Analysis
-
max time kernel
84s -
max time network
85s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30/05/2024, 21:02
General
-
Target
https://www.mediafire.com/folder/ygvzvvks1va0b/F0LDER
Score
10/10
Malware Config
Extracted
Family
lumma
C2
https://phobicgiddyfivverr.shop/api
https://horsedwollfedrwos.shop/api
https://patternapplauderw.shop/api
https://understanndtytonyguw.shop/api
https://considerrycurrentyws.shop/api
https://messtimetabledkolvk.shop/api
https://detailbaconroollyws.shop/api
https://deprivedrinkyfaiir.shop/api
https://relaxtionflouwerwi.shop/api
Signatures
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Executes dropped EXE 2 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of FindShellTrayWindow 43 IoCs
-
Suspicious use of SendNotifyMessage 40 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.mediafire.com/folder/ygvzvvks1va0b/F0LDER"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.mediafire.com/folder/ygvzvvks1va0b/F0LDER2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.0.1099246411\1962125492" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b9b456e-a017-4e5d-9990-4240ddd567f3} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 1892 2cf30106858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.1.687160166\1080200997" -parentBuildID 20230214051806 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad456bff-7b01-4514-98a0-7f5c0817bb67} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2488 2cf1be85f58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.2.32320124\2071474509" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2872 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbce2ee8-e67f-4618-b53e-03ec32a28bb8} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2996 2cf33028b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.3.1785344989\831928357" -childID 2 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e08cc8-4014-484b-9aa7-851b5191da98} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 3684 2cf1be76e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.4.363377487\1086565872" -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5200 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {592503d3-d96c-44f9-9fe8-25705dff12ef} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5224 2cf3738c858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.5.1255634551\84640442" -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5436 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87e0a47c-d95e-43e8-938f-3f988597ac9b} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5448 2cf37389e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.6.1642043547\669644734" -childID 5 -isForBrowser -prefsHandle 5624 -prefMapHandle 5620 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a78a9e3b-7756-4e0d-90f1-bce4a37f9f6e} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5632 2cf3738b358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.7.1148611264\1248609172" -parentBuildID 20230214051806 -prefsHandle 9848 -prefMapHandle 9844 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce80383b-2630-4278-b3a7-b2f1f2b888b7} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8864 2cf309c7958 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.8.1061739146\178962418" -childID 6 -isForBrowser -prefsHandle 8804 -prefMapHandle 8812 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {208c5d11-79e0-4eca-bb79-018990f903e1} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8872 2cf37da8f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.9.496202002\618166628" -childID 7 -isForBrowser -prefsHandle 8752 -prefMapHandle 9632 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe9f01c6-6469-4a17-bec5-027f8ac80924} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8764 2cf390ea458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.10.1391229546\374504624" -childID 8 -isForBrowser -prefsHandle 8572 -prefMapHandle 8556 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35fdbe91-5878-4a20-ad5d-1f7d891c54e4} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9440 2cf392b6958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.11.1062911581\1220261298" -childID 9 -isForBrowser -prefsHandle 9316 -prefMapHandle 9320 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f73db911-0171-4eda-9c8d-045e0cd9da47} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9352 2cf39012858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.12.277652437\591948563" -childID 10 -isForBrowser -prefsHandle 8232 -prefMapHandle 8236 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08d8ba9d-09ab-4368-84aa-24ba46c69a2e} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8292 2cf38deb358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.13.1883164944\380937332" -childID 11 -isForBrowser -prefsHandle 8084 -prefMapHandle 8088 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {350ed0ee-185f-4800-a089-b28e0ed5260b} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9204 2cf3976c058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.14.2096833634\1467404529" -childID 12 -isForBrowser -prefsHandle 9132 -prefMapHandle 9136 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be50ed44-a295-4d72-85d4-46682ff90c10} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9120 2cf3976db58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.15.374866643\1124082323" -childID 13 -isForBrowser -prefsHandle 7880 -prefMapHandle 9212 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4189ae8e-3154-48f4-b415-f1f0a5910816} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9100 2cf3b41c258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.16.2061129656\429986052" -childID 14 -isForBrowser -prefsHandle 8912 -prefMapHandle 8908 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcc37fd3-daa3-41e6-a07d-372cd09e1415} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8924 2cf3b41e358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.17.1549371911\1494778590" -childID 15 -isForBrowser -prefsHandle 7748 -prefMapHandle 7744 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {854a3c32-55f9-4295-80b5-c0cb169b43cb} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9448 2cf33329658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.18.822640657\705396426" -childID 16 -isForBrowser -prefsHandle 7564 -prefMapHandle 7568 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaa23247-1175-48c8-9e71-d2c13f1b5120} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 7556 2cf3332a258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.19.293127498\1368814277" -childID 17 -isForBrowser -prefsHandle 7508 -prefMapHandle 7520 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5bcab19-8218-4309-a61b-0b30fb7ee5b3} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 7208 2cf37d4b458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.20.409452190\2010175021" -childID 18 -isForBrowser -prefsHandle 7500 -prefMapHandle 7528 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f47934f-242e-47e2-9140-2fb3e4a553ab} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 7652 2cf37da9258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.21.965245765\530052059" -childID 19 -isForBrowser -prefsHandle 7612 -prefMapHandle 7608 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5849e7cc-1711-4573-85a5-3257995f8587} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 6912 2cf381edd58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.22.1630683965\1399795406" -childID 20 -isForBrowser -prefsHandle 7292 -prefMapHandle 7296 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d917b004-c412-4e63-b893-33b0b12df253} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 6832 2cf399c5258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.23.1418945379\452497175" -childID 21 -isForBrowser -prefsHandle 7612 -prefMapHandle 6340 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0749195e-33cf-43a8-a304-3952f6b8509d} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 6460 2cf3ad45358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.24.1043755037\252620495" -childID 22 -isForBrowser -prefsHandle 6216 -prefMapHandle 6512 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3459fbb0-8543-4098-812d-d57515506360} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 6500 2cf3b21fa58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.25.973713802\160487307" -childID 23 -isForBrowser -prefsHandle 6492 -prefMapHandle 6628 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bc97987-8e71-48ed-bcbb-a5d62c08029d} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 6100 2cf3b2ceb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.26.172764327\911820789" -childID 24 -isForBrowser -prefsHandle 9992 -prefMapHandle 9972 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad55de96-9d72-454f-9989-c9727a324931} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 9968 2cf33f90258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.27.1043715578\790389383" -childID 25 -isForBrowser -prefsHandle 10144 -prefMapHandle 8276 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b385d44b-e2e8-4cef-ac38-db9333e577ce} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 10164 2cf33f8ed58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.28.1378935520\1464116170" -childID 26 -isForBrowser -prefsHandle 9320 -prefMapHandle 10144 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fa859ab-e54a-417e-b75e-0687a1b8e0ac} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8164 2cf307f7458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.29.1368694057\572344060" -childID 27 -isForBrowser -prefsHandle 10212 -prefMapHandle 9224 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b25e1caf-5afd-4169-a002-f343efc6ef49} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 8204 2cf307f7d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.30.903495255\959150346" -childID 28 -isForBrowser -prefsHandle 10308 -prefMapHandle 10312 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5261f88-2575-43f1-854f-490a36bac6a4} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 10396 2cf309c5b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.31.1990296666\243618983" -childID 29 -isForBrowser -prefsHandle 10584 -prefMapHandle 10576 -prefsLen 27753 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c57f8e33-caa1-467a-987c-87157b691fbe} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 10556 2cf1be42e58 tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4276,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\GRAT1-S0FT---1889\" -spe -an -ai#7zMap25952:94:7zEvent285621⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\GRAT1-S0FT---1889\Launcher!_x32_x64.exe"C:\Users\Admin\Downloads\GRAT1-S0FT---1889\Launcher!_x32_x64.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
-
C:\Users\Admin\Downloads\GRAT1-S0FT---1889\Launcher!_x32_x64.exe"C:\Users\Admin\Downloads\GRAT1-S0FT---1889\Launcher!_x32_x64.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD53cb60b14569ca10875832b1ed1ee44f7
SHA1181029a3819d9a409e56832e1a62451bcd466b38
SHA256cac2689174bd6fd6e17b79d8318080b21455d0b3fbc1169937655c6dcba54870
SHA512e93b9d4403ebf778fe01ca5bbb40ef7e98f123fd4a4a57b93d419f8ab7c0079e3d77404b641d33da732d0827b6a80efff8ec372108e257f3ee1e1d87d570c4c5
-
Filesize
7KB
MD581273f5981d6b9ecd6c7b3b741532aaa
SHA184b015ef631bbb70faa14d54688c52360d1f177f
SHA256ef040d84e21555211725a3f397534c013f2b1cd096884cced8407120df763985
SHA512600c382c7fc335fff7b1ff84d440b634098fd4aa58eeb016288a85f7cefb738101dd71b2e8ea379b24f9acf5dfb5d518659fa3e75e2188afd642f5033ef2cb68
-
Filesize
7KB
MD5e804328d29c7ad5e97e8ecf961eb24dd
SHA1721377224703bdf4f5eb594dd12b46da2ebf859e
SHA256c662fa3e01d0bdd76f00a9c543e2138045cbd021942c27edb66e9ffd1240fe5d
SHA51289074e90881d82037621878e1492db163a67d82f9ca2ff188a725edbf59656e844fb4d0ab1fb384853bc2ae772bd01c791a8931f1d05dcaaf2f0cce493089610
-
Filesize
11KB
MD587889b2af1c27179ca135de5f1472a06
SHA13afbbe141625e7d71682e655a11050ae01d2c2bc
SHA256e6669a17fc1efada0ade97d5e41b840003af4a4f52f3197e6938074c020ce8c7
SHA5125cdd92da154e0a898998722d96d07293bb1f787b59e2c3998bc731684e2fa6b39135d0c615065d00813a240fa7877767f39328d98835a95fec741b234f25bd92
-
Filesize
9KB
MD52f6ea4b8b7209f1c52a39f8a6754225e
SHA12e0228138826f95fe402a1c05d93fb2a3489971a
SHA25603ae287d59ee68f831624b465e21dc419234a18deaa4d6e68bf954984596ae13
SHA51282ba7151a8fd94ebb4d3012ed0b57832c6a5b2bd4f788ce0218ca4159b8c297c11a1b9ff5a4bde46deaa23acc1dd8d90f2e1f3e18bf4d949a2a00d52f199bd9d
-
Filesize
42KB
MD5a46799cdc61139f03cfbc3072a47c5fd
SHA157ce92e93a1b6d089b5c044ea08468153494a084
SHA2562653a63f9553adb11c8f70bb7597ad0221b199ace0d5507939b25b33b562c0f8
SHA51237b67945235a0a78a9c07ce40e9719a3cdacc5aeadc871984413a6c4a83e85832d6dfe9620387d5034bcde61549f2b11942ea6fd1d7009b3b02815ed722f10e6
-
Filesize
6KB
MD5d896f51012c5297ceeda55d039566004
SHA1adf40c0231312114e9db28c3f6e85731a6775810
SHA256a811c4070039143ec03bcb8cce67368db0acc6bb442f4748b5c425153d2b66a6
SHA512c8f8de4b0c067c8f8ef80015b4dcba21c00990174a9d50284422552ccf23c597800c778063809c486b38930867a95f9d1135ac64825adfcf33b5cbb20a54829c
-
Filesize
7KB
MD516f70b03f46ebb2b9d536dce8d9f0db7
SHA1e8082712ac989fd66ae455967e0bd0d1e9fdf501
SHA256e0e8f381d71aac3fee6d9ce6b5b99efea5f8c617b43ae90ce86d942f65879fd8
SHA5128033667e129a31c0a799ecbe9b305a1c1936274268648d9bfff804b693ad32797603b68e817e2940fbe36835dca4a9c6a82048cb80c3b1d14878e98c7d1861f2
-
Filesize
6KB
MD50d8485529f021f6dc8fb2d56aa2fca88
SHA183c88629d5b258d857290079755aeb3d3c818bd3
SHA2560f3cf94ac2342a1b9ef7ceb385a2533d52f784efb37b9b35c7c0740b9abedc46
SHA5121d6a43c496c4ebcf5649547683cdc105299e81fb2f0be683b2fb913664a5a63f5cfbdd60b2361a499e4472be713f95ed667c58ac10bb8edf81969d6367d70990
-
Filesize
1KB
MD5e6af416d5ed182b906559eaef577762a
SHA10d143eee9837ffab5da81d0d119547522d6d1bb3
SHA2569d61ce8a5330a6a4a6ffc2a67100f9f3e001545ea08f75a05f4d7a5d1e142643
SHA512be896c80891387d7ee675e11bbc6adcaaf834607d68ef07b102c1e1e9f2d171f5b6bea4355c450f1840db8237039a5d6ee89c34e4de8c8bfe530c952cbf437a9
-
Filesize
12KB
MD5ba71dca647f82763fc7bc41f949a27f9
SHA1b1c43e7151f7596cc2ca659b7032eef280a52550
SHA25677c14f8763c728765f87adef5bed1797dbb030c28780d611a1c4dc39961daa0c
SHA51227d108711ef9d9a6ba0cd5f609778dcfc94127ff745c985dced61120ae30f10332a162a8692b379c744ab7783e05d1127156d2fbeb9719e0296a2976f04a408c
-
Filesize
12KB
MD5875c38ee6528d0e1e4901c15bd8ecc62
SHA133dfc319e2a0a3e9210abe95ad14fa6d7c30fa82
SHA256ee033c891b3b26d9211fbc7b132add4a2ed51558215f60db24762fedba967116
SHA5126d8928a364dd75ef8ba4da3abd92370d775a7191f8f8a97b0286afe3ac0220c516c92c9cd962f74c03ec0f247f48ebf058e66ececc22907070e81523937bd3c1
-
Filesize
10.1MB
MD5bc81872e2c8dba8985d0feef82e44972
SHA10b192a680a9da335f6a2c8ff3c68e27c7ade653f
SHA256e9857eae54db395c73aa7b059573419ea0d26364adaa89b7471c435ad3f20e4f
SHA512d33ad874b84840a5754697e6bb27d5d4efafb5511d686a24de386dd0c9771dbf2939cf21969d71673f4acf58544529e6549fe56f16bb2cec6222ae5fbfde171f
-
Filesize
768KB
MD54dceb12c2cd78218bd1085ee7f9b3429
SHA1f4c11e02b2ae7743b26bb30fc1ea8b00a2f9c96d
SHA2569f83a76ca71200c75617bba788a5bd289241787b493731752a56b011ae9b1707
SHA5124da7aebb4042fadafb613068327a5f04a2256c22fa2e710a752918c9c1c86ee35f1071d81368ac19bf37313bf2db4359b2e6b053349c4ca7dd74639734eb4fc6
-
Filesize
24.8MB
MD5e8d216cbe22f021fa6cbf4a29faba5ad
SHA11317db031d12eae9649d1c1da4aece15dff06ded
SHA2561bcd957579d9ae82795f17a29d765cc7bf7d98619a954168d20f25184b3c85dd
SHA512854495e682a368306fd71fa1a7d4091ab5dfcbe6335baa3c05fc1085f5aa3f2b75caecaecdc43ea69125b7426c1c192ecbe7f28cd4634173e7188ae79886e958
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
348KB
-
Filesize
25.3MB
-
Filesize
25.3MB
-
Filesize
25.3MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB