Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20250217-en -
resource tags
-
submitted
21/02/2025, 12:12
General
-
Target
http://www.mediafire.com/file/vg7a2g534gxlyka/Kraken_Cheat.zip/file
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 22 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.mediafire.com/file/vg7a2g534gxlyka/Kraken_Cheat.zip/file1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb380c3cb8,0x7ffb380c3cc8,0x7ffb380c3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3288 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3300 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7100 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,6579292587224317585,8679451911789773434,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6968 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\7z2409-x64.exe"C:\Users\Admin\Downloads\7z2409-x64.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Kraken Cheat.zip\Pswrd.txt1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\Kraken Cheat.rar"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3244D4FAB8A62FC35FBEE1AA65B99E5E --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D1246B5CF03499EA75A23A718663926C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D1246B5CF03499EA75A23A718663926C --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4FAC93AF521A7B690C67D5187421323C --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D47A7E980D9F25781D4160143C7C6A95 --mojo-platform-channel-handle=1696 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Kraken Cheat.rar"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.8MB
MD5c4aabd70dc28c9516809b775a30fdd3f
SHA143804fa264bf00ece1ee23468c309bc1be7c66de
SHA256882063948d675ee41b5ae68db3e84879350ec81cf88d15b9babf2fa08e332863
SHA5125a88ec6714c4f78b061aed2f2f9c23e7b69596c1185fcb4b21b4c20c84b262667225cc3f380d6e31a47f54a16dc06e4d6ad82cfca7f499450287164c187cec51
-
Filesize
967KB
MD54eaae49d718451ec5442d4c8ef42b88b
SHA1bbac4f5d69a0a778db567e6978d4dabf2d763167
SHA256dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58
SHA51241595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3
-
Filesize
152B
MD5aceef780c08301cd5b23ae05d0987aca
SHA1d7dacb2528c70e3340a836da7666fcffd6f2a17b
SHA256257d92d753dd7de9a01fb0c77c63f8c3ed01ea6d7c14d8c5e1fb2db50e0077aa
SHA51295943d8b8db3450627559344429cb82c09fa2a61b35721f400a26378bafdb1d3243d52c7eecd3c2c355373de7f48d0bf290987e7064d80b9fa689f17475ae729
-
Filesize
152B
MD5e826770e88318fe8f2db3f380cc22916
SHA1d4ebc1b80456022971bcbe046fbc95b821592eca
SHA25639b58b21a085a32ab8c05a900f7865051b785bc0cf2b499a1cc8e26adc34165a
SHA512c8f2f24e216db852c957bea9d5d3961b15d7274b02e72534ae496bbae0149c682155a6a24a0b74bdbda62374050e71e897d8010aeefd4c13d1290327b30708b4
-
Filesize
215KB
MD50e9976cf5978c4cad671b37d68b935ef
SHA19f38e9786fbab41e6f34c2dcc041462eb11eccbc
SHA2565e8e21f87c0a104d48abc589812e6f4e48655cabe4356cda9e3c1ceee0acaa4e
SHA5122faa6fff6b47e20fd307a206827dc7ff4892fce8b55b59b53d3e45b7dcf5fd34cebc4776b63da5aa4d0e0408344bd4602d26d09e7a456dd286e93b768cbfaa51
-
Filesize
2KB
MD5433fc2ec23d6494aaa55f4bb62fa5de2
SHA1841b4454268eeae0619d72545c25b779a1e6705f
SHA25606d6ad6933f7cce9600c2b996e7db2300e11976fb8ccd25203a022cdc9588c2e
SHA512e64fcad92f23ed7c028d357071989dbd5ae5457e825641e7127d6823afb2018b511dab22cf086f5d31e4ce4a6e5c8861a5878ba9a3eb5c2993a4aa46d3568211
-
Filesize
1008B
MD58547be804675eee24210ca2f2e036034
SHA1dddd0f3767573156aae3f3e53b03246b90c16fa9
SHA2565c8676006fc238a570a07ef44806468fcfe7092904a7878b69e552fee79809d5
SHA5128b67fbd46ad1517a299299e87ae3356f3c0fe6a4eff6a5bc030e2882a10d58939b813fae364d5e0538459359606708c51137a01e823cbb5e4a89b990fd66a66a
-
Filesize
4KB
MD59baafc350490b79fb5594a8eccfb0ad1
SHA12cd566b9c9fbc5ef0644a73baff296e72b823f05
SHA2564c1d8c3371b4ec6e188e5f1215be572d673a396700b93320590401b6269064d5
SHA5129d0e8abb299aae79c56873c6e3d017dd50539c94bd0488ea51d05f609c8593d7bfe738839d4d53a61623860839f9b1b6122b1d01f854ab32c478a30521cc2d6a
-
Filesize
4KB
MD518ebfd08ce194424b3d48b65416047d0
SHA1f5a479cba16ccd1a2b06cb0fe0c49c172a300102
SHA2564605275e2e20356318538176d76e59d3955182fc03d488adf4a39698fb834592
SHA5121b7a22c48b233d954ba8be85c521decb34eedd379a47704f9148e05be3de656c38b1ce5382fd28dcc516a8e7e8e96dfb7a9269fdbfb1617b66666112efa0bf59
-
Filesize
8KB
MD59e2e5263599df0155040c4a3a9bb4346
SHA19d211b5193f84b6ba8e813367b113df58933638b
SHA256ab64de4c10b60abec354cbd4a2f2e181a0150986f2aee4ac60ab0ab38a339f5e
SHA51237e0fcf4196d7b336c43e7ef7593c1c816e2e40759ea3033a09ac5f07cd6abb8001a1aa134e63abd0dfac35ca8047871358b2c53e42376fda68da1bf3381c3dc
-
Filesize
5KB
MD5872952fa468764bef68ab421a75c1f09
SHA15303e5b8d743b0a21a714a026dc48f533731419f
SHA256d1468e828476d31263d4ada72def81bed74e8a5eee2880471778ae57a1f2d8e6
SHA5127f69c0ef10092ec8a632933b7eb78f090a3ec3f8b76400d7699b1a920939f078ac5b5628fbcf03dd01a9f3048087c35215de735f37a381addc72d94163e224b0
-
Filesize
8KB
MD5eb7bef1951621e0f1413480c6442e452
SHA11fbbfb675f5e2e2c81f9e8862d35e35194e324dc
SHA2560d96b32ab1141230d25206e88acebd12261e11bfc687e6ab8973dcf09a357620
SHA512f5682c97e5096977bbffd1300e13dc3abb9441777dea09f3e023162d6b9c8693ee15fc3269a7ab177db2dd6f62def62885611db06f336c51ef2ecca14c65f980
-
Filesize
6KB
MD5af4459cfed73b4b764ae850eb490b538
SHA15fb1db5c861f3f0c650737e10b1fecc8f3e75a1e
SHA25606cb984259a6af01ee16a31f082c4ee49f261d22539baaafd6ef15a97def6d17
SHA512d2cc3556c0fc15cdd707df4e972f71370d235bc35cfd02bdba2be8a971d3be48d879a94681262a2a4d1cb3949aa2b07644fd6c79f3389236e3024e2588bf35d8
-
Filesize
7KB
MD5746e17dbcf15bc2b926e82d992bdace1
SHA1cafb322f2adc2fa9e531c9159a06721fe4827dd3
SHA2562a97330dae25936f9d4f914f7f21b4a0a6e698c25be9ba6fc93ab632bcaac8c8
SHA512867b4b2b57c3e34d7a82698ed341ae184774e18162f713181877ecf89db83dc9fa9654a41b3da614a260ecaef0bb467874b4b820cb7a677ee40803e799dfbd82
-
Filesize
7KB
MD5711c775e1cd31985115a7d8b72fee000
SHA113d31d7526e9ced3b7c86905a6b13bea05f9bbcc
SHA2561a6cd6bf59dd5a145184e6b83e07bdaaa6bb1be3869e110bdc69a303c5d81977
SHA512777d1e249a7ad5602bccd60eb1a4dee9f1ce44602ee5668b7bafb778ca83d1667e88904d16010c7eddf1ddfae9368fcbf4c8dde5b8268bedb79e06ad784f0941
-
Filesize
8KB
MD59183ae9c2761fa0dbe96d431e250fd7e
SHA1f0fe816d5d94328cbdde719ae348932d080d5ac4
SHA25676ef9bcc6e20a3eefd9ef6cd4dda731e26af64d65ff2a7c34ecc14705537cedc
SHA512ab1c4dc3035f8fa95a934cee79e3d6d22244c979ddc158bc0d4f8ca13ffc0ca6f8871502b3c98c23ab78d4a1cee647edc9b3fe29db89a72bbb2db24d01428eb9
-
Filesize
72B
MD5ef39b2c2dd770607adb9337d51d0d130
SHA1cc2f2eac9fffdb26e2ba2e49852dc3bf471346a4
SHA25616b644ca4dd1f5a428a0d594fb286f967125605c026e220b89bd4183724dc928
SHA512081a22b7e4c00311fe35911dc8f60d021c80d55c424e946063c3dddf737d76f2b2eb6619c8ca46df7a7aed8e830909e3b5345957b4012c653e08525d75f6d980
-
Filesize
48B
MD533bd8731dbe7c19c0bdad6d420a63b80
SHA17a0505e825d923fc7eac94312b8a0a548c0180fe
SHA256ce037bcbeb106c3d6c0b616160a9cdb82a19cc783f91f8dac9e9a97c2dc591d4
SHA512e8397786b32d8ed966d332620c74b43af8567aabf726790c2e6be07897e6cde5c751de895cd7208f7fcbe4eca638ad7b52c13335d801e90f9c47fc47762dd9f3
-
Filesize
1KB
MD5451624668b954c47d590ef4f15d1bde9
SHA16e822afe65862d2d60a0dc69891bc93100869da2
SHA25656ed2c3773cad9f6eedcd3434f0a7d425ad63d70ce6e925724cba0a0a59133cc
SHA512079582b364187b004447b1b5ca0de1ed1d8af5192e082285255334483b60c15c3fece30920f9cc58dab39e90a0eea11c04298ea25912f15bb2a4cd228cb5580c
-
Filesize
1KB
MD5d9afa72f24cbc53710d51c63c96fbcb3
SHA13d622df8f644ba7af5a99a1c60f75555cb184513
SHA256754083ab58ace1d6bc754e83c9d68bf13284049279356d912590f4862bf75de2
SHA5122654ca89d4c3922d9a48ed9efe1e578d12b47fc35c0bcf0eae80f2e8b36783199999bf0939eb619a82565fd811445be502de811275db9836b243f932d0a68a59
-
Filesize
1KB
MD5a155bea8db241515310d38fe38cb9823
SHA19dd80bb04f6ada9548fb0b1dc163cdbf9b2c842d
SHA25647d28c45692b6ec560106397a425d3a3a31bad10d20f1a6c53684e213e2f8806
SHA512cdc07d9670caf992b9e38ebd4429b48cbdbd7ee7e458a85fbb7609fc5ea43ff78ee0b3bbb114abf9813f1dc7cc3651dcf8a5bee5254c4aaf072b7344dcddcb39
-
Filesize
538B
MD5df2307d3538e3ef3a606e8c02db4fe23
SHA14724ab650c974b9008228a311cd48c06af3a35b5
SHA25638561831bf824e83d44efb1e465c5290d1cd7a763619718236956a0922209e86
SHA5123981884f80a83d761b4b17149c918fc09f2afec97a38bdc20e5aa627e8aa64dc0fa5a8112d180edc0ad17e129c1c314efd21a4b83e56d3c55acec874d94b5a06
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD58617ee931aee3e3adc3e2d7547d810ad
SHA1e24a799cb1ef8b68d904908891653bf756e741aa
SHA2563e3bbc609170ad4f3359bc3183b75d0a361a2859a811cc8e828926f49d745f95
SHA512b8ad3721728997c3426612a37cee14c114cdeffc5f6a216c8e71ad1aad62f671fbe38d90ad95aedcfc0e124d870b0da969585160985f368603824395df274093
-
Filesize
11KB
MD5339a94103b57fbc704f33336a2ef9e76
SHA17ead2d9813c3413d2c85a11c735c9b1d60a55803
SHA256e4ad7d3bb178f2c988f003d22ccb7987b7128cfaadb2db728ad4e662c7343c97
SHA51295730940feaaeacc1e9657c006023aa280f083f26d2ceac469fffaad6b549811038b04cb1476d92a0fe894ded70f1a8d231dc6aba87d808ee9f6bfbed8d7aa39
-
Filesize
12KB
MD5c1c4467007b129d3156751b9cfddf8bb
SHA1cb72c3469bf353a1cdfdb2187a3470cc5ed786ab
SHA2562a2de81661041f3ddcd192fc8ac60fc78db58647c04cd505a6cccf592466e579
SHA512e5e1df81c70bb19390778cd408f0f729935f7417c3f44108ff50e1274a5112b28b1191ec0fc45bd0ae102037f6feff759e1a908604a0cfcbbd04bb28ea843bae
-
Filesize
10.7MB
MD5f3ae551e52491ddf865c1f0226cb5dba
SHA1cc0959d1a88fad61b83c8a740319d844f8b84424
SHA256f7c305a1aac53a14d3bd92ce035c03b7e6be7308f23705ba00348c2db749c0b1
SHA512e4c49390fd3a23135050d5dfd35f842d141e59396707ca5b39cdefbe9067f321182412110b865d137cce469d94865f7a4f9942ea47c2a96ba97bc434d9a4e9f7
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
1.6MB
MD56c73cc4c494be8f4e680de1a20262c8a
SHA128b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0
SHA256bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e
SHA5122e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85