hxxps://www[.]upload[.]ee/files/16996237/Hades_Cracked[.]rar[.]html

General

Target

https://www.upload.ee/files/16996237/Hades_Cracked.rar.html

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4088	[email protected]

Loads dropped DLL 1 IoCs

pid	Process
4088	[email protected]

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Imports32.dll	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Imports64.dll	msedge.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\[email protected]	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{B71AB552-F562-4715-9A39-F8E6B3DC2BC5}	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	6080	7zG.exe
Token: 35	6080	7zG.exe
Token: SeSecurityPrivilege	6080	7zG.exe
Token: SeSecurityPrivilege	6080	7zG.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
6080	7zG.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16996237/Hades_Cracked.rar.html
1⤵
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4580,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:1
1⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3876,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:1
1⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5400,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
1⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5436,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
1⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5872,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:1
1⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6048,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:1
1⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6248,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:1
1⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6224,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:8
1⤵
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5384,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:1
1⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6792,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:1
1⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6236,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:1
1⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6668,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:1
1⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6768,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:1
1⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6692,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:1
1⤵
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6320,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:8
1⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6584,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:8
1⤵
- Modifies registry class
PID:2896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7372,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=7396 /prefetch:1
1⤵
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7500,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=7520 /prefetch:1
1⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7696,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:1
1⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7852,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=7820 /prefetch:1
1⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7036,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
1⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=5992,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:1
1⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7572,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=8056 /prefetch:8
1⤵
- Drops file in Program Files directory
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7332,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=8264 /prefetch:8
1⤵
PID:5728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7600,i,3861745594156495651,17595114179815238301,262144 --variations-seed-version --mojo-platform-channel-handle=7548 /prefetch:8
1⤵
PID:5808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6016

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hades_Cracked\" -ad -an -ai#7zMap13856:88:7zEvent2886
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6080

C:\Users\Admin\Downloads\Hades_Cracked\[email protected]
"C:\Users\Admin\Downloads\Hades_Cracked\[email protected]"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Downloads\Hades_Cracked\[email protected]

Filesize
569KB

MD5
581dd062025508535e777237fd86f5c9

SHA1
4f9dbc5347b9b33609a96e98b79cfaf5d5285747

SHA256
8cd7912fa77bd11f5d2e5f71340e261f537a5deb97564c9a1a1589ddafb2b5af

SHA512
687ee5f8459c6ef6a4801ad8bb55467c02e84e3bbd6476fb2ce5d3a30350b301baeb38d8a6f8617141a446dce8653cf8611e05ec34859629f3e2429da3325d23

Download Submit
C:\Users\Admin\Downloads\Hades_Cracked\Imports64.dll

Filesize
248KB

MD5
39cbb7dc1c62a4aa3f91ac3201a96018

SHA1
c780ef0f55af7d7a120a3b74bfdb4848b205dcea

SHA256
1874dc92d035247fe30b2898de94f58b58eceb9492c1db65212f4896b6334c13

SHA512
e77af9a1178b034f7195f04d007218446eb4abdce0ec6ffb416c31c4f540ab1be907cf72a1950da42b45fca3136b9da1c3a2e0577c656ad0f3a640e030085965

Download Submit
memory/4088-16-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download
memory/4088-17-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download
memory/4088-12-0x0000000180000000-0x00000001800DA000-memory.dmp

Filesize
872KB

Download
memory/4088-13-0x00000200BFDC0000-0x00000200BFDD0000-memory.dmp

Filesize
64KB

Download
memory/4088-14-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download
memory/4088-15-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download
memory/4088-8-0x00007FFCFEEB3000-0x00007FFCFEEB5000-memory.dmp

Filesize
8KB

Download
memory/4088-9-0x00000200BE140000-0x00000200BE1D2000-memory.dmp

Filesize
584KB

Download
memory/4088-18-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download
memory/4088-19-0x00007FFCFEEB3000-0x00007FFCFEEB5000-memory.dmp

Filesize
8KB

Download
memory/4088-20-0x0000000180000000-0x00000001800DA000-memory.dmp

Filesize
872KB

Download
memory/4088-21-0x0000000180000000-0x00000001800DA000-memory.dmp

Filesize
872KB

Download
memory/4088-22-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download
memory/4088-26-0x0000000180000000-0x00000001800DA000-memory.dmp

Filesize
872KB

Download
memory/4088-27-0x00007FFCFEEB0000-0x00007FFCFF971000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing