Resubmissions
21-09-2024 22:15
240921-157gdaxarn 821-09-2024 22:11
240921-14bcjswhqh 1021-09-2024 22:09
240921-121veswhle 6Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-09-2024 22:15
General
-
Target
http://google.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 14 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
-
Suspicious use of FindShellTrayWindow 57 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe746446f8,0x7ffe74644708,0x7ffe746447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6572 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,487086183274253603,11696395819652129488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"C:\Users\Admin\Downloads\JJSploit_8.6.0_x64-setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Zoraraversion2.7\ZoraraUI.exe"C:\Users\Admin\Downloads\Zoraraversion2.7\ZoraraUI.exe"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Zoraraversion2.7\libcrypto-3-x64.dll2⤵
- Opens file in notepad (likely ransom note)
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
29KB
MD5ac3619eb929bc137ce24d816cdbf9af5
SHA19c3e6a39f020e467635fad161cb8f7cdbfe9c447
SHA256e64784beaa8988670c944843ba27750a57b438901de18033fecd92df6f98d8e3
SHA512cb1281e7c932af484ae17ff5930185b5b52de4f2cbe1627afdb8723235467f08630dfbc086eba76c76dc28fb9f566fcdfa03bf512b97515a6227de4a08327e5f
-
Filesize
103KB
MD59a755326c87eb9f5ed41234091369993
SHA15c0b08cf7db15529c0723e25af76f6e007d80e1b
SHA2569c6a93e7095d95ac112cb035a43395979547418446b2322c18ea4924d50f92e1
SHA512bace001defcf070cec40bb1b80c2cbbf8b9a45b701c8ed80c96b134a1b601a133108be935790b9781667880a334c67995592ee4640a0da16bc884cca03ce9250
-
Filesize
85KB
MD5e6a85e6ab9d15ce7195cffe41549c8bb
SHA1b5a7efb8ff2992ec8623a2496aa42219ec9a1ba0
SHA256f858afed3a53c49be782ba2484d020c94e5bfff779912792cf3410a48cc0facc
SHA512240abad90460df5219631a93a3126e2670b98dbf653aabe5200ee6a4cd83ea92dc14ba585c7a4547876cb9449f38174fec9bd3c420191261e1bbd4135788f978
-
Filesize
16KB
MD530572bc81bf860f471f7357316172b09
SHA1fefe7a69ca54d753a826bc33b6846cdccbe227c3
SHA256490d408e7b45aa17a64c1c888ab1ba160b7e8d8b08f46a561a6f9218c02ea8ab
SHA512bc14466ed9a3b754c92792d5e65a2ba0adad659d9f562b37ea9e91bb7089ab32fcbc43d0d4ccb677389aa047f94d570e55382f3ff72fc1fa4fe28a2023c06c68
-
Filesize
51KB
MD57095918b3105ed8e60e9cff28269c0d6
SHA1bc7aa9b49b13017cd67e562fa26c0a912ad77be1
SHA2568cda97f6aec1ea1876f1daa9681f4915cc0fab4a29fb8d1a1cd26fa9666416c7
SHA5126268b15b60b78c81ba8b2e416351f49adb3bcdf59e5b4095504413ff0d8be4a00bde8d198b22e64cb36835f0fb70426f87cc5e685089afe6bb69cd4e48c6781c
-
Filesize
40KB
MD53901431a1cf953a09fb115f792530d50
SHA19d3f7fea615821763849cd320e3c9fe501d9cbda
SHA256f6495dbf769719aa52f4bd6887e8e84a6565368841249e480143f6bdafeac85d
SHA512b480791f426899e8c212d327bce05f9e9b9a9efc0ad09f73168103291a236bf72cc6c3c0f4048ad2feaa560a51235e1ef91dd11720cfc273b99f59fbd60ccb52
-
Filesize
23KB
MD53070b0d3a0854092db26c3ddd2f7b044
SHA1dcb02d3ca182c85e94fec612e151add71bc5284f
SHA256bb4d02d2480746bd00ae9e0188a1f262480bdbc866bf3ebf7b84052fec535b58
SHA5125552400d2b631f9de2c005d201eeb857b95b2d686606195c498e38e6a4296de78045a74bd463866318bef61e3f51f7a559a55fccf460ff6bc7b0f674b6e2810d
-
Filesize
71KB
MD502f08c2298ecf573ba0a45b14b7007af
SHA1b3fe6fb5317612f122fc7d007a6e81070fc8fce7
SHA2566d855cd5ab5c1ec5a79c8ca4eae5c853df9268e9f9d82356d974f369257226de
SHA51289fb73dd5caf19bee6a3a43a1995ef9b7e2e661e5dd8be36495eff8416380cf242480d1c7cc59c9605eb0a75b009eb58a4e14067b86365e205bf9a03a107e538
-
Filesize
31KB
MD58749e6e4737ae3513486cc1f72522fa9
SHA129478256ed37978abb970ab195a2e6f007b69b2c
SHA25631644c1369e0d4f81139f54df4599e645393a93ea7758526a96354a48c08e67f
SHA5128ae604e149dbffb86bd6e323b7c4a938374f24a2d5a4a643af7a8a8bf95c2c9af665796c51d8a8c2b67d7d04a834a3091ca15a4ae6dd4e1f72363665faa84989
-
Filesize
137KB
MD5763ac80c2e2cc5d47c2fdf27b6c2341d
SHA144ad968cb639ffbace0500fc02ebd8028d1e46c3
SHA2569e4ea7f6be391d6fd4e28bb491d475296dca8acb6fd52e25dc2b93ac67eb6705
SHA5120be4084c1187536311192cdfba213fca61eb6616ffcfe975e2685e3f86403659606b89a19f0099040aa9fd07c830689055a3e46c8161df5f00da21d9cc031e2d
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
20KB
MD5b91068780a0018d387b5d869bf09f309
SHA192c5ecfa4c11d7449ac6119cd8ec5af5236600e2
SHA2566a70e3a2daac2f34eeb97f8394a179e245a9fad3beb00f352a1155d1d83f0228
SHA512b001b2ea9f41523f93774e3c0b8544da69bb5e00f5cacc5647b56a3dc2bf746614985af8e1669efb4dca567a79c799202434beeaf24c9f48a6c47c7857eeb092
-
Filesize
21KB
MD556ce4e0d4dc8a777fab10a90cc5b9ff0
SHA1c9b4431178167058befc71b3b2d8ffd9b27b82fa
SHA2563888c952dfadc79b7515e7f9da88f8fdff23a11b0957f670481c33440046a67c
SHA512d4cb4c242acc72d2b5238b5216694be685aae99d51bd74de5b4da2d49282da90f8ec2a1e2b0d56e7ef268650eb6c84b0933dd9af1eb7693e58201e4f40b5330f
-
Filesize
51KB
MD5ccf5f44b8d3be37d5d13c53dfb972f35
SHA1a7994aee10f3b3c7164da0cfbbd47718765e5864
SHA256e342a38440fa038cba362c2f254ba86c5c61033355a337e34674e39d939fa4c6
SHA512a67a4f6c28770d3f9c7db490c5a278f66b096183aab77f535741b2b359d66d326f1978b264644611d7db1299c617fef3723715f7b912039c006b3d131c33cadd
-
Filesize
16KB
MD5a2edb5c7eb3c7ef98d0eb329c6fb268f
SHA15f3037dc517afd44b644c712c5966bfe3289354c
SHA256ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e
SHA512cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c
-
Filesize
20KB
MD5b88197c5e99cc83c2be30b93bf7012b1
SHA162e9a2e402717412645b4e2572ffe23ce11dac3b
SHA2565dd848cda762e44f454c0f96634d307e5c51d502e5f28f47065e0207dae82f82
SHA5127ad59ba3972964911716241ffe14d39f55a6e4c39fa52eacbffc0df1552c73a726bcdefd8a068e82a31cbe6bbe47fbd440c92afff56cec8ba2fe01e3aaabdc2b
-
Filesize
322B
MD519a54bdc074b58dc561fda2c41024aa7
SHA156cca5dc3362f8575a4ae5948c2c05ab6877ee8e
SHA256e94ad557bbb7e4ff704444cf1771da026a740ff923f604fc3c26818f39142f67
SHA5120a85364881baec6e8d785a3a42422f649c0446a7dddc223fc1121cbba910552a8bed1e8216d4be8ab1fcf9e77844e9dcf68a35a0c42cfe116b97536d00bbc8e4
-
Filesize
67KB
MD5c2cedcd56eefc1439074e095f9835244
SHA1907bdfaab75b72676ee4e61bc289d535e4b6a16b
SHA256f17912cf2eb504df926263a9802501d38090b6aff95d0b8ded900e0a1ab61abd
SHA5129dc2b366daca0a05ad8282ead715bca68125c55215cc2eddd44c5839b49ecfcd60ac0b1642b9a8fced9b310c971c2c7d496690ea1be9828043e893cff589c9bd
-
Filesize
54KB
MD5b307d5c05dbfd6065345157b49444ddd
SHA10745153452f2e3f4659af2f86ef2340039382d9c
SHA256423e9d6e92c8a591bb9c596e92f0b52ba827f12d39425efda4eddb7a8c2777a9
SHA51297031b437174315d8ba3a3a4e716234c1c0eaaa40fcdc8417b1b24af2db95381b4f547b7c2d4460ee9a6b31fc8a6e6101d378cf88f81db1cabbadedd686ae613
-
Filesize
3KB
MD5bcbb54f891f9788c79b0629d73634b98
SHA134c6c526c391db514971dc595aafeae3f8a61bb8
SHA2565239a6f6578a010039924840069f448535589a9b5032b1591b82688d7dd87c24
SHA51200f29f6de6da74f638c7d844588318c9639d58b164c71f9804193f3944f723abb28a5ba31a1ce9692cec7d38e60cc26009b8efcfc97379f1e6f38fb323189e7a
-
Filesize
2KB
MD52572d673dc3a798273150c2da72a58ba
SHA13ac76f0d201aca8611703f624c04bbf0b1fa9ab1
SHA25602b045a08ad5669f5b14e2e4aba7a5626e3b606e44351ae33184ac71f8dd4411
SHA512be115e26471e5dc21c45e0a57fada3227b2f7e9bc82f5ae86e3eab95df786732e53708b5f03c92084ca78f2bca9c9f38c3359544f3a5fee5a085585c94dfa75f
-
Filesize
2KB
MD556de8237d54e7e0e9827944413f86763
SHA1642e44ce30c6cf36e97023e3a62296e937bffcd4
SHA256ace62eb864d141c541e96b0b2f07e2abb107ce77d099771c61b1780f198a42ad
SHA512be1b907ce979f0f098421c61588a2f314592f59b8f6718c93aef51120a0993032c7bef4391e24a714cb71a6ef9c10ff4d9c5fb521fcc374ead364a2fc0ffd6a5
-
Filesize
3KB
MD5b3c9ed9437fc588f1591949577537b1a
SHA1522efa09521f45121f1131b180a6293a96ddfadc
SHA256c9aef381d82d38c8122584a6cf605a3f799c22bfe99bb976cac74b3a928e912f
SHA51207be7ddac5152f2ed565a1d5cb917fae28c6bbd40a4ff8259dd0be005f0f6ea22a9d3da8c612af80d22771053c89f9f8ca18d8f2a464634c34cccc9f37f05267
-
Filesize
4KB
MD5d062323a3a65b9f3cb9f22c8b8d9d665
SHA15b785fc97affe7b490cd6c9ebcf059d3cd1e7aa0
SHA2560fa5f1a4b6e92785e97ca17a97b62a539d8a719e718cc34e6deea5b86836eeae
SHA51210292f6f2089e6e528700be39816ba415ee96fac1a587463acf9cb370c273f0483a171b41e3d26d2efb5d88d6a21ac2f6fbb9cd86fc8aec6e0a408c81807a43c
-
Filesize
6KB
MD54bab8f922110f8cd29636a667eb89c2d
SHA1d74a4d6fe563ed00f5ddd7a2cafee295a5adbaaa
SHA256f1098576ba63acc2c03b245d742d12d3e019ce6ecf9dd1d4b573f206a1531d54
SHA512f6670d39d75d99e464ef51e00cd8942032f65bb05efa609fb67ab50f3dbdd6c77b41e2c3ba7a44c0c35d3194637c0a69a282b3d760b84c21b93a9e69ce2ca93b
-
Filesize
5KB
MD5668f2555a03c1ff7c331a349b78c9849
SHA1a10b14afde59583dddd32fe1ec0a868b1a6571d4
SHA25667f342466bd3d7998cfefed0f1360af64c55b4d3d366a24561ce026ebd3c7cc9
SHA512cd4478af9decae6e548c15647e64f8b9c536820f2ad6af32409ba0c71ebc4689ed193cb95d335eddf855f9167bac80249be06b7a27b5aaca36ffe7466a991f60
-
Filesize
8KB
MD53f0b7f9abac26f70e7e45f9a1dcd4820
SHA1e34863208bacb758642cad152d3e958e2fd48646
SHA256d100a4fd0012f9cf0633846ce641eab613e27111814c12ed058bac64531358c9
SHA512b38f655e7da2c11268114914e8f1fc627f1107bb8304f657c84b32e6f3bfe18e74a14f7063c12a0e1af9f8cb929751ad715de050bb4116ae193ea244dd5eb59f
-
Filesize
9KB
MD521e5fe32fa0be9ba87f7c50099d283a7
SHA14692f7d7939484d08aab59bfc7c76c0020ab01bc
SHA2563de87c6ecda644b87d0663d80d1ddb8bae400ef532d1f3b591332b6ef9f204c6
SHA5121e04cd60fe6a97e8d741329f309bd747e5fe2518ed811c4ca2516d0c86b3364961cf4a13c4ef6475a5654abe4938274c71215ea9f632f0051c4fd4533e14bbcb
-
Filesize
9KB
MD5e21f5b552826a66a8466796515a2b8a2
SHA1db3b7f85d80638117d05447779e0cf713f272c7a
SHA256eca7db44b709f02f18bca671df2c8b4afc83af8223cc241b6587f239bdcf9764
SHA512d78dff8908a23af2e6be6ed884524e3795a9a05e799c0885c39e253545c5d5fe17ed182b99794d41f6b6336394c51cdb77490867ba3e2e1886e354607e99400a
-
Filesize
72B
MD5a2e010810e295c536f6a8c9912729514
SHA1c61a426206f93c213390936148f82fc155fd33a4
SHA2564347961414be393023ff27cfd4995952c52435bac59e18dc1e003118f30b3ed5
SHA512426dc864991018ec3b136bc746253e2e9b851e84d2d072ae8c45113a5318f8fd1d234619bd756af68b2348b0fb7628e2d4cb840a533c4b81aac369da6d1a0412
-
Filesize
48B
MD59ab3bccb3f863bed9f47923ad5b4164f
SHA122c7a99dccbcc855b5258f5a44e26b9937737984
SHA2561aec9041ded878f41f0d43ec79cfb5b055dd92023c11c370bc8f8fbf415cdefb
SHA512f2ac737680593ed40435446905d0b1095bdeb5ce6875a9e92874557623c4699c35e389eea819d3c51ff513c06e31a947591cbaaf82365329e85e52a96111a965
-
Filesize
1KB
MD539418392564a0210dc38cc5ea6444d36
SHA198967f6b893b9377f2ad6fc79c123835d802aa2c
SHA2568982721e7332cdc5d5930d3527e85f9946b376f7596b70ff3d65818d2153fe61
SHA512ea470c7f139d1b2adf643853774fae7c3a90399e062d1013236f977b4d3bbe07ab5266a1b349cd253d984baf66e1fe5ab50559f9186d270fe6e677dfcec26e6d
-
Filesize
1KB
MD5d97e9aef1ce044224e4d75bf69e4dcd6
SHA1e81961efc44bf78f06327b2c2ee01937931179e0
SHA256a4a57c786c93b18d705631aeb0a4fe3e74cfb679a9e230f71ea905aefd2236ba
SHA512ec8392bfaf68fc8552fdcf5f940719840212b6af089d0ae58ead19d22d22f667ebffe4adefe33fd357a106084ba355eacd5987abe5ecd1f851802e232a256872
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56a28ab23f03d6cde9d34c6fadb486506
SHA1333e0e8ba8621fbca6cad11da88a25a332daca9d
SHA2567c7ff9e92d3e2b2ddc9ea02f0f03afa5afb43a6b4ea95e9cdf1ee1c975a0951a
SHA51230d755617145548dae4f5c2f87edceb1bdb2aedb8db7395f1c4758d1e22f568d43d30e1ef741da5edce48b82ac46ba686a75e0f2a5ce3b63c126fae105946c32
-
Filesize
11KB
MD5abe9606a2925a1d790e6634de4eebcf1
SHA1baf8d2a7919af3a067d1a65341c7273c5760494d
SHA2564ce4f221ffff391b18c59aa004f0d9723eac5d3747e64d242b903c27fecbb391
SHA512e6d3b9e13fa8581174fa5f9694bd1efd65d848e2bc85577a5126030f881dc5be9ffa7028ff11a83f30ed8a7e8aef7a06c60f8fb04ee1981d87e8ba81c44bc140
-
Filesize
10KB
MD54327e24a47d5fc9f83f2fcecb3dc16e7
SHA12da85caa55617994ed1376599fab1e210437d874
SHA256ecb40818131e045bc1bfd0a6682c6d6afda7de584379ff53f8796b18bc2ceaf2
SHA512e988b65151650e85e6f7345b32cfc09f6c3ac209cd93be1823fd1675ef8f88647fdcb844807b2127c1ab290b7fff9d7ecb310c9409bf70878cfc154ab1badb3b
-
Filesize
1.6MB
MD5d2ebd82a5d3fac11d44d90d8df253bb9
SHA1ba94b456e111ea9573fe150ad4090a66540c9938
SHA25604b65aa7b23d0c7ebbd6e022a600fbc43c0ee896ed280e48ac59e17fb0a2311d
SHA51249e9ef8066200cd6ec079943c1fbcda95cab2d3042f635ed57949e0c0701ecdf34ea8f16324994dc77bc3ec9fc67882ea88b4d543974e90bf4e8cf69b15e073c
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
15KB
MD5ee68463fed225c5c98d800bdbd205598
SHA1306364af624de3028e2078c4d8c234fa497bd723
SHA256419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04
SHA512b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107
-
Filesize
7KB
MD5d070f3275df715bf3708beff2c6c307d
SHA193d3725801e07303e9727c4369e19fd139e69023
SHA25642dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
SHA512fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
Filesize
6.1MB
MD54b0af7286d36f64ffcb0e846946e6b76
SHA17cb9523daac3d722bbc4272b0cd154564a909516
SHA25619372df10d7a069a9e4b74cde6b901332027cbc9f6322730e5e7c1cf5f0bbfb0
SHA51212ca5d2fac06ca440a35e0fd2caff295eddc8e490c8365777f15ff299e049ef31a2b955b08777fb7a312e93e18f5f0c199325c5a9bcb1180e863ec9c9d4d9e81
