Analysis
-
max time kernel
29s -
max time network
21s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2024 10:35
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://torubleeodsmzo.shop/api
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 932 msedge.exe 932 msedge.exe 4780 msedge.exe 4780 msedge.exe 3044 identity_helper.exe 3044 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4780 wrote to memory of 976 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 976 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 2624 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 932 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 932 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe PID 4780 wrote to memory of 4460 4780 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://torubleeodsmzo.shop/api1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4780 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa591d46f8,0x7ffa591d4708,0x7ffa591d47182⤵PID:976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:4460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:3684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4212
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵PID:3832
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:1880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:1344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:2704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:2200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12147541958599611806,922768694932551226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵PID:1356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2112
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD59ff17f3cab82c7ec83cc645020e58160
SHA1d61e6bc8511695a294692dd22047d4315d725db1
SHA256f2983a75f80233467a7123c379ea5a5996a935b089a41d64598f2517d4287c7c
SHA512147f8e8b6129f2ca49fcbb397aa59b82c8b03bfe40d534a03ff94f041c152ff675d9c20ada0eb1c9d98c8a264b750f0edbcef9daacc7c6b53c35f29131e02041
-
Filesize
5KB
MD58f67ea3738db91fa5f21cdaea0845b12
SHA1ac520a16133b70ceffa8708ced04e2321e5a5fc0
SHA25684cf25c30c225ffe04dd24dfc2496ae3ae4f6f2eef8ad18f8a2f21e72526716d
SHA5128872661fca8df1987fa8cfe13845d4f0e11bf1a0cd25d24b26e53c43dc31864e8b5463394b1b44704fa08dba3a570feb8d1a6541766db69a96a668ac9d8f0d3d
-
Filesize
6KB
MD55cf4fcafe85f577a2558961ff9f56646
SHA1551ad4ba74759e3aa6c69e5fa2290eca365953bc
SHA256bf26e0a77323b3b210d626bf5f5743520962f07718c76163fb40324fad540ea1
SHA51246c9220f9e8ddab5649ea101569cab19b35c93cf333d161289aff719c0fb684c78c7894045dfbf2f30bc9c778f668410d66cb4c7fa01a74f0a0aeea1d56d0cb4
-
Filesize
6KB
MD51d4017526d5abb7b9374b92954349118
SHA103d28d94db001585da9d08524230e9a1f5a786d7
SHA2563bf1059e44434a4c98793f465df099560ad93a6b179149b1223ceba3ff6603b4
SHA512486cdfae1f178cfca985762d54f35aae1fc26bec81d48e3026d13a80e7a60d06214f8bbd2902cf8f364952e84c10a3004a6d4a33d212089e12194cf5f76b33db
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d70130914da4fd8342581ef533d48220
SHA1bfdcc2db53226fa5a45476d482959d3e69e52f29
SHA256002f6e4b07254e84ab77c56c52252f0a47b5a29fb6a3eb497774db6bbd5fb513
SHA512cecc53eab245edd8cfba8a1ba77a8f1ab78e05d9a22ec6ac06faa2404510e6aa5096591b1f9e31c2d4c3d2d752080b9d92dc7ce997a301f0a77a6a00621854b8
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e