Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
162s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21/09/2024, 16:54
General
-
Target
http://www.mediafire.com/folder/jzlnprujaj4og/cheat_v2.19(update)
Score
10/10
Malware Config
Extracted
Family
lumma
C2
https://chickerkuso.shop/api
https://contractowno.shop/api
Signatures
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Executes dropped EXE 12 IoCs
-
Suspicious use of SetThreadContext 12 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Program crash 21 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 24 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.mediafire.com/folder/jzlnprujaj4og/cheat_v2.19(update)1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4712,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4192,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5388,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5556,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5576,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6068,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6364,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5644,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6600,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6796,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6224,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6728,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6112,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6932,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7260,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=7280 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7316,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7576,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7832,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=7848 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7980,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7580,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8368 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=8344,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8500 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8704,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8772 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=8856,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8860 /prefetch:81⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=8840,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8980 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=8536,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\" -ad -an -ai#7zMap7887:114:7zEvent155991⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 13483⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 13803⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 13683⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 13683⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5480 -ip 54801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5480 -ip 54801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 840 -ip 8401⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 13403⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 13563⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3068 -ip 30681⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3068 -ip 30681⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 13723⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 13403⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5020 -ip 50201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5020 -ip 50201⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 13403⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 13403⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 13643⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 13323⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 13683⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 14163⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 14203⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3976 -ip 39761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1508 -ip 15081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1508 -ip 15081⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\readme.txt1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1508 -ip 15081⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 13603⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1508 -ip 15081⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5500 -ip 55001⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1508 -ip 15081⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4136,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=8580 /prefetch:81⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3976 -ip 39761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 840 -ip 8401⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 13243⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1648 -ip 16481⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 13403⤵
- Program crash
-
-
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 13523⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5172 -ip 51721⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\install.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 13643⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3616 -ip 36161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5532 -ip 55321⤵
-
C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"C:\Users\Admin\Downloads\CHEAT 2024 (UPDATE v.2.19)\CHEAT 2024 (UPDATE v.2.19)\start.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 13483⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5664 -ip 56641⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
425B
MD54eaca4566b22b01cd3bc115b9b0b2196
SHA1e743e0792c19f71740416e7b3c061d9f1336bf94
SHA25634ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb
SHA512bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1
-
Filesize
345KB
MD5d5e2b5b693f6f8371801bfbd4aadb717
SHA17e59d3471c911a12335e26683fac395fe331fa50
SHA2563993ef2eb6796955a557f19475912547bb886566fa7e7c01bed9a90c5da1875e
SHA5123810c5d6333b864237afda82d3fc20f962083df2b4c7983ac9eba845327368a01ca1eea69f5c4ffc90645b2785a6849646f9393167e43f62160d247f3baa3b87
-
Filesize
179B
MD55b76f00748c49fb0fefaeb75a5fc83d3
SHA10a68613d54ebf89bef18d8d63c592cce3ce6cf54
SHA256fe59ecb542ba44af7d88149bee8f1c1b128e92d414e24fd6ad815a86c0a85d6e
SHA512725d6a7e08cf357e03c98cf23d84916c672272bebeca086710bba290bd4eee38e60f392a36269d55ad1462eb0717f26f2b3351e3a10e337a9a851d16fcd7c6cb
-
Filesize
342KB
MD505b7ee891270fceff8a31047f63d5683
SHA1fe853166c2e52891b30ed3e2779a199fd48555c4
SHA256e76e1294404d9e8e763f684a360c44f261257216b43a363ab21cf15a96221327
SHA512ee5de8cbb6a96acd6b5d337663a668a19b8a60a96c126e632115f9d4bf2be6e09c877e53711c6e7c88207ce41f6752033f2efe90479414ee49ae6f3ca131c020
-
Filesize
372KB
-
Filesize
372KB
-
Filesize
372KB
-
Filesize
368KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
360KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
368KB
-
Filesize
368KB
-
Filesize
368KB
-
Filesize
368KB
-
Filesize
360KB