Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/1xyikgf2xq8vmss/Codex.rar/file

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://uncertaintyrestsju.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Executes dropped EXE 3 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 39 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/1xyikgf2xq8vmss/Codex.rar/file
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde10f46f8,0x7ffde10f4708,0x7ffde10f4718
      2⤵
        PID:2124
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
        2⤵
          PID:3172
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:8
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:5016
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:1212
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:2964
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                2⤵
                  PID:4660
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                  2⤵
                    PID:5068
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5300 /prefetch:8
                    2⤵
                      PID:4656
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                      2⤵
                        PID:3208
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                        2⤵
                          PID:4928
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                          2⤵
                            PID:4548
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                            2⤵
                              PID:2924
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
                              2⤵
                                PID:4080
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
                                2⤵
                                  PID:3484
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                                  2⤵
                                    PID:5276
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                    2⤵
                                      PID:5284
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
                                      2⤵
                                        PID:5292
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
                                        2⤵
                                          PID:5300
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                          2⤵
                                            PID:5308
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
                                            2⤵
                                              PID:5580
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
                                              2⤵
                                                PID:5592
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
                                                2⤵
                                                  PID:5600
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
                                                  2⤵
                                                    PID:5872
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
                                                    2⤵
                                                      PID:5884
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8592 /prefetch:8
                                                      2⤵
                                                        PID:6080
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8592 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:6104
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
                                                        2⤵
                                                          PID:5156
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
                                                          2⤵
                                                            PID:6212
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
                                                            2⤵
                                                              PID:6284
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
                                                              2⤵
                                                                PID:6336
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
                                                                2⤵
                                                                  PID:6428
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                                                                  2⤵
                                                                    PID:6512
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
                                                                    2⤵
                                                                      PID:6604
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
                                                                      2⤵
                                                                        PID:6672
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1
                                                                        2⤵
                                                                          PID:6800
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
                                                                          2⤵
                                                                            PID:4580
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
                                                                            2⤵
                                                                              PID:2228
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
                                                                              2⤵
                                                                                PID:7124
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14072118868409616209,9838742803521601028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:1
                                                                                2⤵
                                                                                  PID:5680
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:4392
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:3252
                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                    1⤵
                                                                                    • Modifies registry class
                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:6820
                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                    1⤵
                                                                                      PID:6948
                                                                                    • C:\Program Files\7-Zip\7zG.exe
                                                                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap16286:68:7zEvent22962
                                                                                      1⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                      PID:4864
                                                                                    • C:\Users\Admin\Desktop\Codex\codex.exe
                                                                                      "C:\Users\Admin\Desktop\Codex\codex.exe"
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of SetThreadContext
                                                                                      PID:6296
                                                                                      • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                        C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                        2⤵
                                                                                          PID:4852
                                                                                      • C:\Users\Admin\Desktop\Codex\codex.exe
                                                                                        "C:\Users\Admin\Desktop\Codex\codex.exe"
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        • Suspicious use of SetThreadContext
                                                                                        PID:5576
                                                                                        • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                          C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                          2⤵
                                                                                            PID:5840
                                                                                        • C:\Users\Admin\Desktop\Codex\codex.exe
                                                                                          "C:\Users\Admin\Desktop\Codex\codex.exe"
                                                                                          1⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:6392

                                                                                        Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          537815e7cc5c694912ac0308147852e4

                                                                                          SHA1

                                                                                          2ccdd9d9dc637db5462fe8119c0df261146c363c

                                                                                          SHA256

                                                                                          b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                                                                          SHA512

                                                                                          63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          8b167567021ccb1a9fdf073fa9112ef0

                                                                                          SHA1

                                                                                          3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                                                                          SHA256

                                                                                          26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                                                                          SHA512

                                                                                          726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          78d83c34cfd3375d8924af3db9ef9230

                                                                                          SHA1

                                                                                          22e912b88815ee745ceb7ab7302d8ee5b378ee8f

                                                                                          SHA256

                                                                                          b672a97893a1253859c6eac28047364796df5cdeb3b539d5fec447ba74512e7f

                                                                                          SHA512

                                                                                          1e6b6684cbd3bfe973c6423e7b1101a1a5451606204aed05927b5ebe99001f38df775fe66b16e6b855a739febfe94f7ffe0922dc3918d8104b7ea23f81ca8a6c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                          Filesize

                                                                                          9KB

                                                                                          MD5

                                                                                          8e893748d2c34259e5da3f9d2b9dfdc0

                                                                                          SHA1

                                                                                          33c32e58a898b831fe9fa0432209d4087d25451b

                                                                                          SHA256

                                                                                          7585b881a78d50df7bb5d032fb2540adee2c08f4878f39446ea5526b671ab23e

                                                                                          SHA512

                                                                                          edda7e604afe26bc9bf5ccb694858475eb3847914826e40a336105d2288483c9e88f32a228b6f25afdbdfa0c320561c10fc9335eb1b84e5b6c19bb219530c4ea

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          020cd7ace8828546eb27d551e157d004

                                                                                          SHA1

                                                                                          fa0e96fc3bf1796db0aa6af61695f3184f802d33

                                                                                          SHA256

                                                                                          11a163e8d5dddf98b22945281b289509e705ec01f1a13dc08c89f60048197153

                                                                                          SHA512

                                                                                          4ffcbf2a8a3fb2ebc05364ac2c911bc3059c9a761d027ee3488696117b550b83b30537a470ad28dc73dd72fc28d07770734e7e8a2b81514afd11d1df0d0d2c1a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          14KB

                                                                                          MD5

                                                                                          4513e0880ce8d0f0244814953ab11fd6

                                                                                          SHA1

                                                                                          f7c8c9fd6363f8113c850b92fcd4a73dc0da5bb3

                                                                                          SHA256

                                                                                          f337eab88cfe5ca5a8c4562fa524aafbc464fcab0d4f8ae3d95e07354e02e2eb

                                                                                          SHA512

                                                                                          58923abc443b8192f12235ec49895f7718c19f2140f85a3b2545b7d26430a275b3d10c08d65182b3a19853eacaae7c8539901a6e598da5a4eb0e85fe2cdfb20d

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          14KB

                                                                                          MD5

                                                                                          afafcc08e0588d79fea327aa661a307f

                                                                                          SHA1

                                                                                          812120dfbd9e59fa070d81e2041d73a6505c58a2

                                                                                          SHA256

                                                                                          ca4e65c1d0270a47e19d70ead2967b95f63fcc9c79841bb815a39e41838e38bc

                                                                                          SHA512

                                                                                          48868ce6f4a20f949d7c28231ab973eaa3e2bb0c793fe745fab2ea893c9798fd8274a39e02cf75a516a0bab2a46b97dd4abf2da44ab9af24160b92921f6e5550

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          8KB

                                                                                          MD5

                                                                                          788a73d2164eddb4f22eb7febc2cfde8

                                                                                          SHA1

                                                                                          6dd747fde7bd4adccd18bdf6839ee6d2eefa5df3

                                                                                          SHA256

                                                                                          cac4a7a7d3fc8473b79caa2b0acc7ffd9c5265d82ec29785efa6b3394c7199cc

                                                                                          SHA512

                                                                                          5763854fb96736946b5f09ab61a68d6c8e1e577f99a0b3ae5b399ce6f52ed851f09c933c9f7634a27ea78e303f15a4ee3ea9f2f51fe59c8b9175b32424b2b4d4

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          8dfe4b452f6d6f4853a2f2bb19e2618f

                                                                                          SHA1

                                                                                          673ab8940c41a9107406aaaf86dc76b454918453

                                                                                          SHA256

                                                                                          cd26910acb8ced9a3fb2e92dddc395b7918ecafe74fadf866e458036e9fb5f55

                                                                                          SHA512

                                                                                          adb178bf27b4c811cb56d13531bbbb21616ef14a34d64b6d2df0cd1d9e97c3eb59d9520968b31de0c835574c06e6ed63089501fdb73b1b8a02410699b3631f8e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          d6e539dfa7faba5abcf2c8fceff1fa74

                                                                                          SHA1

                                                                                          48d44fa5681d7f873232d061368ff2f44680fc60

                                                                                          SHA256

                                                                                          07565d390cc748da31cfeddb7e444897881bc63434c44345fffdcd33de74c2b7

                                                                                          SHA512

                                                                                          0b61dd4c147553b7a11b57a7b47193773291a7da5d92f3114b272e9f616b71956222e1964b3c5e50799c475370044876f97d782ecb8e0db77eb6c2e42ff97497

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579f7c.TMP
                                                                                          Filesize

                                                                                          705B

                                                                                          MD5

                                                                                          9eb73652b96c496ba268a0d9fc5e6b84

                                                                                          SHA1

                                                                                          7966103836848ac7a8ea491ef9ccc3aa41edd0e5

                                                                                          SHA256

                                                                                          0aeaa765192bb09c5dd4580508110813a274ffbd01386401df5fb86fdc8cb80b

                                                                                          SHA512

                                                                                          2c58c5959eaea8bc64282e42305da3dd2c987e71a902cebe9999b61e232f180515953bf09a3d2227bf78278f5eaf7d796772cd1fc10a7154953b6abe7d10bf0a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                          SHA1

                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                          SHA256

                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                          SHA512

                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          de94f4bda9482f9d40d5a4901728b1a1

                                                                                          SHA1

                                                                                          33e0914f5a949d9571288ae92fb76e536d904396

                                                                                          SHA256

                                                                                          c2a8918190a9f32aa5c6952c1d12f775965a73c251293e50ddf595a97123152f

                                                                                          SHA512

                                                                                          be62da6e6609045e429a0884ef5734a1c42ff8c67142b1d83a4089dcf5237747ac6f8c79607cad0b69630493eb8eed0132c922cb899af48fa8b56c01ee51c6b9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          31c7d2c4ba1121ed2e29ac3b2b327ef9

                                                                                          SHA1

                                                                                          45a50adfd0383cc7ecc6890a6300cbfd40a19138

                                                                                          SHA256

                                                                                          ddf5e0780b5fccba721677c8f59bdfe8bef33cedba038136926ca0510ae6c0db

                                                                                          SHA512

                                                                                          736731ced432095e5ec4786e5085992ff941791ab263b136fdae82c20d2068203de395c56d726be0f4e6bf24f56ca365cb88e2083c5ff05a425b389ec468839e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          9245aabe8e35bd222450e755571945d3

                                                                                          SHA1

                                                                                          7b3c4495ccb9f12a81d5183903920dd6cefb01ba

                                                                                          SHA256

                                                                                          7d1c4860d51f91af7c0385672e9c6bc74d7e6b67f14cdf65237e82821eed997c

                                                                                          SHA512

                                                                                          66f26070468447dfc9172f0e8bf85e7db04bcbd5fa97417502ee4bf7e64f38d20fb3cf4e6b466c6a8400b792009100af928f5f654ce56bc217b40fb136de4b66

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          99b96226cceef52e9420f0b3c5ef1c86

                                                                                          SHA1

                                                                                          b3fcd274bb40776181410ed5ea59176336fd1b60

                                                                                          SHA256

                                                                                          efa4afc9d3d820602f35616bc15b82bba46c39bf9a7a36a713f4ed9183925cef

                                                                                          SHA512

                                                                                          93fb141e31f6c8e79440b94201b924351d7c03e04f7b9a74954558e53d290509cbf7ddf03b08d71e3f2f30f8b46af815f40214d41d6d3566011909fb5d2775a9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Desktop\Codex\codex.exe
                                                                                          Filesize

                                                                                          13.2MB

                                                                                          MD5

                                                                                          8a2a2799cfc30673f86ca720ba059723

                                                                                          SHA1

                                                                                          49248c8b0856d6454f90f0dd40f9a6d0e821140b

                                                                                          SHA256

                                                                                          798c0fdaffb1a7d10daa9cb9ca659c4f565d9e0bcc6681c8975174d54be08f46

                                                                                          SHA512

                                                                                          4e5f16422606af7bd49324f67609044549fc0d438b32ce601427a951f3508b65084745d62fbd038a182bac0a6a4d1e31fd4b859b85748d3340aa0545e8709db9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Codex.rar
                                                                                          Filesize

                                                                                          13.9MB

                                                                                          MD5

                                                                                          fc0ee60f3b1ceb5bd73d472caa455718

                                                                                          SHA1

                                                                                          56efc77a3bf49917486df8c762da27041c64a06d

                                                                                          SHA256

                                                                                          01c02aac58b261e026e1567d770a4fc21a00b8deb5f8ecbcee458451de5ef820

                                                                                          SHA512

                                                                                          88ee11bff17192856882eaff6c13e31f3f103487afa633cad329146e7a17eb27ed33468f7dfba0cfeb57d1d95f6930498c8292d3ec24ec75399b56858461723a

                                                                                          Download Submit

                                                                                        • memory/4852-472-0x0000000000E00000-0x0000000000E56000-memory.dmp

                                                                                          Filesize

                                                                                          344KB

                                                                                          Download

                                                                                        • memory/4852-473-0x0000000000E00000-0x0000000000E56000-memory.dmp

                                                                                          Filesize

                                                                                          344KB

                                                                                          Download

                                                                                        • memory/5576-480-0x00007FF71B010000-0x00007FF71BDAC000-memory.dmp

                                                                                          Filesize

                                                                                          13.6MB

                                                                                          Download

                                                                                        • memory/5576-482-0x00007FF71B010000-0x00007FF71BDAC000-memory.dmp

                                                                                          Filesize

                                                                                          13.6MB

                                                                                          Download

                                                                                        • memory/5840-481-0x0000000000600000-0x0000000000656000-memory.dmp

                                                                                          Filesize

                                                                                          344KB

                                                                                          Download

                                                                                        • memory/5840-483-0x0000000000600000-0x0000000000656000-memory.dmp

                                                                                          Filesize

                                                                                          344KB

                                                                                          Download

                                                                                        • memory/6296-469-0x00007FF71B010000-0x00007FF71BDAC000-memory.dmp

                                                                                          Filesize

                                                                                          13.6MB

                                                                                          Download

                                                                                        • memory/6296-474-0x00007FF71B010000-0x00007FF71BDAC000-memory.dmp

                                                                                          Filesize

                                                                                          13.6MB

                                                                                          Download