Resubmissions
26-05-2024 10:59
240526-m3w1zagf99 10Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 10:59
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://museumtespaceorsp.shop/api
https://buttockdecarderwiso.shop/api
https://averageaattractiionsl.shop/api
https://femininiespywageg.shop/api
https://employhabragaomlsp.shop/api
https://stalfbaclcalorieeis.shop/api
https://civilianurinedtsraov.shop/api
https://roomabolishsnifftwk.shop/api
Signatures
-
Suspicious use of SetThreadContext 8 IoCs
Processes:
Insomnia.exeInsomnia.exeInsomnia.exeInsomnia.exeInsomnia.exeInsomnia.exeInsomnia.exeInsomnia.exedescription pid process target process PID 5952 set thread context of 6028 5952 Insomnia.exe RegAsm.exe PID 364 set thread context of 852 364 Insomnia.exe RegAsm.exe PID 1168 set thread context of 5104 1168 Insomnia.exe RegAsm.exe PID 1148 set thread context of 5364 1148 Insomnia.exe RegAsm.exe PID 5400 set thread context of 5552 5400 Insomnia.exe RegAsm.exe PID 2756 set thread context of 4504 2756 Insomnia.exe RegAsm.exe PID 6048 set thread context of 5184 6048 Insomnia.exe RegAsm.exe PID 4164 set thread context of 2356 4164 Insomnia.exe RegAsm.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 3 IoCs
Processes:
msedge.exetaskmgr.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{987CCC08-CD02-4F0D-A283-2895798B3FD3} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exepid process 4928 msedge.exe 4928 msedge.exe 3780 msedge.exe 3780 msedge.exe 1484 identity_helper.exe 1484 identity_helper.exe 3084 msedge.exe 3084 msedge.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe 2364 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 5444 taskmgr.exe Token: SeSystemProfilePrivilege 5444 taskmgr.exe Token: SeCreateGlobalPrivilege 5444 taskmgr.exe Token: 33 5444 taskmgr.exe Token: SeIncBasePriorityPrivilege 5444 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 3780 msedge.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe 5444 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3780 wrote to memory of 3948 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3948 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 216 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 4928 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 4928 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe PID 3780 wrote to memory of 3920 3780 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://insomniahack.fun/files/win/Insomnia.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e2e46f8,0x7ffd5e2e4708,0x7ffd5e2e47182⤵PID:3948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:3920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:3348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:5100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:4084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:12⤵PID:1536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:1284
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵PID:1492
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5116 /prefetch:82⤵PID:3268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵PID:5340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:5348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵PID:5564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:5572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:3748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:5780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:4988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3996 /prefetch:82⤵PID:6024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4932 /prefetch:82⤵
- Modifies registry class
PID:2572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:12⤵PID:540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵PID:2968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:12⤵PID:4788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11494840880001490415,15618814419626780125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:5948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4904
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4460
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3104
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Insomnia.zip\Insomnia\Insomnia.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Insomnia.zip\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:5952 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:6028
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5444
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:364 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:852
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:1168 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5104
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:1148 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5448
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5364
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:5400 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5552
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:2756 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4504
-
C:\Windows\System32\Spectrum.exe"C:\Windows\System32\Spectrum.exe"1⤵PID:5060
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:6048 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5184
-
C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"C:\Users\Admin\Downloads\Insomnia\Insomnia\Insomnia.exe"1⤵
- Suspicious use of SetThreadContext
PID:4164 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2356
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x5081⤵PID:1016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5f3ab0fb91e81d22fc810cb4028a081e3
SHA1ed8bab434d27eabb34eed3cdf294aea5efe8e484
SHA25662aff7648e6a6ebb733d46d6759c01a4f4b29828d9efea5a522c5d366d98f057
SHA512762acc62727a8cf76cd1c29b64bfa70160ffd790cdfb5e3efb127e8f61d3c4975d2687eb836996299f1e75e15d37c8c7d3840eb96ab2b26596e2cda586ee1ffb
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
40KB
MD53c2ac6ed09323fe172784cdec7f3d671
SHA179eb656ac99f1a2efa7fbf8e8923f84dd2b63355
SHA25667d42a456baa3edbec1eb21c94f294c04a72bac350acfae80f4f2b65afe8bc5f
SHA512ac95a571afa882744a42447e84c1ca5231303ba33700f63e99d58860e9635ddc861745678d5c74b137af3d50daf05ea710abe65b11ffba95e2b2f6aaafb65071
-
Filesize
67KB
MD5d2d55f8057f8b03c94a81f3839b348b9
SHA137c399584539734ff679e3c66309498c8b2dd4d9
SHA2566e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA5127bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.2MB
MD5047dbaf7429bd6fb2e31adc052b78641
SHA1e6a965deb29062afffdd1778d12d49c51bd92910
SHA2569057108a2b9a91d3b01e29aef1222826876f3922c704a3759ffa474b0b876132
SHA512a4d0971c9ca2740336c02ef9e703010585ddbd977197d97f85a6e0f43d67ecb7af71db6e5b83a34c05c1e076124ff63da2cc3634108389fc55cab7026fdaacc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5a794741641adf8a81a4238a5863fbd70
SHA131335b82bde2c18e6119f43e2d7d38b5dc64c91a
SHA256d3d31e35d167bac567e38737ac9ae953c96aab7a0c25c7e1e969bc4933534c5d
SHA512d341d3010c1fed7e6460be18a58e6a08c8a76f3503098a559ebd63cdc57b439c679abd98b3108ecc9bf33cabf26b87dd70e38828cda44f16c2f75e7ef8a3ac20
-
Filesize
556B
MD5ec50d1f2d7626c52a254c651990196fc
SHA12af4d89d92799f1ff48919c13e653de70fad2f6d
SHA256912a38f7d234b453f56d56f1b2c15283a5c2df0f412c874000819a5f20199b33
SHA51269f4cc677b948b8caa94d68056511434bdb5ba47983642f208c04bd483517c8dee3e0a320d8b556b170916733a16ab621a7a239c8fa91c551703697100900a14
-
Filesize
5KB
MD587932defc41100a07a35f52976b78581
SHA1bf40f65429425d955799466abc65af6420f1f8fa
SHA256ab94313b336bc35d97128c4c70d2ce045088c181ef389841cdf97483286e8986
SHA512b7d64865ce71cce4103cc17f0a7118495cf3895b3eed5275841411f936e88771bcd0a9103e04ebaabab85413f86dda6c6f1a196edfdb323a139a94f289440b8e
-
Filesize
6KB
MD5cfefef5673e0e08fe5ec3202a7b726bf
SHA16cea51698b7877a92f9f7a2224a49c10df77fc7e
SHA256a048dbcc7b4a890355f5cd2c783a5d199d1942a1c3e4936a3d0c5c362a76dfb6
SHA5129ec1204b1cfe479c4359b34fe145b57534ccdfbbde888ad80866904833b2771b7f1594f3687c544d1393487e924a3ecf9aed3969f62bc9bb00bb35f4346bc9a1
-
Filesize
6KB
MD57f51781e821f914636daca150d5db99e
SHA1ded6764c00a99ff5f2875fc53e920843d20239d7
SHA256f8b37798c4e8294d74f5b4c251822409ffba66ed2304f25abd9a2e269013eda4
SHA512e62fd859e80ddf846e0f2a1101db0a53bf8eef35b83dc6df11f24cecaf31a449c82fa1fdeaf41b4b46ffe33d5bfcb2a4125eaa01812b20aab73eef50ba0d9a4a
-
Filesize
538B
MD5bd2a21a55360581598ec447b389ebc39
SHA1adac32614a5c8df51d8b54ec6e46a3531a9ffe18
SHA256fb5716f01d957de261dd834ea243b4561442841726de127790ee91657f2cb489
SHA5127704d6c42e327da8c2da24461999224ca9e1ca98b910902c59c55611df4826962df6d8b8ddee24c909d3280aa3333dbd3e3ff9059b25bbd162beffbbbcd8614d
-
Filesize
37B
MD5661760f65468e15dd28c1fd21fb55e6d
SHA1207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA2560a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA5126454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5db75265c397295cc9d42926de17c9e0c
SHA1f34a7354b4fab3379b061b7c2b4703597ec17e2d
SHA25696e4c851217ba714fa4d8c39f883b6f36126ffa453c306901dfd6736a8e81d02
SHA51267f52014efa18ffb8d33ef2c9d8a59349aac2ff6a473e95b3c2180578b919279652b32c439bd5ec5d924bf9a3021f04667c9ec4f4fbc40064e0fceb073b5ac78
-
Filesize
716KB
MD5a67c705eb6ebe78918678e9ad7e5c61f
SHA11078470a5c7d96336587b9837ca9f8791cf31ac7
SHA256fcb17657f70564e9c12bc1c210b95c298dbcb19cd676e71a13ce605e9620a6ff
SHA512c739c3ef4f559411da20d715ce98a09277ac6727218f6e725c2f3d0a6706bdae34bfae67ea61925033dac67a28bef4398a530650b0126f87744978f18b4d680d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e