hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/tree/master/Joke

Resubmissions

05/03/2025, 18:57

250305-xmervswtfv 8

05/03/2025, 18:52

250305-xjanqswtbw 10

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Joke

Score

8^/10

defense_evasion discovery ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 1 IoCs

flow	pid	Process
94	1452	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
4768	$uckyLocker (1).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
93	raw.githubusercontent.com
94	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker (1).exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 528348.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 871146.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
2820	msedge.exe
2820	msedge.exe
4132	identity_helper.exe
4132	identity_helper.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
5796	msedge.exe
5796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe
2820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 3860	2820	msedge.exe	88
PID 2820 wrote to memory of 3860	2820	msedge.exe	88
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 2792	2820	msedge.exe	89
PID 2820 wrote to memory of 1452	2820	msedge.exe	90
PID 2820 wrote to memory of 1452	2820	msedge.exe	90
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91
PID 2820 wrote to memory of 2128	2820	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Joke
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff0df46f8,0x7ffff0df4708,0x7ffff0df4718
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4376 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,6666786443891957665,16148758854510802076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Users\Admin\Downloads\$uckyLocker (1).exe
  "C:\Users\Admin\Downloads\$uckyLocker (1).exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
395082c6d7ec10a326236e60b79602f2

SHA1
203db9756fc9f65a0181ac49bca7f0e7e4edfb5b

SHA256
b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25

SHA512
7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27df0383d108b2d6cd975d1b42b1afe

SHA1
c216daa71094da3ffa15c787c41b0bc7b32ed40b

SHA256
812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855

SHA512
471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3296e474f579a25bcd8d5b61fb5332f

SHA1
a9c3c461249e5f588c25cc337928d1017341dffc

SHA256
0aea7084970e2eef8e7d96a9c2e5841916ab8d3624d0dec9a26f92ff65590f14

SHA512
4259cdcb999b3e0b8f19e4b3321ae753fb7726439a161b2f96b7821b7be749feed41fc90c03b01d1ab788a17dec07429bd73b2ea438ea49299c6501966008098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
bd0e1601fe9f958a2fdcd6ac35fd38b4

SHA1
2e6310371ee700d9c7bbc022cf2cf073ee0d7d2d

SHA256
3c5a554347378e8cd51fccec43415bd6335ea97cdd4c8a8c2ba7e9222f9f7a26

SHA512
8b850b2b852cb642e53093637259f09522b8ef6ff0b37f473babf1e5b6e66538f7a3b00f26458067977acc78ff020f29c31ae66899f6f89728eb6c8eaee3d425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9019419f1564cebf4a81b041bc63cc71

SHA1
28710b45157a58ce61b1edf5f210887bcaa5111c

SHA256
dc3d98efb46ea5011c3a25439052ad0fdf168e29fb0c6160fdcb0294b60490fb

SHA512
6d010dc284121b1798867e65ceca47d4b7dd83c8316c9eb0496f37e7148df7d17bb8c0bc15ea3d097d888b63fd97e43ab2f632b2c3fa442253b54afed94a787c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01c5f1403251fbfdb8dd6b74d3a19641

SHA1
490654a58591116cea61e52c7376cbb9025a32cb

SHA256
65ddafe8b36497feb7c4d7cdd83cd29f26ccbdd083304b17773808c1f5894dab

SHA512
0ed19da342b10add24effa4f164eb0e454c6dbc9091cdefb0bb2cb3388e197d80a9a923c46c45fe8287ac0bec5dd2454aeb4849025a9bf033707e9de1119da40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae9349803e2c185351ec87605838459e

SHA1
a7967242ac2bdf4df97276fd8a67ebac43229832

SHA256
95946712394edb76e2a3bd6174cb0f1015b31baba4cc6b1a6a04ee1cc6c500b8

SHA512
f8066c2d28cbc496f87f674702af9a3b09b340cb5341ca714b3058072aa9f02ad75c24a8ad4ff9f78d3524337948b997148dc61041ac78a732b46da9f4e0ea55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbd1f885a38e653a95f83603b2304202

SHA1
463e08bd90e7c60b8fff2e141bc19a3e586fe3a1

SHA256
611c50e3de862862aec736bc343064b0799fb58b252342b1bf5901e843635604

SHA512
1fdfb761e07b737e545dc2b886c65edbff0ae0781045d608ec926a5f7d7e49b8f21ff2a32a2f99d5a7db1cf24290e9fbb83ac09dcddf452679f44241d96ebea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
208bdffc6d38c21d04896aae409f089a

SHA1
4777a2f2b69cd95020b3683d3e25b4ced2e7d6ad

SHA256
6d1d779cc0d698175b696e8cbd0168c3b723999531f286605733fa4c7aec8e16

SHA512
9cfad1e52dd35aa0b821bceb27386e5b5ba14d8211ffd1ca0a1c91478ed0198273371183395ec806061d2f93267f6efc86b96bce40f6c1a432289583451e299a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38b69995eee415de857a548ac5390765

SHA1
ac51009cbdb306ae8c7798b834e5d159207c183d

SHA256
f63dae15104cd92ea8c8709be232218473aecd5c441540a6f4ed98851dabe66a

SHA512
2fdbb5e12666d174b7dc29d2311103f8919d506b7668e8996d3856b3958ad93c98ccca2154777ea4b2bf5d6844302d7a457de135b8040ad4982d8aa4c56d6bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0999944ec40ab07fd4425a92a9b27bdb

SHA1
e31d07b3b95731c0b40f2186462019ca73aeff66

SHA256
8a1ad5351fbd995bb8c7793661ca9e26834a55984b3d5edd80e44635dfcca5c6

SHA512
7a2cee27e588b045a0d6633a3a7a4d147b57d6945ee14a2dd6ccd9027c85aa01d9eb6ea786ac35feeb7930914aae139a6ed769c90732bc426756ab4209a344d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d591346bb04a190b747e2aec9f14412

SHA1
a61373d0932f59c927e22d4fd20e71eb67cd517d

SHA256
e457f865f3fd156168bdf46858ffe1adc09cd3aec00b844e2892f9b722610285

SHA512
05471b75d7e557c1bd6b6e425f5f3fdd6bf1886a2f1adc8a53490bc33dd3b157fc130c28a0fb1d2697f2bf68812e9c1652b2b4bf6ba66d0eed050faa4fe5a040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
ededd00acbbace0b2b840faf88083d7d

SHA1
0f1b34cf97ad02db025b6d7e37c699bbc51d350f

SHA256
3237ad640b76b1ba1c75bc74406b035513a984bb5d0f84318f292c96c272916b

SHA512
235fd837922bed47034400655f81a0415dc1e64d43c634fc4956ad2e4643d93aacbbb6fbc7339c075971aab409205df6bf2428c161aeede1f6e40e51347994ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fddd6891fc2ccc19c333e60d2775b90d

SHA1
7312712dfd328e0febd79f4f7d2471fcf0ae9f39

SHA256
251e091c820e06a61e0aedd84e24fedf69b9136ba23e1d5cf31d825f06a4f6c7

SHA512
c9dbf0eaf7952d1a24cf68fd3f26f0696d3de44989b85ab1b7592181d541161e2d195b032d4b0eeec9c8ae3c935d560f897453bd0198c0a454fdf384b40df973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c33b.TMP

Filesize
874B

MD5
f7c3412dcc834b9b9e2099e62a9dfe4a

SHA1
5a1bfc1a34df56b3f7614f85175cd1dfa5e4d786

SHA256
525ecf869f6c5043b7f41c6fa6fe11b6b94c011a58c627bbfe6e371176a1648f

SHA512
fd745a3e83b00321d0144eeb7f75b74c349ab3f972568966e5725de1b1ba9e4c94524bd2aa7fa65dda97b26e676cab085148da807b4446608ddf9d4b1d44de7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
201a213e3fcf3423fbda8391fe8335ef

SHA1
91ac7fe789bc0873de40b08be020b258cef19a97

SHA256
cf7acedbe017cbb3904a9be901ccce39e7dfe1c80c1fed073dd223d6ccaef426

SHA512
b4c3cb8ad7ab27055b055294d2c8ec033c85f08d74f3fe63de9e5957e68edfe7df82e283661a48b3a2a929f844f8650e8f9f16e17df6a9d6daa87388480ed048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b7d9eadbd8c52839fa6196d096390334

SHA1
545caa81d52aeefe2128f3ee9f188c2e4cba80be

SHA256
79a56e23eb78deaee5e6585fa609c8d9bfd6c829a12c1428fbeb78ae95f54897

SHA512
591ee498c53679e93d67998aca24adf21298a074b3073c87746dcb97aadf3b267410fad8b0a1701303864f6fc546bb58c03f5a639444197b2b08afaabf82db29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
068b680f1f879c56a2e8b62349ed7233

SHA1
2044d2a39cb6230347d87c6c241453057a5b5498

SHA256
33ffba30a0ed11b60aa91b989f4dbfbd16ca28c08085d35450b277c35643b9ec

SHA512
bc1fe94962f4b398662b99c3aa7f01df6806e0b958ac6c4b99325e8ace82d67b8b4d0fb080758f0b795d10341fc868eb7aa64087782e278c6040d068a01eeab9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 528348.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
memory/4768-425-0x0000000005EB0000-0x0000000006454000-memory.dmp

Filesize
5.6MB

Download
memory/4768-426-0x00000000059A0000-0x0000000005A32000-memory.dmp

Filesize
584KB

Download
memory/4768-427-0x0000000005A40000-0x0000000005A4A000-memory.dmp

Filesize
40KB

Download
memory/4768-424-0x0000000000F40000-0x0000000000FAE000-memory.dmp

Filesize
440KB

Download