Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
29/07/2024, 20:56
240729-zq79pazejm 1029/07/2024, 20:52
240729-znqa4athrh 1029/07/2024, 20:33
240729-zcc7dsygkm 10Analysis
-
max time kernel
254s -
max time network
264s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
29/07/2024, 20:56
General
-
Target
https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link
Malware Config
Extracted
lumma
https://kaminiasbbefow.shop/api
https://horizonvxjis.shop/api
https://effectivedoxzj.shop/api
https://parntorpkxzlp.shop/api
https://stimultaionsppzv.shop/api
https://grassytaisol.shop/api
https://broccoltisop.shop/api
https://shellfyyousdjz.shop/api
https://bravedreacisopm.shop/api
Extracted
lumma
https://horizonvxjis.shop/api
http://horizonvxjis.shop/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Executes dropped EXE 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Program crash 6 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb63a46f8,0x7ffdb63a4708,0x7ffdb63a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5528 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6412 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6280 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6312 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8575631029385291659,1869314445950050564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Main (1)\" -spe -an -ai#7zMap6234:78:7zEvent22791⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 11763⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 9843⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5180 -ip 51801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5180 -ip 51801⤵
-
C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 6723⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 12203⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 9363⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 6483⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4476 -ip 44761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4476 -ip 44761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5836 -ip 58361⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5836 -ip 58361⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bafce9e4c53a0cb85310891b6b21791b
SHA15d70027cc137a7cbb38f5801b15fd97b05e89ee2
SHA25671fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00
SHA512c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c
-
Filesize
152B
MD5a499254d6b5d91f97eb7a86e5f8ca573
SHA103dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1
SHA256fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499
SHA512d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c
-
Filesize
5KB
MD575e48226562e46d4083cc5e416e938d2
SHA1fb2b815f11bf6ed96db2e39931ffdcd8781da87e
SHA2565aa44e18034e318f5a2d219e037e8376befb04113691910f788f4cfe10b8e5f2
SHA512805086369b991ce99df008843fc7cb46e58ac85dfa4657ec16b3a73f9526645740e67b313246eae76cc777efb40e76b34a32c8a3f0667c0948f30c56b060d999
-
Filesize
480B
MD524c4c248d5afd11027d5502a63d6a0fa
SHA124fcc104df3b0d3af2c88316235974d9536ad26d
SHA2569ca89d8b1757f18cf9a5677a4ef05a8225e1b3f3943a0c27275e2565f5590ed9
SHA51238ee26332bf0689cf0156ee2e490f8fa37ec4f37107cce18c30eec8cb2b08281630bf9a4e7bcd9349387f6385f78993b2595f3b148e14689d625d694108ffa99
-
Filesize
408B
MD59b4428443367c7b642223c2eba49bb90
SHA181e92f8880f75425936e1d5a81db02e3dff8c9a0
SHA256f1a751fe7ce0302eb51242fef3223bbc89ab7e2547cbf06d942fc48962802190
SHA5127474bf6b351128b733c88d9789658f2fbf3c721d9c18d63ccda82d0764a25d949194ab2d58df8e42d566e535c38e3384e2114a4dfe6588d4e0aac4d2471bfc68
-
Filesize
3KB
MD5324271c0be705f9b381fffb8dc82c740
SHA1b0d828ad8cebb0ac5126ac25d0408c874a3756ac
SHA256fbc315493505ddeafb680f92f799888e76b7bd39e334eb635ebda18faf322f5e
SHA5120a2bda804693ab77a86d0d3154bb291c58fc9631c5b567826f9ce4ffd51c02297c239c3e4e2b007c2c9be4e0644acde9393736d796086c16df2ba3486e0f5fe6
-
Filesize
3KB
MD59efba03bc6cd724860d8d049af5a2c36
SHA13afc6caab9313fede2b5edaa6c76d33b94df1c3a
SHA256fb8a0c94b946f3d299ad2055be24e137d84ede12806afe01d4ffa144a96dfb5c
SHA51215cf73841ee76464031f9fe99a3d356040b6dab1025353d58de07014a4cda58305674fa2aba5fe29a7b04f82b625c6c6e04483c747db726e9177f6bb7e592c6f
-
Filesize
3KB
MD5b62b3a70065acbded71e744f42d8ec7c
SHA1eff567dfe9fb7c5cba91a51a02ab4e8323ba38ca
SHA2561397dbecc904a9a636a3b21dfa92bc975b8b10be6235610606b554df250297d5
SHA512a4422c2d98d6e7d8de2b249c67a8ca62b0df5434567bbbdd470099e200f02e8b7d7afb09f4278004d2b33e826d0953454e920ef274a5e14c47822a964e5f303c
-
Filesize
6KB
MD51e99cd24e88b96988822df9e9584c5d9
SHA180b7543379cd94d630793bd1bb735978d494473f
SHA256ae7d18f3f6abb573bbc5a7d5214f736ee1e4f9241df8171672791bf037950676
SHA512ff39dfdd6a99efcff6ccc290f720c2beee87c701ee3d1b82e29d9e38f38096a73b8627577ef453f349401b25f7d620db4d380581eba177fd75ea7b4a619a0b1a
-
Filesize
7KB
MD5c4d7dafed05ab6f80255abdfe2380643
SHA1fa64896693d870746ae5bf0c1a1b603581bd20be
SHA256b41793ea2c31a06352866ea508a4501327ef32b4951d1804cbd5bf10bbe9e267
SHA512b8700a9415c74c52cba8a7ad8270035aac915dd4d9fde87651c00ae9cb2287352679a00cff35b233afd17564d9582d2f203339571f915d408b15cc9336ace655
-
Filesize
7KB
MD58f2fd1ebe25b357e4ea04af702fb412e
SHA13a7c31619216c3e065826099b1a1ad6683fb19c2
SHA2560f6c43f5994934efd3cb0956b298c88cb46f9e4197e7dd8a24ac763e9a007797
SHA512b2ee8958f24d0241b8dccbc236ffbecdbc66b613274c9f659a464aa55237902bf8bd3d0e42b7959f37e9606caf39da77262b91711fd2f94ea577bb4f9987e63e
-
Filesize
7KB
MD5325216e07f2177100d85248a9a7cc95d
SHA13d7c6a8426b6b7d7fcd7c541c85b24ddb52e2e09
SHA25633f2cb9bb5d500244bed58f0dc6fc3ab7dde540a9693d4502281a23f91e3ce80
SHA512f1b94a4d5d3fa0154d29984f863c46020bd65985b5b60ad56e2dd3611f25df3f6a47a13a367ccb987ab992cedfbc1a5fbed7742fd0a7f789e4276876e47da260
-
Filesize
7KB
MD5f36db643e1dd064b2536f3e393f732ce
SHA12cf60d629a4b3afc3431248e7a85422191bf67ee
SHA256443abfdfaf69072c55c6b9776711490dc443761cba5af9cea760482df6073b32
SHA512b9ff13ba9f687985d8325021a6193ead1dd2521f36ef90a6ff041545a2b540bb5c89dd7dd935ed43ab1b6cbec7f67f3ab1b82aa3d6c6d1834cf683102a937f06
-
Filesize
6KB
MD516aee05889e824eeb20f9fa9b67c24b6
SHA17ed41e80d1bdb2893f1bd2183f053a84f51ac1b8
SHA256757dcb771acb6e84bf22eff5f7e5f534041d094acfb6b9693741c0b75923e2b9
SHA5127f1619649722cf4b5b30c42165cc3835e5fe896218c1eeb348fd3ed778c7686a42561fa31ebbf9f445db7ee2a4868fb889a0af46b0a6f2c21a9bb61a342ba18d
-
Filesize
7KB
MD546a20f5cf44556da292bb5af84ab5d7c
SHA1f5dc63810fffc8954e7f8677af540806c478b2a4
SHA256e683475733cbab21dacc851e1c829c8bc2e2e3e74469eed73dc5fbd09deb84cb
SHA512439ae22ab46e397fc6560e495b9a558a09f2b53520f11e6c523bb75f910e8f03dc862748e41e9a6de1b72bf91e479285b5a70139147906001931bb31f3ea4441
-
Filesize
6KB
MD5a2c8b230b1399f3b577de471c9f11a20
SHA1e5fe1c0b12d0e591b0f80401d51f44e5e33a16d2
SHA25607c90027bb77b56e30d21dcc7ba1ceb535344b3311636e2bdd94b33b9a986598
SHA5126cdef80adcf8b51d7c875f101f70065632615e4874e3af897d1bb39cf5c86ff15f486e06334eb6336832c3c657e99754390d14f8ab544d1ce398cf7a8b925766
-
Filesize
6KB
MD5a144e05fe1ca0004405c9cc8e6e6fff3
SHA114554bf4d1d2a3b1d2c0ca0f7ad796bf016edbdd
SHA25636dc7d39415f929dc7954ca1d66e14e898fc4f212b58f945b37a5e61bb94d3db
SHA5128bfde1e24070279beda20c65503297ef83925d8860c896b569af9ea47cd47d085147aedc2f1c02f6947cc7d473de57834394f337363cea632fede703049fb0e5
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5dbd81306a6ee697bd888019214cf2cc6
SHA19b6da1f89a780cc1dbac5c21bb8c0937fa174126
SHA256a64b781f31d1417bd0887f04ed9fb536a07e515f46d9ef68734d786da7fb8f70
SHA512d72ba77c20cf822cac77d006a3fe683a97dfef9d7c012ec9b58cc237d0709c44a619c0d1e45fce50ad28ddb8e0c5641b27538648eac4b7ff019cf7f8e88c96c3
-
Filesize
11KB
MD5c1510d248bd3435193d304b53a0548a7
SHA14c29661d1f18d78292db972a70400d5e826a9fc2
SHA256b007ae9266c0f5e690487ac205ce9095b8fa0cf1afaf35f6a5a68ef517317d29
SHA5124961a472e75bff9729870163fe98265473254742494524a3ddddd43a9baaa3244049dcb6f871f0d887813c8397662ad38792d030d26dd0fddc072cb7122cc558
-
Filesize
419KB
MD511e40cd744c1b342988a44c3632b360d
SHA16377ebcf8b46eb0bef07321c4ebebb29f1b13565
SHA256f00c12f1feff9ffc6822df557ddfdcef9202e9262169cd3073a64560159efcc6
SHA51259ad5d806273828c7e5aca95d3fe9181128c8f92e7da561f663718002a4067e5ce061b18a3993ef7931fcb0289d1361c9000cb4175d600f138de4d6ebda05392
-
Filesize
521KB
MD598455c0df4aae673a4715d71afad2c5f
SHA1da48917d453ca73fbaeea46e7e857af0b9402112
SHA256c16f0c5883cf636187f80467435851e2f966e47d9797e6a7b0be44d61018f5bc
SHA51211bd87ea1606f7592f09b07aea73485624a4590f209e64514643680bc2775f0d1a5ff1bb1d492476d654c27994ee38c083f83322d27dc69fdd7d1082468830b4
-
Filesize
340KB
-
Filesize
340KB