Resubmissions
14-09-2024 01:19
240914-bp2thszarq 414-09-2024 01:08
240914-bheemszcmf 1014-09-2024 00:53
240914-a8sjhsyfrf 10Analysis
-
max time kernel
929s -
max time network
432s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14-09-2024 01:19
General
-
Target
https://www.mediafire.com/file/nim0ut2caef821k/Rz_Laun_v_6.3.5.rar/file
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/nim0ut2caef821k/Rz_Laun_v_6.3.5.rar/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc07547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1736 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3376 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6976 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2240,15365896289795487368,15558866056216469528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x468 0x2f41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Rz_Laun_v_6.3.5\" -spe -an -ai#7zMap2796:92:7zEvent7191⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Rz_Laun_v_6.3.5\Rz_launcher Setup1\" -spe -an -ai#7zMap26014:130:7zEvent69131⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Rz_Laun_v_6.3.5\Rz_launcher Setup1\lib\cs2 skin.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
62KB
MD56b04ab52540bdc8a646d6e42255a6c4b
SHA14cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA25633353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA5124f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730
-
Filesize
31KB
MD5c03ff64e7985603de96e7f84ec7dd438
SHA1dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA2560db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692
-
Filesize
3KB
MD58df10b326e46e8755a018da19ee143ec
SHA1ddaaf2cc12633d38ec623bb1c4eb294413a96e5e
SHA256ca79959c8c4402d21dcba43c8f6ddb5355419fd0f5115d84b91d9bebd59e8443
SHA51241ebfd551cf4db882ef3512aa7cf20b997af076a5d1fbb6583e061562c46c53a287b8ebdb168c94bd449bbabfbfc5b3b5b2ef9620cdcf16eecbd2237e7810ef7
-
Filesize
792B
MD53d7e959f93c7aa25817f3ed44c6ddd08
SHA146e8cf1ba256b889fe4fb136dba9dccfd223bedf
SHA256e182772b2921702cc351cc752b07205ed9802f95c17e29bbb2f35640d1076486
SHA5127c21bc416622a818189c3b364c61ac485a15c73c2806e7ccfedf609518be749eba42ddc109f709f4562d555e29e8823b3326525199d1ac1b2adb18ca731caa49
-
Filesize
4KB
MD51dd09b30946dbb99812fd37b2e5f9b81
SHA1f86d00867d0bff6b650f5c48c2b8652443133985
SHA2565a416c7de169247895f9c0d1f9e2f653786c9c4c9e47c53bc8d8306045c0bc03
SHA5122a752a53d58aefd849b07d81bedf21ba84f1f14648a81ae3ed42cfaad62e7999434dd42ebfe22bc91a2cc4bbee6c1e905cde7a519fe5372c486d53fba96bb37d
-
Filesize
11KB
MD514f2ede81dda5b91202df30ef961c178
SHA1add8cc714e9db95d4a2a09857737b4175541a089
SHA256e7dc724260ccc0b4a75dff9b771a4d99683363b66082db8ab65fe151a9574f6a
SHA512bae2a91120913d5db5de233a077f4cf7dba35b5612b9bfd958ae427dc472ccac6816593f19c9f1d6ea9bf2ea4d9f43e06e52cb917651f3e4146a4d1db6b2ebf3
-
Filesize
11KB
MD5b5d3238464317ea65d30931aabf42174
SHA11f84e86d4d870f60d49d3c81001bcd68c3c5e04e
SHA2566bbe3307600d149a80079c346741db1bf05207093d157e3deded7f88d0e5418b
SHA512a33050a3849d4c95e53b797d0e80d432844077be7abc910c03691f6b97198b44eef3b9a2d51847b7144b8a51bac42e7c84749af1faaf434c9589306854b2ad61
-
Filesize
9KB
MD55357061b8a11b50a0be26edd9b018d45
SHA1da10f42697629db51a3300993f61fd5a56900286
SHA25680f6143fec6795a12da48c097358ab47e837dc0b1fd2711d396eb454244b7821
SHA512fc951af8900c4955829fb15c413ceb3498ae8357a0574922c4d7caec799a1d49413c8b1981b00acb1c59c02a72ac78e7ac4cb3f66ae20fe9747acb055568b1a6
-
Filesize
12KB
MD5028bed2332daa2b704081b1fc8c03f81
SHA10e2d8985b9659deeefc67a71abb34a66ccd922ac
SHA2563919914ae460df9d1b459bd93e9e4662b92e33366e3333d78c89b78a1d5e9335
SHA51287ee322f20c0d6431bc6c3b447bdfd163070a2afd80b24932c622cc07d6ed5f0541dc1f424a776b29dc871f7aeac7e7e9327c7cdcd523edb2021f483d80832ea
-
Filesize
5KB
MD55dae005afc1a2a8cb4c089c1d072a004
SHA181d6ea1356f99cf6e16bb38c10a7ea550bc36b91
SHA256d3bb978e4be7fface183fcd1abb167820ee306d4fe212ed622a8fbdb3f4405e8
SHA512d53de3e16ac5fef237925154b7c200896fd8fb5ec236ac15749832b6f40af21e78dddadd8820b845083e5aa3c0cb50614ec8fd6f32d34b4ab1449daaf4aa7183
-
Filesize
8KB
MD54ee04f3935d3d8d8036007b5f4ee93d9
SHA1137cfba74b5136aacde32d974608ce3434c6107d
SHA256b70afa0ae117c6625a4035b1efd66880a6cc8949a91aacc75aa4c2c7f9874e78
SHA512ca15fcf8276b9e6696ff026707140b897705e22b6abc39e0568bd0f1e6d895160c90ea647eea915b8a52804112088085da5d98bfb24e20cdcbf86efd3aa5b93e
-
Filesize
12KB
MD5732ff39f52762692a30872353b49e160
SHA147b3767ebdbcb238a15fa47f61bf15c811936b17
SHA256eb8f722144c096c799db87444ed067a4f58a8a4f8be7578fd63b3b2cc1f61093
SHA512f70f61ac31dae5c6279f9ec1d11cd0798fb93b05ea3f6168d6ac4366be9d36e57f3f03016d0dd12474bd41bf6c0263a439971a96406d5f45a0f401de6be9f262
-
Filesize
11KB
MD5db4dd07819b2906aa21ab0e50ed50c51
SHA1e935ee7033fc6aa3be8ab4f2effbca26c2a4bdc7
SHA256d522ed412f93b92c115fdd372ace37d64b523e6b0f3c10786c5f37079dd773f5
SHA5124f67e01409f3b4931e5fcb5206d381c1f30f17e78a66278e8bd1bd59653adaafe4faae463e53169e2ccd161ae0945ef800451dd9fc575a0af07b820323cad5e2
-
Filesize
2KB
MD5d15f1ca365359b6ce23aa2bb2858b792
SHA18e500ad3e1237b8a50ecb55519163bf74a5043e2
SHA256db5ad6711635987fdc272b4a4193443a6218be2e88856ec56e31323006d85bf8
SHA512d3df5079bb5902255397b6b0a910df73a52b51465c5c44584e121520790341310182261bd22e045e8d67038d4b42083aaafa8cfc0f590e50bfb48f99365e305b
-
Filesize
48B
MD5cbd46802c45bc76c7cb8c3d2161b69ef
SHA1036bdef13b6685fd186607c63db6319fb73e5149
SHA2560e68915322bd4056b069b3272e6916be6331eefaf374be7d47bf59088b373bbf
SHA512ae72fc8bb7e3b4166d65bfa27c1d15c61874125eb97bad10d7b810c42b0229e66dcebca88249a43aff14f5d6e71dba5eb35cffe246e651a0a0a09515a95ea1fb
-
Filesize
146B
MD521b8cd67f59d418d6aa77402d602d92e
SHA1980de4d035fb041d6c44a92d8ff76f726983e0a2
SHA2566759349b8f1c4c848b1aad8020324c57fa027de5f25a67c317656184cfb37562
SHA512c70f87f436c45b4b328816ac5e42b99bcae46c9aa1f621c8a99482852daeba28ac1f42fa5036089fe0e947482d22d8733b98446bcb928587daf4c0faddaaec0d
-
Filesize
84B
MD57cd3567d307184b6ca0a90e79d885b3b
SHA1ec23ba1371989b39e0c55d49ad0a7e6384ca4d8c
SHA2567e1b4cf235038f216c6397a2480f2f571ac8c66a3050d08a3f43ed59d49933d1
SHA5125ee0dc9be31070b90031fb16ebbc730aa9fe378aaaf001adb8c491af802dfacb63c59cd54c2ecbe02e8456c0ddaa8044cd86b32f15632ad73133f0559ea7a42f
-
Filesize
82B
MD50c8ed1b4c2c98993677bec93cff36b1d
SHA1597ca04cc3edc0518eaafaf719a6a2a8af4fac7d
SHA256f759495aac825d2159bf044676532aa065ccac3d3d824282fe7e5b68ee1a95f6
SHA51299cf699ce8057a17eaf69a2c0759bbb67ab1dcd8f8fe91fec294372492b453d4ca7fce642ec7070605a2b06b7d85b550b9bc6492af2535bcb783e48a14a3086e
-
Filesize
89B
MD54fd470f5e56f0f120d7f148137b212b1
SHA16ca31c5f83703287c45be8acdab10f98dc80d8c0
SHA256ba74d73ebf87672b39e26a6645c6293f9d4fce450cc03ea1aa3a0840bf413b50
SHA51202a1ed694961f69bdb47d4f211b1ecfe3ec0f10aab74bfb8243ffbce43749fff5e90218c7d14f585777e40f17154ded8e65b8e6fedfee1bba67cd391e9c117cc
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
72B
MD5072d74e60c05f85c77f693bfdd9e24bf
SHA1872a1cf0d6d796132621b053c270444415248ed9
SHA2561f5fc916d6cf40567be616fbe001c98f07cf5c1735eb9a8628ac2b9552d84e7b
SHA512ceeeddaf3bd3db566fc6fb1a37dc5294f3fd89df951e0a22c6ad187d25568d54944c2ff2505d9a50c0fe47051ffb63076005f28894d0d1862fa11a90820ea949
-
Filesize
48B
MD52c3b752d4740f5e63dfc2670cf36db0e
SHA1e141bbe5cca98ca3e9fbe204c9aeba9b77cfc0a6
SHA256fcd4ad91d3d7cd84037a25b425aaeeae1f13995bda661296db5e3c916e53e0f7
SHA512aa9bf5e376b713a2fddc73d0f5d204ecf2f461bdcc9cd3f5c0b6b05c419866da664fd7627280abd40f71fb12ca6d3953a63193c62207a4d5e74a08d56d3aeb0d
-
Filesize
48B
MD5a664e5eda4a738c5f7425804c6f424c9
SHA18c91471806bf2456c719d9b5e3bd6e7eaf09109d
SHA25631abb9bd3ebd7144284216d97957caa7795bf073d87cfde0fa9ccd095df1cd31
SHA512e320366ecb13c0d2e47b1eecc6f544ecc24edf8bd722274d0ef2c603b85d614d1f73cd75bf0cdf9a301e015a0e1f8df570029445b0f5ee8d37067b0ba44601d5
-
Filesize
3KB
MD581d9e2dba0fcfed0b5b95e32ea596a81
SHA15e5a3859b343e8de85872abfdfd940bb10f1ec36
SHA256c3fa2c7f74b196c8a63ae0a3cc18be302fb4e0c0dafa4ae7bda084d67708bbc9
SHA512ddbe6660663c834b98236bd2000d1dcd0970adba6f28e993ba63e02a14496f2a59c7e6dd6e99a321738a4a689315088b2acbe76a8fc3b2897071562a4f585959
-
Filesize
2KB
MD5d7c900b2bbec64503ca7b817377b4385
SHA12647577e6cea388d0b8bc1dedb4330595e316cfb
SHA256cdf6d2ea93acd5482e123b1fabebbacf5ceafd27d6633d3b65d00399863c794b
SHA51284fdda44ee47131d5ae0351d7f371d3569151c1c425730d51c5cb4cdd06365ff3b6e336fd2a58da67f8f3f278dc99b9650b7dba14b1d6477c02a5313a4afa817
-
Filesize
3KB
MD51b99b7672263c9482be362035aebf21c
SHA1028e5678958f864c2ce628379845c8c8f6ba8a4f
SHA25673a7725baabed05a899066f9621ec64544fdb9fafe129c14562d916b3cb08ae5
SHA5124d72dcd963da3c2b18df22f8713d694251b4f7724b5566407c07bb2825c3cb3a12a80c3642c9507250e175121b892f68e05f054cf4124c4f5fab507cdb841ee2
-
Filesize
2KB
MD544f00b35d69ee9f17beafb8b82686624
SHA132fe748073868020c2111052d865e5d58200d14d
SHA256f3267380be33fa6a520babd070aba7892164c063fd42300fde4cc9392880e89e
SHA512ddc8ef342fe4e584ced87913bd1635dc63647059f51527f33a5a2d30bba6aea05772acbd689d2e7b296f0f747c97b4ebaaa95d6ce43cc509f1dd898ab837111f
-
Filesize
3KB
MD5e227bb475b707f2716d540d0f778c1d8
SHA17c2d5a142223658e8b7f823285ea94df03a076a0
SHA25660e1c0895119174c1270ce67e0e86e8a15fa2e7c4bcfaf76af75e80ae2b621b7
SHA5127289d2ce40cbb5f5cf42ac31526c237562d090d9acca3edf3e166ef6861ccb71a94ac79e49f19ff05899a76615044bc575b2675fd279bd38809aaaf96b4eca25
-
Filesize
701B
MD5c7de87f9f5ebf1a75295cd6622488b7a
SHA16e5c669c1404663b11e2a7e04530e603a23459a7
SHA25690e74d7e02a1416b9c5d8b5595ab97ddd390b26b21e1d60342f25712d012ffba
SHA512e178be24841d7be27c8cb6b6d5740a405b308a70744e1f657a5b55cf5b0529690cd84eb4697948d607db2198f5fe9ffc709392955b1f8537b3d253ca937665b5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD54cdfd7cc937b0bfff45faeda70d5d629
SHA122b39ac88c618985884f516319f9308b37368244
SHA2567c61ea2106230634abf528a48786795233f42cafa8a91192969410114d9a47bf
SHA5128f88847a2c3790cc4fb7b589d3a3c1fc957c6c74e0d1f736f196ba265fc2d6fdda36c29cf0c5d153fd062d2797adc7ddddfbfc1077a4ddbf5fa9120a60fce149
-
Filesize
11KB
MD5d7e55f10513cef684aa204761c5aaf47
SHA12c30eb7fd7afdccff373809bdb659942fe1b2944
SHA2564d6e4846cb69a2fb48f0752913cc445895a003b95db23626f12409ecd9e4a3e2
SHA512b4507e69822babcb9951768b4cf23352e20145d6d67bd3277274846e6e5a0c7eb982fb03570eeadeb62b5d952e18c13f89ac7b816b3b6f1ff5ba6c182021025e
-
Filesize
10KB
MD58c3103f71d44da64f7fbc89532d24fb6
SHA1c8945c4a7b0aa3ceda44c55f8b793cfd38071744
SHA25622e773786fb6e378c488f9be50471b3804b80da24d5bb1a0ce66f8e0e6cc9355
SHA512d0c2a8e88e2f19ce39cbb38089ad74db96bb3a5ccfd696a6b74ac3ef55b31aee55a703b162ddba371165bf99ac546ed3ca9054f2fd0e95d3a1077029c7247cd5
-
Filesize
63KB
MD5e516a60bc980095e8d156b1a99ab5eee
SHA1238e243ffc12d4e012fd020c9822703109b987f6
SHA256543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA5129b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58
-
Filesize
697B
MD55c42c83a67dc595474b5bbf74e20280a
SHA12e0fd9e69d6846f2d0d93b4365bf011f71c269f8
SHA256484e4d3b99ba4880a29fc72ab070f8e3cfdab57f786b3b873b7d5529d30a11db
SHA51260b877ff5e6971cabafc951a4dd6dc2e4c2097f0f28df5da086bd79d3bac1c7b8a466ee8de7a2d396bec22209bb8b2f42ae461b44b04a72abbb46be96adf5a99
-
Filesize
10KB
MD539c23e00287ce14031599c8a50c09e83
SHA1fae616c279eed54b1753eef3051f042bb20a3338
SHA2561211d12947ed7a8c351a2803fd8812d9bdc7d7b340d37e795038757c862fce03
SHA512e43f23dbe912a07443a1770c6ff2e161d93416917dafca32166713e149ec74f9bcfc78f69112234fe230b0a7814313fad8e819d71081fd3553650fb010a81b3b
-
Filesize
153B
MD51e9d8f133a442da6b0c74d49bc84a341
SHA1259edc45b4569427e8319895a444f4295d54348f
SHA2561a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA51263d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
208KB
-
Filesize
992KB
-
Filesize
2.7MB
-
Filesize
68KB
-
Filesize
2.0MB
-
Filesize
116KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
96KB
-
Filesize
132KB
-
Filesize
260KB
-
Filesize
16.7MB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
16.7MB
