hxxps://www[.]mediafire[.]com/file/jp39je7o7rbt9yy/Extreme_Injector[.]rar/file

Resubmissions

07/01/2025, 17:05

250107-vl5wjsznhy 10

07/01/2025, 16:47

250107-vaq81szka1 3

07/01/2025, 16:17

250107-trvgbszphp 10

07/01/2025, 16:15

250107-tp7zmszpdq 3

Analysis

max time kernel
44s
max time network
49s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07/01/2025, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/jp39je7o7rbt9yy/Extreme_Injector.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
1960	msedge.exe
1960	msedge.exe
1528	msedge.exe
1528	msedge.exe
1612	identity_helper.exe
1612	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 5056	1960	msedge.exe	77
PID 1960 wrote to memory of 5056	1960	msedge.exe	77
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 2756	1960	msedge.exe	78
PID 1960 wrote to memory of 244	1960	msedge.exe	79
PID 1960 wrote to memory of 244	1960	msedge.exe	79
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80
PID 1960 wrote to memory of 4992	1960	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/jp39je7o7rbt9yy/Extreme_Injector.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff858863cb8,0x7ff858863cc8,0x7ff858863cd8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,569802684148361023,4082182546770139662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
29d5b81b8e2c4affa53055a844700483

SHA1
23b1d2ba780c1fba93a7373d245eee90e6fa0604

SHA256
fa3b9adeb64110c13397cb7af7caa60faf7fafc186256f529e2a0ead92d80ccf

SHA512
0a8c10cd04bdd0477192fff1b469603dcec38fcfeafa9e90fbff21cd354baa40ff405986f057f6f60ea9470843949585e0d3e00e2449825757021f2667bb5c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32d285bfa03cbf8b843f10581b4ecc93

SHA1
718979a7e9e223677a2f5aecdec58b086822bdb3

SHA256
d4feba6c02609287680196bb580e137c766b26cf60e6cdf39524ec036114757f

SHA512
979f3c32067266197fcde1bc9e6b6cb5380f476f619edfd95e9aff149e7ac01eba2de7ea492aff5e093888cdba85b445dc65bef02934789a13af64bccd316fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be6564b69f021efd98ea16d9065e77ba

SHA1
70d86246d15256cf5d8f31eea31b962b41dc0493

SHA256
b28362bb8d2e383c34a3efa40b274ca524dcf26eaf64e97496ac21eb1fbf1349

SHA512
db2898d27ae4a85e631a9ff9cd1a221dcc487878050af00a69b85eacefad7a0d585ddbcbffdd2b31920187ae061a83586dc3e5f675193357d2102811832ca3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e246f76b461a740564d38396b6cf017d

SHA1
5be4ee0fc2df8dd50ed4a6ca36d52c3eabfd5d67

SHA256
4b3dea153414927fdbbe2646839581464fc14744a9d52e39de716e26173cda6c

SHA512
8658b818908e0934e0abc0e03a4440bf4e235ae6c6670a30df7f71d43d08c64ea97aadce42d6f3197667fe8dcf1737cc70efd267f8d8c36cffa45b001e435c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87a2e81395243c401ec4eeebf587c8e7

SHA1
b5fd41de001c1f08083e22e38bbe568f12514a5f

SHA256
42169de6e78c224184199769273088a2398358185d5a681aead79e6692c24bed

SHA512
2882f58d99e1cd279362aa98835720d6029f84446a03b3d46f8db96f206e1f93e16b238f42b055b6c8f2cb326f01bec1df9eae92fdb99947477ab5d6a2ac136e

Download Submit