Analysis
-
max time kernel
88s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 22:02
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://stationacutwo.shop/api
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
github_installer.exepid Process 3764 github_installer.exe -
Loads dropped DLL 1 IoCs
Processes:
github_installer.exepid Process 3764 github_installer.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
github_installer.exedescription pid Process procid_target PID 3764 set thread context of 1676 3764 github_installer.exe 109 -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exetaskmgr.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651225462290613" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exetaskmgr.exetaskmgr.exepid Process 5112 chrome.exe 5112 chrome.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid Process 4160 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exe7zFM.exedescription pid Process Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeRestorePrivilege 4160 7zFM.exe Token: 35 4160 7zFM.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe Token: SeShutdownPrivilege 5112 chrome.exe Token: SeCreatePagefilePrivilege 5112 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exe7zFM.exetaskmgr.exetaskmgr.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 4160 7zFM.exe 4160 7zFM.exe 4160 7zFM.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exetaskmgr.exepid Process 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 5112 chrome.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe 1092 taskmgr.exe 2540 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 5112 wrote to memory of 808 5112 chrome.exe 83 PID 5112 wrote to memory of 808 5112 chrome.exe 83 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 1772 5112 chrome.exe 84 PID 5112 wrote to memory of 3612 5112 chrome.exe 85 PID 5112 wrote to memory of 3612 5112 chrome.exe 85 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86 PID 5112 wrote to memory of 1032 5112 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/yvessurbano/Adobe-Premiere-Pro1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f7bbcc40,0x7ff8f7bbcc4c,0x7ff8f7bbcc582⤵PID:808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1916 /prefetch:22⤵PID:1772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:32⤵PID:3612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3840,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4664 /prefetch:82⤵PID:4000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4896,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4364 /prefetch:12⤵PID:4192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,9883508537905465738,15032796729495802852,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5048 /prefetch:82⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"1⤵PID:1104
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:64
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4220
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\github-installer.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4160
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1092 -
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /12⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2540
-
-
C:\Users\Admin\Desktop\a\github_installer.exe"C:\Users\Admin\Desktop\a\github_installer.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3764 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"2⤵PID:1676
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5d2fb266b97caff2086bf0fa74eddb6b2
SHA12f0061ce9c51b5b4fbab76b37fc6a540be7f805d
SHA256b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a
SHA512c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
944B
MD56bd369f7c74a28194c991ed1404da30f
SHA10f8e3f8ab822c9374409fe399b6bfe5d68cbd643
SHA256878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d
SHA5128fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93
-
Filesize
2KB
MD550ca30ae541e5765f46fc6734e59281d
SHA15e911b6674f18281322c38fb9b685a1dec469327
SHA2569c865c0c758e9f54753b92c34a5313eb89484fd4eb24cd9da845a69a81435a10
SHA5129cd5bdecaae7e718b03d67960cb7683d4e088dcf90d6de9257ab6129d3df9946339f883db2fc7722592689555ebcecfb802d2d263bed7ee154d8ce1115e26687
-
Filesize
2KB
MD5f48e2b7eddf8ce702226c337257c795f
SHA1ab8515c18922cb38f95edd1f25125bab01a8ab61
SHA25666c782c6cb51bb24c001d499eb698413a8a3ea117094fb565815f5b06dc91786
SHA512b040b728efe14e3fc899da79aec44d59a115a13bba1623adbbd13324a1d4620684abddce31730a41705ce06dc27dfcc229839dde3872077d5a4ac59f6369c6c8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5d3622d8fafb565eac416901ae53d6d38
SHA14197a4b60d006bfbc63e65e4034f2d350987c534
SHA256c93d75d43f42c89bb0c89a8e909a3795a87f8a8820060ddb1059dbc8244d3242
SHA512d2ef3d5e75012bad69f9af35745677c11eb8d71db6ad5eec9043850967d62d76ce624035d2a41d6fda3b6a946387d89cb17b38c50c345032badf2365a20f4102
-
Filesize
1KB
MD509246edc768d4d0435a2e2fc993f7f61
SHA1b97384145842fd84c527f3f35f7b672284db61ec
SHA2569c6cb2ca09b02e7065e31119ac9ea273be17cb44d8c83c8a22ccd6689a7dbe43
SHA5120e63e2256f779ec96825fa25f0d44c8c03895719d579d59d056aa6852f6f4fed0dc3455e4e6bb32af24bd5eb61ca83e026fe049832f60d765786e9daecaa7182
-
Filesize
9KB
MD53baf42b9c62c0b08510299dff29cb6d6
SHA153a66ddeb394346a5656ef5bf5da5b14e82caf4b
SHA25631c73197f98e948457aa6c76eac542070a268790d9a41511a13c1ba25e060978
SHA512e35f8ad1c6a0ae66ac7898a594bcdee47b2625a1e203c5339a8fd11de602ea35ec481d70448ee2a1208ba04c801044b5c087a65a4b9a19e4b992250d401cef48
-
Filesize
9KB
MD522589c8277efbff7e61ab21603b0c953
SHA105c215ab788486b071946115aace99a5108bf69e
SHA256444b5aa0720e9e5218c2af8eb33e3590ca08dd628459bc6103333d82a9d61521
SHA5121a2470cb3f19b327bebee222f823c00e6508b927dee3038cfb97b6b29030067fe793a3510017f35c7db94dc0f858960f1453e90ca762bdde34b5e92d04192702
-
Filesize
9KB
MD5981f1bb5a335b856a30f78da2c2149c3
SHA12c3ea1cf7dc0d47c3c53d11621e4e289ddab77a0
SHA2564696908cb1294d82687e4874fa89bc8090d0bdd73750f8c5b05947c205c1ca79
SHA512b36a15f19f9d563cbda99aa86f0d8c761391aa247c8216316e763018222f22dcc541e941309bac808b2d11483dab63f1a0ec2bfc19433a16943df5d2a6d3ab22
-
Filesize
9KB
MD5a1a28bef7f65de2f2f532e422cd2e24a
SHA169cba838e309cae6d0c112e95cb0bcf38a765802
SHA2564fd9ab83d20489d592df2e2267bc8ef2ee77eb66f93b4aa188c423f025683a64
SHA51220f127dd7cac3c03142c0dab46a56dc03835489b7f37a2a176b7260211e7b63d423460595cf6b6f779c48d5bb0765dcf2e2b48f2ee01d3b04404f3ecfd67c9fd
-
Filesize
92KB
MD50a0b85a1d701c173c3bceebc97605c79
SHA1a3156195b795b1613c5efeca2ae7133468ae3d5f
SHA2560b0bc06855c92dfe45e2a76eaae52bec7a1d6381ca6fcfdf06f14f69c0007f89
SHA5128414b5c422e86c7e383e7c8cdd97b503194b3a0a0c5e3538fb313837fb6394a06b440318574692d9f5c4dcd709fe1b055a54e1d41b68270c2bc54852586a0c88
-
Filesize
92KB
MD5c7365213476680742e6d58d7131fbe38
SHA182487f74ccf2d264ebec6d4195d30b571f15b316
SHA256a958a7cce82a0223fe061778d9b81e85028da5ccdf966e78b6d3191057f426b5
SHA512446739f04b0d2eb1ad861e262843416e4cd515509f7a28b4a7f3316f80d10c8e2bc75b5b1482df0074acac6d21d2afccf3ca6517a3625de083e4e03d48f1088e
-
Filesize
92KB
MD55c1322c2a875c7aec207f8c4064ea035
SHA1badbd21fd6bab96e48cd8563665d27de25969d93
SHA2567f7bf77e0a51b440386528e247d9c668d1277e1e56f3c98bd41dafbd87741d49
SHA51210fb98db0558974181abb902a784108100c2b841885c23ed2050eee54bd6f70236310ad7989c107a34d18c5051bff36038b53e9635c356bdb54deb77aa415625
-
Filesize
264KB
MD51c6e9f227ac17820da6728be74e7eb2a
SHA1332be5b7526a3795c04b41c15f674e47c923b13f
SHA256c0acf2f4408c4601853ad8153311257a62914083de6eefa20cdce2098c7b02c2
SHA51241a20eba05ac4c32674bbcf00b0a726c3601cebaf54c5337578a63e232b8dccf449b8405a64f6333d7304232c717a5d44efb9387280410b9789a137fe2f98f03
-
Filesize
443KB
MD59c6d10700676748732b1bb5a590c8e7d
SHA16b909ea6d8ef9a8119d0a846920e34f37e88a4ff
SHA25603078e9f4c1d13cc845cb4c4bc86a1ec890638938bcaa7f5ea485ccfd43a437c
SHA512639892ab694528220c59a84e713f524501b9506617dabf8670f4807dfdaabfcfce3298a2b3fe867565e5ae1b3124c18c0a6803315d853c9c51c6883a31ae04f4
-
Filesize
3.4MB
MD53610f085de0c02f68b50a439a561e5fa
SHA17e9912456fd090adfb6c61d98eae7143b03a1e23
SHA256939eda7902fbaf030bd1f38f123056718fc2e711572b35575cbc6d53c7afa436
SHA5123bf2278f856c92ad0b78a75ce52af7df290fac83ae22950fa479c06378987271f3183f80528dc9c02cd9174c25cff95a84a3d6e604a4f9baacfb6bdd03769e0f
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e