umbral | 477d4c159e948921bb8be203203e55d71e05e4733a9a69c7a33595114cf6d458

Analysis

max time kernel
4s
max time network
7s
platform
windows11-21h2_x64
resource
win11-20250207-en
resource tags

arch:x64arch:x86image:win11-20250207-enlocale:en-usos:windows11-21h2-x64system
submitted
09-02-2025 22:14

Target

InjectorModule.exe
Size

229KB
MD5

ef708c0fbad6af1b868783a4abf5f924
SHA1

6887cb88854b3938f5fcd65d8673337f92ad6f4d
SHA256

477d4c159e948921bb8be203203e55d71e05e4733a9a69c7a33595114cf6d458
SHA512

38e7f1a4c3a94ea2777b8611b8a350a5633c30b1e765c65e4eea4d0683a0e5851f9397d4fd6539acf1bb2d9a5fae443720c965020f09451706e5c4617d419282
SSDEEP

6144:tloZMmrIkd8g+EtXHkv/iD4xhuWT5KyNL4ZL22jqenb8e1mk2i:voZ1L+EP8xhuWT5KyNL4ZL22jqwD7

Score

10^/10

umbral stealer

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/2820-1-0x000001D9625A0000-0x000001D9625E0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2820	InjectorModule.exe

C:\Users\Admin\AppData\Local\Temp\InjectorModule.exe
"C:\Users\Admin\AppData\Local\Temp\InjectorModule.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3908,i,14789280491621588039,7318997745351127167,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:14
1⤵
PID:2812

memory/2820-0-0x00007FF9ABB13000-0x00007FF9ABB15000-memory.dmp

Filesize
8KB

Download
memory/2820-1-0x000001D9625A0000-0x000001D9625E0000-memory.dmp

Filesize
256KB

Download
memory/2820-2-0x00007FF9ABB10000-0x00007FF9AC5D2000-memory.dmp

Filesize
10.8MB

Download