Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Avira: detected |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Virustotal: Detection: 41% |
Perma Link |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115644955.000000014007C000.00000002.00000001.01000000.00000006.sdmp |
Binary or memory string: -----BEGIN PUBLIC KEY----- |
memstr_46d88a26-2 |
Source: unknown |
HTTPS traffic detected: 104.26.0.5:443 -> 192.168.2.5:49708 version: TLS 1.2 |
Source: |
Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.0000000141EA2000.00000040.00000001.01000000.00000006.sdmp |
Source: |
Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: |
Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: Joe Sandbox View |
IP Address: 104.26.0.5 104.26.0.5 |
Source: Joe Sandbox View |
JA3 fingerprint: ce5f3254611a8c095a3d821d44539877 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
DNS traffic detected: DNS query: keyauth.win |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://keyauth.win/api/1.2/ |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://keyauth.win/api/1.2/L |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://keyauth.win/api/1.2/y= |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
HTTPS traffic detected: 104.26.0.5:443 -> 192.168.2.5:49708 version: TLS 1.2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4712 -s 516 |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Static PE information: Section: .reloc ZLIB complexity 1.5 |
Source: classification engine |
Classification label: mal84.evad.winEXE@18/1@1/2 |
Source: C:\Windows\System32\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6164:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7148:120:WilError_03 |
Source: C:\Windows\System32\WerFault.exe |
File created: C:\ProgramData\Microsoft\Windows\WER\Temp\cf61b6f6-cc49-4c74-9e0c-ecd7a63a3e68 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
ReversingLabs: Detection: 31% |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Virustotal: Detection: 41% |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
String found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectory |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | find /i /v "md5" | find /i /v "certutil" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\find.exe find /i /v "md5" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\find.exe find /i /v "certutil" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\timeout.exe timeout /t 5 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4712 -s 516 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | find /i /v "md5" | find /i /v "certutil" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\find.exe find /i /v "md5" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\find.exe find /i /v "certutil" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\timeout.exe timeout /t 5 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: certcli.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: cryptui.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: ntdsapi.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: certca.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\certutil.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\find.exe |
Section loaded: ulib.dll |
Jump to behavior |
Source: C:\Windows\System32\find.exe |
Section loaded: fsutilext.dll |
Jump to behavior |
Source: C:\Windows\System32\find.exe |
Section loaded: ulib.dll |
Jump to behavior |
Source: C:\Windows\System32\find.exe |
Section loaded: fsutilext.dll |
Jump to behavior |
Source: C:\Windows\System32\timeout.exe |
Section loaded: version.dll |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Static file information: File size 37365264 > 1048576 |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x2304c00 |
Source: |
Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.0000000141EA2000.00000040.00000001.01000000.00000006.sdmp |
Source: |
Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: |
Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2116203527.00000001420D6000.00000040.00000001.01000000.00000006.sdmp |
Source: initial sample |
Static PE information: section where entry point is pointing to: .boot |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Static PE information: section name: .themida |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Static PE information: section name: .boot |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Window searched: window name: FilemonClass |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Window searched: window name: PROCMON_WINDOW_CLASS |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Window searched: window name: RegmonClass |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
System information queried: FirmwareTableInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion |
Jump to behavior |
Source: C:\Windows\System32\timeout.exe TID: 1576 |
Thread sleep count: 34 > 30 |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe, 00000000.00000002.2115438203.00000000004EC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
System information queried: ModuleInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Thread information set: HideFromDebugger |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Open window title or class name: regmonclass |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Open window title or class name: process monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Open window title or class name: procmon_window_class |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Open window title or class name: registry monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Open window title or class name: filemonclass |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Open window title or class name: file monitor - sysinternals: www.sysinternals.com |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugObjectHandle |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugPort |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugFlags |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process queried: DebugObjectHandle |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Memory protected: page execute and read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
NtQueryInformationProcess: Indirect: 0x14259EAF8 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
NtQuerySystemInformation: Indirect: 0x1424CD11B |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
NtQueryInformationProcess: Indirect: 0x14255F38B |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
NtSetInformationThread: Indirect: 0x142592491 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 | find /i /v "md5" | find /i /v "certutil" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\certutil.exe certutil -hashfile "C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.29020.27952.exe" MD5 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\find.exe find /i /v "md5" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\find.exe find /i /v "certutil" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe cmd /C "color b && title Error && echo SSL connect error && timeout /t 5" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\timeout.exe timeout /t 5 |
Jump to behavior |