Analysis
-
max time kernel
182s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18/01/2025, 15:45
General
-
Target
https://pixeldrain.com/u/B9YsnXHn
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
193.161.193.99:49446
8735d3c7-a86c-4a5a-b775-0b873f7eb49c
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload 1 IoCs
-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 22 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 23 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pixeldrain.com/u/B9YsnXHn1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc375a46f8,0x7ffc375a4708,0x7ffc375a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5180 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7216 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7364 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\winrar-x64-710b3.exe"C:\Users\Admin\Downloads\winrar-x64-710b3.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\winrar-x64-710b3.exe"C:\Users\Admin\Downloads\winrar-x64-710b3.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7240 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,2824359771299516800,13017537155770756474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\7z2409-x64.exe"C:\Users\Admin\Downloads\7z2409-x64.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\b8855f87f4a34a51bc5f51852c4f1c55 /t 5556 /p 59001⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9030:88:7zEvent172671⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\DiscordXploit.exe"C:\Users\Admin\Downloads\DiscordXploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD588518dec90d627d9d455d8159cf660c5
SHA1e13c305d35385e5fb7f6d95bb457b944a1d5a2ca
SHA256f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced
SHA5127c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f
-
Filesize
1.8MB
MD5c4aabd70dc28c9516809b775a30fdd3f
SHA143804fa264bf00ece1ee23468c309bc1be7c66de
SHA256882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863
SHA5125a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51
-
Filesize
696KB
MD5d882650163a8f79c52e48aa9035bacbb
SHA19518c39c71af3cc77d7bbb1381160497778c3429
SHA25607a6236cd92901b459cd015b05f1eeaf9d36e7b11482fcfd2e81cd9ba4767bff
SHA5128f4604d086bf79dc8f4ad26db2a3af6f724cc683fae2210b1e9e2adf074aad5b11f583af3c30088e5c186e8890f8ddcf32477130d1435c6837457cf6ddaa7ca1
-
Filesize
1KB
MD5baf55b95da4a601229647f25dad12878
SHA1abc16954ebfd213733c4493fc1910164d825cac8
SHA256ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924
SHA51224f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545
-
Filesize
11KB
MD58c7249cda2308591d0c6c2f436f5a772
SHA10bca75ab81b6f24b087c2d035b7790f0239b6a5a
SHA2567d454530000c995731bda1e70817f4fba8ea98b7817b9d052f82d29c23b46b95
SHA512c7e07dc9ae3d686db7d9fb618a1eb0e78b627a17b10587716420bebb83c2e753c91e51b580b696e39d8654c5c7b12404ad6f3cc9848903b66db723f241a4961d
-
Filesize
10KB
MD5bb0131e9a885fa2dc9a8a77c449a8370
SHA1344bc3fde0d422643ca93b2342045d2cae1ab785
SHA256de4742effa73aa3f0ca1c616bbe4ccb08e9231f8c96ee66779a7880722e52f67
SHA512a53abbc3e451f3ecbc41a1654dca0885113fbb894633e022c91e629a5255c06fcc7948c89a6fad6df611a13913619e8b825c5a42b5528e2bc4056b7ad6234527
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
2KB
MD5a9e9a60f8f4fa62dcce926c84842d8ae
SHA1a277042a648e89fb10af63910e34e4caaf3284b4
SHA2560b23e77437ad8a18d6da82924211374e81d6e348b609b0af3219ec1d1f5d493f
SHA51298cbb3629d52535d5dae7b7fba3b6ec385995cdb5eba8a7cc7fc6a5d0437320367dc77b11b0a159dc2ff1fed049e19f2771fee3babf3979b1c74a2f3b7deef6f
-
Filesize
1KB
MD5e4cf269f2ae0764a517a732de57e6eae
SHA1de07ff2706c12a1a12478679e00ff7181ce5fda1
SHA25619b19c5137969dc3d5b51d7f62fa22f2a6a32f1131dd802efe4aaf179366bda1
SHA5121653e72fb10edef4b9edd6f42d9ae93364188fa78ad8ac28bcd150c6d8873b85605fcd0130cb7fb00056e6f03e03edb626b842c78dcf15871bb6adbe345bad8a
-
Filesize
1KB
MD521cfc1e4c615241e08c3401ec90ef54e
SHA103ac7345a360a03af5fdad2e08602dde81a7c9e5
SHA256466ca11230eed7bd2ff29da4205da2a7b99a583db72812d6ce29d420dddfe840
SHA512e9ba004a1b795aae38345549f4370a1acd02e7f91145bb2ba371d8602427b1a15f23967236446d426dc3af3a4130c03b9672740fefde74a8826500d074c984f8
-
Filesize
1KB
MD57fcd5e48e7dee1abe9b41ff29f7f7180
SHA117aeaffec64c252aab0ce2023fdc2968b2544ba9
SHA256c1bbf7702f6ce068967f751e26a66b31571d0d0ea9825adc65456c012872ad17
SHA5126b94bc191fe1d4be4c414bee647fffbb12817e822a726945cc3b3bb701faa52ce0eb7bc66d9c06fc65d71c7ebe259f30e813180ab39c321ff0adbf666a34edd6
-
Filesize
8KB
MD5007f6cfcac5cd0232e968bc8b07a7302
SHA1fe53b93db3050c8f5a1e599890d85ade72412d15
SHA25614c83f3e7b49ecd07ec2b6f7fa00c16efa9a785b6f176a19d7f39c86721093ed
SHA5121e37e448c2c76305f6120b7924ab8fcd90e399ef35b43b0ed0a1dbc9107413ce72d95f8a87742005403cbbf1fc6d8fc4ec411d859fc97221bcb7346fd2844e7e
-
Filesize
6KB
MD52c8295b882f3ee5b672f3fed46438233
SHA1059aaa2bd8b877a2f8a513fe0bd1fb385f367dbb
SHA256a2ab86651afea51d75c828a37d5966fa699a370346d510816ea1af33892b5f9b
SHA51253b72080548890dd8bc8d3f7193eaa72407457f03b767b8041926ae87393452c13354c7d1ec0d392e5f657d4c776954710409cfda19a781106f717979f8698c8
-
Filesize
6KB
MD5b1a8b4f7c1192f3df7a8728b8afad836
SHA16a982fed87e3f0432a0679bd1f532898558320ed
SHA2562ae8d38a6579b5eb2710a6752bc3f759f0d6ec966745534336b3f15b4d2b80bb
SHA51290565c68431c6e5248a7c8131ccc635d9d8a3952575a264fe029357179201c1b5d91805bae2fe85d6380f64fb986a13e001601b7be9189179f1f6e2ae2fb5e6f
-
Filesize
7KB
MD56600a4770a6d1ff6c236e42fddb4ed7b
SHA11058599f210ab055aac70cd4923bed951ecb5711
SHA256dd6149ada0a8a73b52a06482daa71a1c730748081ca64fb76517bd730fcc6465
SHA51257182f2b3d3aadb4b296ed985dfe034de5df1ec0f3b47167ac8cea75b065a81a5b575fefd8e8368e8987cf55b45ad3b474340dbc372869405f0370358e49d11b
-
Filesize
7KB
MD53dcfe120e986e6556cda8619dec13cb5
SHA15e348591494de6ab019fffe23fffabf0d235bab9
SHA2564ab0469fc64b0668687b22edd5201190fb2874db8af4dcf01f8e8a0f1479bff3
SHA5123eda07f64ce4644f6f301a3571db0c926b921129e6457ce6df4323fd6111709cc868a22c83a736ead024abc68e00b088521ab307b7b27b64f9566c020327c8c9
-
Filesize
5KB
MD58e7992c1c057c725c3a6c76c47cf0450
SHA19e9a09d62853768a97e56a0157de76a01a55ffc9
SHA256d7d71f978a8123efb35e372d6ec7b3bc9f4a5e1c1167fc925b414ca2fe0e3d60
SHA512dac11880197893024e41c53f2a12883b60cb640308005bf69e413dc0ae4d4757b9051f1b75e6fcf527d23105ec545e425168aaecb64d8715c5dc84c017766fdc
-
Filesize
72B
MD597dbf4ce8632f5d4da2e508e761bd6bb
SHA142f360dd1017f898fe935d91c4f6bf9f8616a9db
SHA2568ff80d294a622785261cea9f37f4b99889a9086db5453f92281ee378fe8be9ca
SHA5129959b369078e72dc28f4537587e76bb320d8672970635906395263c98e248f1617a6ccb7b53301ed51ec83bed4f2a1a28b811e42fd3fd93c3eed912b494d9d40
-
Filesize
48B
MD5cc13411dd8a0235dee4ab32861f2fa9c
SHA1509222817c414fd68fb6c1a96cb2b422537d87ec
SHA2564d54f3a74d6661b48c1aa9230c2748841b81f2cd3214c32df2e3ebbf6a347015
SHA512b64780010d8e5e40d8b1140afd23313db470c3d574f69534dfe34610f4ccea5b73ce01256e4e054509696d71dd38913936951aaa984a64938dbac5f8c8ca7820
-
Filesize
2KB
MD5b0ed3e81d283c5860ad074cc4f7e8142
SHA127b23983d91a97714624fc7956f4ee92a4b9f2b3
SHA256d67ca7f619c6557bc974434faba419d129f99786381aa7c60169f84964e29781
SHA5126e4fbb624baa48b503caa8ceaa798bf7347f08ae5678e1df53bd513f9336941db2ca8240ec7a1dc7604faf9698b57e0e6dd3ccb54bee5a711b30f9bb30b73fd8
-
Filesize
2KB
MD5c4a0732285b201574d962a4884d8ac96
SHA1447d64d26329fe7d056ea3881352f7fbdc6a3d66
SHA256c644f88da2ed7648da5ad5140aa005e1002cf2469fda9ff5b80063c8cdf10edc
SHA512cfc24d3dbc4a283cdf3d2d5fade57df0a44a947cd0f674b13a3949c9304da22969ebcf997e3d015d5795f917c303aa7d23a277a077a0fdd4c09d8905e81f56a9
-
Filesize
1KB
MD5b91056fbcfe5c49d25ae0b1a9f5bf298
SHA13c046bf2f422ca0d6ff1a89cb1b048bacfd0f617
SHA2560b15b03996b1aef635ba0409bb2a08e087f20d0f6c31feb20474cf77454fdb6f
SHA5121594f8150aebbc6e6fd735294d519641eb5b2b71cab640878362cb9257d7e689879e716511c4fdf57e06124c59abf714f510b25b56cc6813cf9ca661f086ac30
-
Filesize
204B
MD5b345a5ba024d6302594f72fd9b8a8045
SHA1bf8d2b08cae350c615eadc2f0d71e27856fe320e
SHA25664b383393690653abf17d252616351e7c6b63efff87315521ae3d5b5fe9d0202
SHA512ebaef20876e69f4937c911ea54d774512174e4ec2545970721f5cd930b8f716e635787ad2313961a7aafcc5bc49fddd0c32a2a2b6ba61f6bb88881d1380dd7c0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d7a37aa1bdd2a4b01edd38f50ac662c0
SHA1d3f6d99992209c8aca43c0a6a82f6fe62858d674
SHA2562705dfb0c436f0eaffb734dadcc2a3789200891d8a0e55888d381cdc390c4efb
SHA5124fac2bb60263d2d4145399f4547a885ce80b6aaf33f74e19f98927f4928cbc546e0d54b3ad5666cb6817e5443d82e6bfbcbee7ebde1b57a63667d1a28f5b69e4
-
Filesize
8B
MD5cf759e4c5f14fe3eec41b87ed756cea8
SHA1c27c796bb3c2fac929359563676f4ba1ffada1f5
SHA256c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761
SHA512c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b
-
Filesize
222KB
MD5b56c44fd1623f7ece09ba38c233cffbb
SHA1b4127c6a1c0b792d24edde64cd996ea23a830920
SHA2566a3246d84a7dc156a06120f0d4373661743d748de6109575473adcf5071d6419
SHA5122453b46f87d2a703bf48dc2f381fc6be43ba4f43d01af5f46c6d769872bec19829ca80112723d5975dc9957082d4544600b09ad852737582259bf0839c101a56
-
Filesize
115KB
MD5ce7557476eb42db6fd3753dad8db44f0
SHA1b0095dc373ee2635cdede710178d011e8e7cd76f
SHA256ba2f01e1b6ebd5e55a11c5164a0b11bde34fe42135d0d81a9c228990abc886a1
SHA5125f346ebdcefc57b6afdaa393abcdb31c3153919dc54af6c1417fdcdd41200446a6b84fe24b58bf9c0b47788eb3d93faf68b31eb77532059cdeb0f20ac084b7c6
-
Filesize
1.6MB
MD56c73cc4c494be8f4e680de1a20262c8a
SHA128b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0
SHA256bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e
SHA5122e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85
-
Filesize
2.8MB
MD57c05d8faeb45c410e965f3ac98d31300
SHA19847d9c73951c78dabc74ae5e21c2e6ab90327f1
SHA256b9c54457a260a168fa0eb60f2ae1a5c7a5b7072a8120e37e9561fad6f914e298
SHA512771dc6ed55c5d7531830d09b5a5864b2917149954fcde2c45ca037486c20e6ddf597c0c1cd3644c8eab66d7d8c1eee31cb8364e8ccb0921633ef7a2b8392b3d4
-
Filesize
3.6MB
MD524f93fa5964ef5dd8b7577a30eea068a
SHA1a1746965394b757266ed4f051b7be482dacb5236
SHA256123d867c7fc13d165309bdb720a13c8301625b00165923a482539f29fb40c2a7
SHA51204d292eca8153b82279299583e8845ce143af8340dd5eba546aef1fe2f5dcee636e0133f85572b12f6bbaa8c2897909497d11facd7e29aee6c514cd3bde9e180
-
Filesize
240KB