lumma | eeb450b3e67b89cdbe829578448c2614a25bc300270c6684fa10e4b453614a7e

Analysis

max time kernel
232s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20240508-es
resource tags

arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
01-07-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Adobe.Acrobat.zip
Size

16.3MB
MD5

9baa8a41aeb5a6c34847f8b1cfa2ba79
SHA1

4f8817434ec0953f209c2d35f2b639298cb578ff
SHA256

eeb450b3e67b89cdbe829578448c2614a25bc300270c6684fa10e4b453614a7e
SHA512

cd0de0b769ea8f0c5d80d7f86c71eb875e89f2793f3d8b171a84a4629da292aabd5fe165962266f7e9fa72115fa104fbc97b31573a724097e54ad00fcd90546f
SSDEEP

393216:eCaHw/Aeu+TLYuWrSDyv9+VXC5DhY2/8r4WB7OmLPIYVpg:eCyy/LTLjWrSDk9ECM2/o4WBkEu

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://groundsmooors.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Loads dropped DLL 2 IoCs

Processes:

Setup.exeSetup.exe

pid process

3964 Setup.exe
3540 Setup.exe
Suspicious use of SetThreadContext 2 IoCs

Processes:

Setup.exeSetup.exe

description pid process target process

PID 3964 set thread context of 2836 3964 Setup.exe aspnet_regiis.exe
PID 3540 set thread context of 1576 3540 Setup.exe aspnet_regiis.exe

pid	process
3964	Setup.exe
3540	Setup.exe

description	pid	process	target process
PID 3964 set thread context of 2836	3964	Setup.exe	aspnet_regiis.exe
PID 3540 set thread context of 1576	3540	Setup.exe	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643407619339967"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

chrome.exechrome.exe

pid process

2812 chrome.exe
2812 chrome.exe
2812 chrome.exe
3092 chrome.exe
3092 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2812 chrome.exe
2812 chrome.exe
2812 chrome.exe
2812 chrome.exe
2812 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe
Token: SeShutdownPrivilege	2812	chrome.exe
Token: SeCreatePagefilePrivilege	2812	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe
2812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2812 wrote to memory of 3676	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 3676	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1936	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1804	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 1804	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe
PID 2812 wrote to memory of 4028	2812	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Adobe.Acrobat.zip
1⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa50d3ab58,0x7ffa50d3ab68,0x7ffa50d3ab78
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:2
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:1
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:1
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:1
2⤵
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4892 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:1
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1844 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:1
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:8
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1940,i,8178226047585229450,13550005688407845475,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3832

C:\Users\Admin\Desktop\Adobe Acrobat\Setup.exe
"C:\Users\Admin\Desktop\Adobe Acrobat\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
2⤵
PID:2836

C:\Users\Admin\Desktop\Adobe Acrobat\Setup.exe
"C:\Users\Admin\Desktop\Adobe Acrobat\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
2⤵
PID:1576

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
056e440c2415ce617f4deb308a2dff61

SHA1
0571d4c57b3bd550e57ee9bbe1430438756db4db

SHA256
04d9cce8d9ead00ddd2311be0e0edbdf8871551edb275becbb1e5f449fb9ceb0

SHA512
d6bbc9f0cf4b5f46a54efb30daa3d97f8ed4e5fdd8cc757094e2572715c3d939dbae5e586527896b0dbc9bca30509e07862de6d2e0d3e554bf05a813138860c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
edaeb2d2647f79083300fa650bcf8c38

SHA1
f5ba436ddc1b3eb2c83e4478f24c4efdd16379bf

SHA256
9261f25d7d36ce3e5c95da926719fb61de1a33c51f778ac0eaca8fffb664a62d

SHA512
e878472faa858d32eec3847b5d6c39676c22b8438ea8bb6e3e90b3a3adc96256cfe431135f295afc3556b4f7ce061f770ad4c38e83355577afa3f7af1a976a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b34b4ed6de8b0e6257940c2c1e68e291

SHA1
67a8043fefee60253bbcf62056a62f784f69b4dd

SHA256
6c25aef9c19e5cd63ff4da9c84a203510d78b8676ed2c87bb628813145a03cd3

SHA512
83df95b9aad92133e1fd3865daac45f592874739ae6b7521b692ac2132868d4451887ee6555d2ba14eb30d555359e1e65647f5e396ddc8aecbfde7cd0b77825a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d223f21faa4ef363422a250bd20fe451

SHA1
78c4f02b64c20f0cbdd146cf99e63b3ce687513c

SHA256
152a589fc4c0845ab8b69b77098342b3aea17edcd56719564cfb14ef8e2b121f

SHA512
49d01a6f5417919b351b465dd3d5f696ca0549fb7bb87448f5e235e6a916e51415c1b273f593ff761778275d978f5fd4563c12db24461d6ec1dec83548db514a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
73aedbb600039e278476fada355f84f9

SHA1
383790a534a05a9733c9665866a8ee738fc60792

SHA256
7bf5d35279bd7fb8651543dafd15e7bf2363f192fbdee7049b5086c8ec0a4d3e

SHA512
a8c7d0357c2cefaa401a4a2b40f0420a2c2ea0ecf6ff55863941ff2c6058b0cd3adc1c7f5369deec5f9cdf910ca4c438f905277b37f03e713d0621b2782a642e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
89685aa58f7009600e72153f7cafca3f

SHA1
ca820ded10e5e239ea6828653e069b77752c2264

SHA256
329f7b8fd4fb4f40d1e29a599ba9660fc01b4e21b437c9dccf54de165d48b36e

SHA512
330a984a71446f3434e5aa11db09609ff2f6cf4ace1446e3b241c196d1fececa1ff5f198b1c47d01153b22b0dc68e39a984a386622a12401f1fd69322835d5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
b450370ef888f3ac941e22fec485da73

SHA1
1e621402b49c205310b36b3d66b77644fc40fc26

SHA256
974df333473ec43e1d777c04d8231e990ad2e70ef1f9dd7c8864e0ed5568fa8e

SHA512
32f53a56ea74cb21d13018a39b763b7b38afffd14cf1baab7f5acfbfa4dcb081263a58f092a2ec5bbe6e230dcedcef5bbaf9756aa6d1eb7159946604a6668ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
180df7fab4b88f8b5df5ab593dcb856b

SHA1
3aa0eba197f59b47ed7944467b0154d0b462d3f1

SHA256
27369a2ba8787ea60b757e16072ab88631bf680b9d375f58e2f4ea5a874d38bc

SHA512
1db43b39775bb03b9a900e0fa03df72c93f0d1f1dc16006d7ad19e7ca4bb331fced5a8abbbc91ff51f474f9d05c3ff3ca42ec074682e13a1a3ef3cf2e1eefa8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6ecaec87b277df6671e7290dcb1ec8fe

SHA1
d6aac16b7fd230054bb1efa1473bc10f4ec795dd

SHA256
bbc32d441674531e421317235282330360be8f4f69f1f05eec631c1768ee8ec6

SHA512
2d2ca4a42bece0ba4cfc894b0e4fd7255f1fe591a94de73591a1136388b0821b0b871517b3815096d71ff1fed9452d1223a9fadc2d5b30a5c1f4290eaed18524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f13693e246f3c4efdadf9007d75e5d1a

SHA1
7ef020386f1375d9db19ec4a3fadc669bdffbe56

SHA256
b14294b5695312416466d601eda13cfa3d5b8b178bb7f53c2b75ed909ab3b2a1

SHA512
d849c7c57b8a93afc0cabc97bbdacba740c61a01cda24b8a629ea70902c4a4295564cba481b51079cf49f0148d704d9c3e8c336cd50432ffe958a9dac7c5dbcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
49c66c4d3194865cea481f689e47f91c

SHA1
efd171e715d8476c0a9ae2055e6c8ef66a417b3d

SHA256
09c7c0361fc9f08ab1e16e7c09d1b7d8d9737d0e89076041603cd9ba4f6dd178

SHA512
587edfc2f4c00e79f84615dede8222e525efab166fb21d4683692395e965f09da0e8e767e498ab40eb842d43417f24349d33b3fecd78aa90df21aed4e548e344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3dc7a401f15707781c5d6ada6b153649

SHA1
c3b886ec527c2f6823423cdb8c13a67164c2bc51

SHA256
3ced425851d18ec2c67ed18454f2080936b9128587f337d00f4deb42bc2ce942

SHA512
a0624e74702b8f03d53745b8c81686d8d8989fc9fc383b866a1f5e0ef362f5bf11c6d4c2671e4d47331ffffcaadebec723e8009c00d70773cc04c5a9b4bdd29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
719db335858d2708fdf6b586bd9f5417

SHA1
e67e31e36988eda9a18e156e836234521ae22ba1

SHA256
6e1aed4f61e3e556858c0be3d15266cd483cda625b245123ee4a282321b0997e

SHA512
c5ca2507c0b158df314f9740c1b28b9c835c594cbfd4888b67af54c10ff31b7b097eebc488ea09862501483fa1be58588d5ec3456eaaded9cdfb531e066a8e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
62e5a7db3c1857669b66fa03fc16aa6e

SHA1
efac1c0a8cd234186ac4d223eb306aa00316f6f4

SHA256
84be69667350f20c76e6c2741dd13eb3ccd98fc26bcc260aa047235117eff010

SHA512
b6619064d4f1f61fd4f163d71b8d038af617bedc93ea2e806f9e97cd8942f08b8c6b49064af64f91c9903f544eadf98f37a6569cd456ecaa270ff559bd7971ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
269KB

MD5
74af493df6997883e0547893d71ddfc8

SHA1
2d260e9e57a003961413472b0285b38ff9777655

SHA256
9710c6f8de7e5106eff07f9fe8c0c2aa25188aa2737eca9df6938df3bc9eb8e1

SHA512
39f564bd265efb8ee788ca2f624d1a6dc120526c1b3f08912cc91bbe38f28571880413e85f0e475b34875f43ad67ae18845673f342c9e2303c4081827d531bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
269KB

MD5
3ac55b970b57cea6b59f45888be94b76

SHA1
69fe8d867cb88e3f4c54b5a870342e666cddbc6f

SHA256
2de628f9d1e490bace0beffe37ae7555f396551fdca4f8f61cb6e6e877c80555

SHA512
7ea3b22e086b80a59460fba42353457d1a975c807c7912b781977364b7054646f0655d0341bbef3345cbc0f770b6717dc2b7a608cdb3e4bab6de226a8e18604c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
c957ac437a1ca2b9056064d49465e253

SHA1
dff5814142e2e1009744f820ebfd338b18067d5b

SHA256
84386815ef099f78469b85a01c701798052452b24c84d384151968261acef9ce

SHA512
26193785323002f7d3ec9c8f797191b680d2dc2f7381d719b3f362ff18ab8bc610dbd1c89acc84d28f72fe983d6d76843f20777cbc467e76f98346fbfa23a6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591459.TMP
Filesize
90KB

MD5
94abdc02c906929eb1758eed53196131

SHA1
098979da44f361d31faa71cc14c6b5415b1d1e71

SHA256
f9c002fa5a23e37cfed381ebe22272c239e65dbb511a903e742657f4f44540b3

SHA512
79b93363a4874de6f25ab4705d68e7268897225c5cdc797091bff3a479777b4d552c1e5184f64acd02741feb05beef8c5ac1e2ab38ac901601cbf5560a479c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup.exe.log
Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll
Filesize
438KB

MD5
f3861f65510ba99966dfd02d7b444a2e

SHA1
1f331b3979ee1037c331c22611727c6287fe4f39

SHA256
9ed7ac43cc9a73ca6a44bc3c4b8713527e5d6382dc8bd34d4a9157e305d4e304

SHA512
6b137673647f81b424567c9b09454f062b47fe0ca56218913d32f4d5f05ce00a48b3daeb18ee2f0319b3a944d5fd817c72344c468bd241e1c699f724af1d7dff

Download Submit
C:\Users\Admin\Downloads\Adobe.Acrobat.zip.crdownload
Filesize
16.3MB

MD5
9baa8a41aeb5a6c34847f8b1cfa2ba79

SHA1
4f8817434ec0953f209c2d35f2b639298cb578ff

SHA256
eeb450b3e67b89cdbe829578448c2614a25bc300270c6684fa10e4b453614a7e

SHA512
cd0de0b769ea8f0c5d80d7f86c71eb875e89f2793f3d8b171a84a4629da292aabd5fe165962266f7e9fa72115fa104fbc97b31573a724097e54ad00fcd90546f

Download Submit
\??\pipe\crashpad_2812_DQRSEUPMIHWSRCVU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1576-461-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2836-432-0x0000000000340000-0x000000000039A000-memory.dmp

Filesize
360KB

Download
memory/2836-437-0x0000000000340000-0x000000000039A000-memory.dmp

Filesize
360KB

Download
memory/2836-433-0x0000000000340000-0x000000000039A000-memory.dmp

Filesize
360KB

Download
memory/3964-424-0x0000000000790000-0x0000000000802000-memory.dmp

Filesize
456KB

Download
memory/3964-425-0x00000000029C0000-0x00000000029C6000-memory.dmp

Filesize
24KB

Download