc95e3d3f331675e0693f7e101aa4b660c
SHA5121d1d6ea8d4e8db51b7e26e5e101a6153511b868b1f7bbe5644a6df0151eff251549597661f3b8a26c109e77a732552bbbf8df7a3c6eac5a471d36e4af33aede2
-
Filesize
3KB
MD5261e1a7e634777ab50e9cbc894ffbd55
SHA129018656c26d0135ed652c0abcd9532653eab53e
SHA2569229b6e485301b53d46d17e21dc1166311f8819acbc6a67a8abe159f0077686d
SHA512729476e470142e5d143b31304934b81bce2fc21c6adb7fd56e0ab8fcc7977427da18c122a86f0b2a906a7b2be6654d23a0049bd52048de41981719731d43de7d
-
Filesize
538B
MD53b9d011ca892ab74e9dcae7b3f39c7ac
SHA1359f3c693a9d143dcdeb0e93d4af1af386f2a95e
SHA2564e532812fae42d48b66cfb371e519fba117843b61b1dab89c461003f8f3fa6ec
SHA5128346de0fb4aca3417a153d190957508c5a628cda49b87aff09b6b6632df6f431f647c43ec551784e983f30c58238c53c5b1090129df0d4bd7d80f7b3ad690997
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
12KB
MD5c9815c6d5fc44f63a1ca242a3de9e797
SHA12b8ebc6a8345a6a5e27d77254cad870484d4082c
SHA25648258d317a8763c61722945a920b8fd6cfd7e0b93299326c97d7d93f67d4f9d7
SHA51208b31efa5b7c1a2ef7ab401cc1d0ffdcdc40624935d4fe4d271ee7852b02c832639ff0d8dbbb86fa3ca29e195504066b76eb5045b95f25a41ba6a9f7cf29eca6
-
Filesize
11KB
MD5d4c95af9009d015ea952636dd4ca1de9
SHA1e38541deb5ff3a50d24b7703760af971ccdeb963
SHA25657d30f8f4aa9fc450a50837a02610d0b008901076ae0a7cadb7369bf7c9ad9dc
SHA5120177777ffe70ae8fd0c293d363c7a351b9c0c53d573d512fc6ae15d04d887c8da6018ab871d6ac9e6e07a6df22105c48c2f2e37de8788b335ae4bd259301ba02
-
Filesize
11KB
MD5f8a7dea97f7688d90f119aacdd9bf815
SHA1bc370310ec3372fd19f2fc4f7ea9d260a42c2b07
SHA25626ffb07851eb22c658879952901826d21150f14b0d1e000b36fdc8e94554948c
SHA512697245bbb4826dd6bcbddf50428aef570f03171279c4d325088d783ddd3a5469a6acd9e9a0ca34bac2d7f041fc5a9a3ebc4b985e5f52862667d1956be4d6fd3c
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
120KB
-
Filesize
1.8MB
-
Filesize
5.2MB
-
Filesize
472KB
-
Filesize
408KB
-
Filesize
304KB
-
Filesize
240KB
-
Filesize
72KB
-
Filesize
1.0MB
-
Filesize
6.1MB
-
Filesize
40KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
296KB
-
Filesize
4KB
-
Filesize
4KB