lumma | hxxps://tinyurl[.]com/WinVersionNew

Analysis

max time kernel
192s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/WinVersionNew

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: lnstalIer_Offiс[email protected]
phishing

Executes dropped EXE 2 IoCs

pid	Process
1308	Set-up.exe
4240	Set-up.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1308 set thread context of 636	1308	Set-up.exe	127
PID 4240 set thread context of 1424	4240	Set-up.exe	129

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803113402991957"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1984	chrome.exe
1984	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 3596	1984	chrome.exe	83
PID 1984 wrote to memory of 3596	1984	chrome.exe	83
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 3296	1984	chrome.exe	84
PID 1984 wrote to memory of 1968	1984	chrome.exe	85
PID 1984 wrote to memory of 1968	1984	chrome.exe	85
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86
PID 1984 wrote to memory of 5012	1984	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tinyurl.com/WinVersionNew
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffebf1acc40,0x7ffebf1acc4c,0x7ffebf1acc58
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2060 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3648,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4716,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4684,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5496,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5572,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5348,i,6105663068602845921,15047264264656239484,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lnstalIer_Offiс[email protected]\" -spe -an -ai#7zMap11040:112:7zEvent15056
1⤵
PID:4588

C:\Users\Admin\Downloads\lnstalIer_Offiс[email protected]\Set-up.exe
"C:\Users\Admin\Downloads\lnstalIer_Offiс[email protected]\Set-up.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1308
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:636

C:\Users\Admin\Downloads\lnstalIer_Offiс[email protected]\Set-up.exe
"C:\Users\Admin\Downloads\lnstalIer_Offiс[email protected]\Set-up.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4240
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f9ecf57602c89d85f4780a52341379d3

SHA1
7bcb69104d3fee952ce8568737adeb91726bfe31

SHA256
48fd8e5ae7735d54c0bc6a0312788f95df93fd8555245115d48ee0d13315ca92

SHA512
5d697ed8cb968fb4c2b6282a6b27c46d17f04a74ce3949cf7299634d44153b074e485ea62d4049c485b7e3d76f1dd4a3c013852344e91fab895b79d82e874321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
b22f5f2324a2ba059fff844d0603ad41

SHA1
a1771dbbacc4859877a359aa1fd1a4e5d8298ad0

SHA256
cc9f377c2828ab2455a0a69c0c66b763735981eab1d8ad531ce6b2e095627b69

SHA512
5941d871ae2a08007d8042507c645cb2e12636bb553d5b121d82fd3b9f8e0331885a71b79ebc406464657ed0161e875e8c048e7ef00bc1405cf97cb711b81f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
329f2fb7c03485b25f6adc52e4ea4480

SHA1
12fe36d9478e7e9d4d833fa0a6afbb438552d5b3

SHA256
242543c652dc4777563805f6e98b86b190f767889d9396958e5357f288265c14

SHA512
33ea393506504653b0207017bf4723d6e1d5d4cb95d0bcde39e9fb4da1caeb3b34f819e32717f85ce90dad2e41037571b49b53f343df0fd1679e0a4d5cda5d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b03aaa845c56f67267c33d1ce335e61b

SHA1
48b24c2c2b7ce4691c09d0486df93d5e8585ceb6

SHA256
bbdd503ffb4c0a8097f8b2af6ec0c2159dbcb5055613f46aaa6d3fc0f4b034a0

SHA512
56e0fbd5dbbd9db8fc48fd6e88f011a121b7805f25a2a03770261f9f4c67a08d3c89c21a8cc1a3acc4dd8c858c37f81927b53789da8ecdf79917e5f46e4da785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
62b8a1fef80aa33745ee3e2bc16856f5

SHA1
e6aaf0bdd93a223728a87b6ecf76f5fd9aa032c3

SHA256
0f8fd6d036b1add8f9bd92ce8dcfbce31288b12eb46dc0a40b5f0d78e8a2f37a

SHA512
012f0a107d7bd44f1a11cc22d5c9df73be142a50b1b4a885d59a673a14edd745f89bf6f2924fb32248bbf8e664d34d58f85d14474b3940685ae090a2d3f1bced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64a84ad592f809e0d277819f103462e5

SHA1
ebf64ad279977a0b621668d9783b6525873ff614

SHA256
c570763d9747a24b4e863d7e157f4f3161735b8350cf741f50c70fa2f21ee68e

SHA512
4886c1342523a092cbb8aa406b673daaa1a9a3821106476b1d97d0a01ed559c0b9f963e1bae7832ac4a585755e98603d992693c3584d9c439aed7011738f3c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42398a39b775278325f5cc7209a16579

SHA1
54a2fe74997165129e46be7d8ac005b6b4c7c26f

SHA256
d2ffbdf36a228100de93c11bce9462b6841e90925577bc7107d9baa6b7133124

SHA512
303efff90f1a17b6f95ec0d0b0298e05f9ab68a87eda23ccaa209eeb674612d5f53a579a3ac2c0ec71d2533bb469025817a3c6b69c9960b31d6750dbb62cbcf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e78af7c55e6d8dc88c17a42f2b13ecd7

SHA1
30fbe413a22785771d9b05e5c148425075c41dff

SHA256
c208058c65075dd7fa27e14ca1e387a30c06898e6c211833bb13294f19e93174

SHA512
eece368a81f4126aa44abf6c0805191e27cf2aa1ef73e7088d83d66ab07456c436249753793ab3dea4f33778e9bd96c095cd9016979573fd616edf89c4492c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76c17a3cd5c6285f125ef96316c8b37a

SHA1
c57fe31b0bbc2e800df20886479765152a440cfb

SHA256
ede0683a9cf20bb1b2971ec203f1d877f622d8d9688e74551c40f95e6a6cbe1c

SHA512
2f636f199afc2ae97ce190749d4e0cf32b7860d89e928282f49cda351ef938987d632c234e40f64a3057929b1c75d71ea18306d3d33c04a6ee5cb90ec34fb4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c34ae5963d5422100dcef5220f75f085

SHA1
4c7605889bb450b1b83b4b84c5c60d8a17fb321e

SHA256
e9b02331ce5dfd9994dd19cf5041bb49f14ca685af6a6f9c1dc13161eee54b30

SHA512
8d715f7922c6586578b730dbff49296989f29942cf39cb702f1b785d3124d7f5f7cad0cbc652a38a9da6e2dfe8fe2892b37f0472e9739bb856da26573c17eacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bcda6bd679b5a1127f2a8b30eb4e9992

SHA1
7dd1543e14d77a517762f66581ba57060552f8b1

SHA256
9c047fe901a2ec52cae26455291e4512c900324d01eeeec56019271d5f7b02d0

SHA512
12f379977c7100b6a2b859eced0031ba777de0167aea6f98b9ffabc043a195d848c6c95424e25debc66d68566aa31b71f6eb88983b63bdaaeeb34aa8931f7d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b2f7a87b3bfe342b59998debd9bdbd0a

SHA1
a2c9998eddf14fb5374555f98ff2f9f403f15323

SHA256
12a1442ff437646fe6a62acfe2aec7e1fcad8ca491f34cc7925eca053de98b91

SHA512
e6a6224c3166e66cd01e646eec239da23b67aafae74bbe4bd654315c9e264039b3672e44416b2c61e9550512e12c9630409f4620397f8d72b8a839a100e8fab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab93446efc1b5529ae5b968eda09bb9b

SHA1
7be469a3e4212023b87735af5367c086c2ca32c0

SHA256
b52096b2b6ad5b4e8dc6f643fff15fc2d59d142d464c7b5935636303d3643ba5

SHA512
baf4073435fcb8979e28b2fa6b4c5cf522bcb176080de1b69e169673fdcac4166ac0bff7da019ca260681930370778af12959117da608843a0fd87c7bb896720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4908100a53af0d2c45c1f4b477039fc

SHA1
6582ddf295e33eb31fcf7ad3c7ce25c94966eca1

SHA256
cc1e2cd018ad08f4ea3d2b84618fb2307bf8ca6f463ae34262fccdfe108c0d12

SHA512
99b70aabd82e8c4a2cf28776473cf8017103e78d0912ac5848243c4c7313afb70cc1ece13e08509e3454e5687f77f47146a81c91f98deffc4e0f0732c1ea1774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0c8dcd39a22b45088c30f8da2fd4289

SHA1
65655b734e5129ad5a83dd302c615f750367e32e

SHA256
00014c9bf02c27781fabdd40d0c30a73c9763f15b0d87c19bc435cb349801519

SHA512
90a0cfc231d83f96dff6234f0c5ee76e978b4edef23b075a4c98fdffe602e3354e4128d3ec73bd0f416cd8e3812fdfbead35192f82583853b20de40fc6d5198a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
baf8321dd0a72c20eb04bf45f543c862

SHA1
bd9dc6e08c7d59a477079e6d73430cac9e66fe77

SHA256
c81fc73c1fc5453948d458303a72e12b50a8a344f18034f29dc6e69e9f0447dd

SHA512
8b625ab58824f946db14151af7d9c7c0c858be64f43c1a5e3397885e425cfa4e8326287a6b0346a7f25c060e86bcbe8d0e7ff147aac1082db378712f58979381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4001840e89ade71b09cc011170f70426

SHA1
14fb39b153ade02f4f1a57ed48934cc8015cf0ac

SHA256
0675158aac07e0dee2d99e12fb04c609bf5e072bb3fd0e1ebc29dc2a3dcf0e0a

SHA512
c45d37076783ba56174bd7002a5457b1748a3a8458c6a6a23945055c90dc1fdd27ef24b3a1296a7003b32b3206996b62b979ae1b5c32272d66d345c0ffe2c710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2f4cfbde4c78f1d8323a4ea38d7916e

SHA1
08060e8af90020ec3bcd4358832c464e416ffcf4

SHA256
a245d66c189b11df8bb9326ec2d11ed331dd055ccf68cf43e89d39f552cc2e5c

SHA512
8514114e31bd9275ca03cb0d83ab2ffbbe6b959bf41c55c580b2f274200780cee32cbd565500f4624b3a5f62c74f3b59e13c65b7f25dcf35feec11fefc346467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1d7e13059d45509707abb96e9f2e566

SHA1
c5de06852364f2d3bda335b05f876bf71eab752d

SHA256
09c51aa343d31c6240a600822fb2e954cbcde04bdec15f8c1fdbf2e466838814

SHA512
928f57cb7643aa15bad95d8c7a157fff0a918d51b8cbfadb62cd357064154d8320642f82e4169ab8ba941903d419738742c79c7f81b8b1e05715c8394d6edd2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cc8e66e69f25486b0c85927aaed83f2

SHA1
fb338636ebfe26849dce485c25e48a84016c65d8

SHA256
ccd44212306f8cbcaaa7a1fcedd66c32dc9427690743148f1b3d00965f73a319

SHA512
8fbee6fd4d199f900ef485749f3ab735147ab937aade859f57259c3d3627dcb910ba3072e09edace38ad96b30206fea8b0c01b0b24d2bf3c1a37fd4f5d80c3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3fa1ced4a2965fc4919adfacca378d6b

SHA1
f0202cf5db0b2c3704ac694adba8c3efe39cd0b8

SHA256
da2015e9651dc2e19d8faef11683f43a13f4acc1a0b6014f179b78dfa82e0af7

SHA512
d3bd4dd99db6a052565bb77a4f7ad2abe825c270735866f32db13d52620b92e10aec58141dc8d44ca08638745e7d2a0085dc20af6171295ec0479b18d58f929e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e73872fdcb5dbf6cbee56644612e66d6

SHA1
0f02c7f539fba2a53a16ceacb0f0ab9edcbcf025

SHA256
10f63823c4b8da8ac54b9d6a85ceac36adc3a6b94e1cec74dab1f88abb312ecd

SHA512
89b656ba8b7c0750e1148090563e20d68f24cb7c189d52f55b7d3e3d1dba878f1cf8a6fd4d9b9ad2cb22c88c46dd20729bba341700b7c795679bff719cd0c360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
52814670d9ccbb7265163e78829390ab

SHA1
f1f0b1f8c079f589728c92a4d38cb0abbadcc475

SHA256
e7f8fd477da159e0b5a6cf4f103cc5b284834ef44deb067abca82475f7ebd2be

SHA512
731cae23390d5fa0c05beb3a571c506a1afc1840d4839635d9c58a7b15edebdaa499466989348595dc3557cb34d6a1cf89dde3cbf787e18c2e5c1650590018fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ff27048cfc553db59fc303ff8550b9a7

SHA1
c17158894c41962e0b00360b843ad4926c3b77c4

SHA256
2b6e730894320a8961379bb846ef080db747fcd3ead26f31bf05bea42fdbfb81

SHA512
3d334ceb9d178091a2186edb3439f73bd6168147bb25a48e4f3df2eca29d57396930db0154479ae6dfe692cff371f51bdb1c66c962c5d2de13e1bb7230ebbe19

Download Submit
C:\Users\Admin\Downloads\lnstalIer_Offiс[email protected]\Set-up.exe

Filesize
3.6MB

MD5
a56fc11692ab8baf7f9e3b80540d63c5

SHA1
4ddd8e40b3ca6c4cd0cf4156b5b163074065a79c

SHA256
0bcd82ed4ea3e12cbaabc50df612d48078604e4d0985e9a240afc24630afa4d7

SHA512
48dad306d5ea8beef592aed1c058028c9e381094ac744e4a83ef417fb3818957892a0e10cee9a9111bfd143bb2a2d8089702307408b61c61cc89d15080a22065

Download Submit
memory/636-335-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/636-334-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download