Order 24007219.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.900118600348117
|
Filename: |
Order 24007219.exe
|
Filesize: |
793088
|
MD5: |
e77f0d830d8353f748f97ea6c692b7f7
|
SHA1: |
7202eec3edccf41aa004e542c1956533b9ac8c01
|
SHA256: |
2c39793aee8f8966937d52468306f422151978e4b43d665a09f78e5c91fe5401
|
SHA512: |
1b6b658dc42a1ffa577ac03743394335128c76950294eece9f3d0465f23a1b85c2e2fcd09b19af59fdcb05f605f4db2f3d17e3dbbf6afb3b44863fdf6f05e961
|
SSDEEP: |
12288:2I0YOwqO8Dx1q3oIGkuFsxwkG7+qF2UA6zlH+AfS4NtT9gnjs5SJd7DrXZAmDk1M:nO7O8Dx1qRuFsxwke9HpV0
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0.............n....
... ....@.. .......................`............@................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Detected unpacking (changes PE section rights) |
Data Obfuscation |
|
Detected unpacking (overwrites its own PE header) |
Compliance, Data Obfuscation |
|
Found malware configuration |
AV Detection |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
.NET source code contains method to dynamically call methods (often used by packers) |
Data Obfuscation |
|
.NET source code contains potential unpacker |
Data Obfuscation |
|
Creates an undocumented autostart registry key |
Boot Survival |
Registry Run Keys / Startup Folder
|
Drops PE files with a suspicious file extension |
Persistence and Installation Behavior |
|
Drops executable to a common third party application directory |
Persistence and Installation Behavior |
|
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS) |
HIPS / PFW / Operating System Protection Evasion |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for sample |
AV Detection |
|
Allocates memory with a write watch (potentially for evading sandboxes) |
Malware Analysis System Evasion |
|
Contains functionality to query locales information (e.g. system language) |
Language, Device and Operating System Detection |
|
Contains long sleeps (>= 3 min) |
Malware Analysis System Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Creates files inside the system directory |
System Summary |
|
Detected potential crypto function |
System Summary |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Drops PE files to the windows directory (C:\Windows) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Found inlined nop instructions (likely shell or obfuscated code) |
Software Vulnerabilities |
Obfuscated Files or Information
|
May sleep (evasive loops) to hinder dynamic analysis |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
|
Yara signature match |
System Summary |
|
Binary may include packed or encrypted code |
Data Obfuscation |
|
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) |
System Summary |
|
.NET source code contains calls to encryption/decryption functions |
System Summary |
Deobfuscate/Decode Files or Information
|
.NET source code contains many API calls related to security |
System Summary |
|
.NET source code contains many randomly named methods |
Data Obfuscation |
|
.NET source code contains methods with suspicious names |
System Summary |
|
Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
|
Contains functionality to query local / system time |
Language, Device and Operating System Detection |
System Information Discovery
|
Contains functionality to query local drives |
Spreading, Malware Analysis System Evasion |
|
Contains functionality to query windows version |
Language, Device and Operating System Detection |
|
Contains medium sleeps (>= 30s) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Creates files inside the user directory |
System Summary |
|
Creates guard pages, often used to prevent reverse engineering and debugging |
Anti Debugging |
|
Creates mutexes |
System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Enumerates the file system |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using the .NET runtime (Probably coded in C#) |
System Summary |
|
Program exit points |
Malware Analysis System Evasion |
|
Queries the cryptographic machine GUID |
Language, Device and Operating System Detection |
|
Reads ini files |
System Summary |
|
Reads software policies |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Sample reads its own file content |
System Summary |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a COM descriptor data directory |
System Summary |
|
Uses Microsoft Silverlight |
System Summary |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
Category: |
dropped
|
Dump: |
Au3Check.exe.3.dr
|
ID: |
dr_45
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.346809943107517
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CnP5KVkD8QC2mCBFv9m7usyT8tKQ9clyPqlO91/iDVSsWUG0bCP0BwOvO9:HQ4VQjVsxyItKQNhigibKCM
|
Size: |
275560
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
Category: |
dropped
|
Dump: |
Au3Info.exe.3.dr
|
ID: |
dr_46
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.655389388809691
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CqxFVaK4T6fWSlXe0lJQafeyrR0kr/yh5DEU/Pk13TfwqiTP0McBUNnUxW:HF2K4TSFo5Y683TdiQMcGNUl4N
|
Size: |
217704
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
Category: |
dropped
|
Dump: |
Au3Info_x64.exe.3.dr
|
ID: |
dr_47
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.46961813426308
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CJyRnuBGwl/1Gc9QnvGqyWQ93kr/yh5DEU/P5kP0zU35iuvQBUeGMLu:Hrl3wdYtcH9b5Y651zU77Ea
|
Size: |
237160
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
Category: |
dropped
|
Dump: |
Aut2exe.exe.3.dr
|
ID: |
dr_48
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.4585184636590025
|
Encrypted: |
false
|
Ssdeep: |
24576:IC51xB6B9YNgqe1xTVIlz7X9zOo4PjnikEpx/nLWvJ+l:/K0eqkSR7Xgo4TiRPnLWvJY
|
Size: |
1675872
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
Category: |
dropped
|
Dump: |
Aut2exe_x64.exe.3.dr
|
ID: |
dr_49
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.349925371840433
|
Encrypted: |
false
|
Ssdeep: |
24576:kEeK2NocwiN/jc41p3qp11JsqbhOUe1xTVIlz7X9zOo4PjnikEpx/nLWvJ+i:8fYP1JsEDkSR7Xgo4TiRPnLWvJD
|
Size: |
1841760
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
Category: |
dropped
|
Dump: |
upx.exe.3.dr
|
ID: |
dr_50
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.89673941207541
|
Encrypted: |
false
|
Ssdeep: |
6144:H8pXDXz7yIrozs0WuNd3ojusBdgnNW6r4F53ttuGENGFdVCLEYnPO1D7YYoSyZCG:c9zGImAjJdcH4j3ttzFdVCLNSfHoSWCG
|
Size: |
346624
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
Category: |
dropped
|
Dump: |
AutoIt3Help.exe.3.dr
|
ID: |
dr_51
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.1894038579205075
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CeckvQ4gXIRSG+7IJqC3CJyoDjpBnjkP0XGx2SYg+b/Q+y1s3:H4nGZLknnj1X62SYdb4I
|
Size: |
165976
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
Category: |
dropped
|
Dump: |
AutoIt3_x64.exe.3.dr
|
ID: |
dr_52
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.459667439296206
|
Encrypted: |
false
|
Ssdeep: |
24576:tTC6Rb6qu1PyC+NRLtpScpzbtT7pyOolKL8Sq/jrc5xaNIBg:t+6AqSPyC+NltpScpzbtvpJoMQSq/jrL
|
Size: |
1113176
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
Category: |
dropped
|
Dump: |
SciTE.exe.3.dr
|
ID: |
dr_53
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.738038484500847
|
Encrypted: |
false
|
Ssdeep: |
49152:ywGSXoV72tpV9XE8Wwi1aCvYMdRluS/fYw44RxL8:d4OEtwiICvYMpfc
|
Size: |
2414080
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
Category: |
dropped
|
Dump: |
Uninstall.exe.3.dr
|
ID: |
dr_54
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.831318435744157
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CHCrJGEtajbefY/TU9fE9PEtuGCrK:HECrkEt+cYa6YCrK
|
Size: |
113233
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
Category: |
dropped
|
Dump: |
AdobeARMHelper.exe.3.dr
|
ID: |
dr_64
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.508474579903954
|
Encrypted: |
false
|
Ssdeep: |
6144:HXvqF1Ged2RYbguEuFuTkdj+zRGa7JkjrXyPyMMWvpBVOaqahUqjAGT:ObgvuFuQdj+zRTJkX8yMhB3jhBAi
|
Size: |
409608
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops executable to a common third party application directory |
Persistence and Installation Behavior |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
Category: |
dropped
|
Dump: |
armsvc.exe.3.dr
|
ID: |
dr_65
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.5593760761748
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CiGnUI/9FXK4+PoSZSb5qURwubvvnzdl1CkTlxAenDl3SoxceC76JNKjzc:HDGUcsvZZvUmubv7hTHA8l3yROJyDI5
|
Size: |
214512
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops executable to a common third party application directory |
Persistence and Installation Behavior |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
Category: |
dropped
|
Dump: |
jaureg.exe.3.dr
|
ID: |
dr_66
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.70791561219369
|
Encrypted: |
false
|
Ssdeep: |
12288:CyvTCXdXikLj2jR7trg6Qi3vYsKTU00vq:CyyLj8trn3wsq0vq
|
Size: |
568400
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
Category: |
dropped
|
Dump: |
jucheck.exe.3.dr
|
ID: |
dr_67
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.7744766505830665
|
Encrypted: |
false
|
Ssdeep: |
24576:40n7Ubxk/uRvJqLGJLQ4a56duA/85RkV4l7/ZeoMOp:H4iwwGJra0uAUfkVy7/ZX
|
Size: |
1252432
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
Category: |
dropped
|
Dump: |
jusched.exe.3.dr
|
ID: |
dr_68
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.766430152852861
|
Encrypted: |
false
|
Ssdeep: |
12288:uMvcR0D0B6PyxoxIlZwM+R6R4uFjs1Z7FMN0TzJqccvbXkN58AuimIh:kR0gB6axoCfyR6RLQRF/TzJqe58BimIh
|
Size: |
790096
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
Category: |
dropped
|
Dump: |
LICLUA.EXE.3.dr
|
ID: |
dr_69
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.4512845115803525
|
Encrypted: |
false
|
Ssdeep: |
6144:Ht0dzerObMhDGJ9UM3sunrXj9BMHmD1tYFLqY/W5R02qO7VKCy7KCzDSEBPj:geqbWqB3sunrT9+aYFLq3ny7JSEBPj
|
Size: |
562776
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
Category: |
dropped
|
Dump: |
VSTOInstaller.exe.3.dr
|
ID: |
dr_70
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.403847720504054
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C/Po10JOSdnvEhEyr1hg9uCRFRzsxeZ:HEg1MOc81hmRFJs0Z
|
Size: |
127512
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
Category: |
dropped
|
Dump: |
java.exe.3.dr
|
ID: |
dr_71
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.842641736460127
|
Encrypted: |
false
|
Ssdeep: |
6144:HN4LYbH0QQchx73BeFStIhEWDoZvynCMj+TwW:t4EbH0j4x7R6SvyCMqn
|
Size: |
299136
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
Category: |
dropped
|
Dump: |
javaw.exe.3.dr
|
ID: |
dr_72
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.8451849014225035
|
Encrypted: |
false
|
Ssdeep: |
6144:HNZXCs7zYA9xiNFiVg7s/uDoeBvhI7W6w9:tZXCs/YAh/elvhI7Wd
|
Size: |
299136
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
Category: |
dropped
|
Dump: |
javaws.exe.3.dr
|
ID: |
dr_73
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.467991207417757
|
Encrypted: |
false
|
Ssdeep: |
12288:taNKdHVnfiMB7yIL+5IyoiYv5jPaeTmJWIvDxT9ULX8PCM:EKiBLZ05jNTmJWExixM
|
Size: |
437888
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
Category: |
dropped
|
Dump: |
GoogleCrashHandler.exe.3.dr
|
ID: |
dr_82
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.696471994901711
|
Encrypted: |
false
|
Ssdeep: |
6144:HBkTpB8HHvBjruphfgesnAhAOQp2EwckjQx+m8zhPLlZp3:hklinJruphfg26p2Ewix+m8Nln3
|
Size: |
343328
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
Category: |
dropped
|
Dump: |
GoogleCrashHandler64.exe.3.dr
|
ID: |
dr_83
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.427391009112463
|
Encrypted: |
false
|
Ssdeep: |
12288:s3gaHC2zUM2WJoROZVXk8hbodzbaw8x0Cx+wnx:sx5k8hb0Haw+x5x
|
Size: |
443680
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
Category: |
dropped
|
Dump: |
GoogleUpdate.exe.3.dr
|
ID: |
dr_84
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.176497825332734
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C5aKavT/DvbEvK9aobNI2B+Nl4jz+b0atWH1TmFtotpcat8iKdlVST31Oa:HmaK2h9H/B+rEtiPC
|
Size: |
203552
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
Category: |
dropped
|
Dump: |
GoogleUpdateBroker.exe.3.dr
|
ID: |
dr_85
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.570207528911708
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CK4vzT+PjZpsB+2h+EOXkMxJ7Rfp8K172YPrp:HJpsB+09zMH7cCxPd
|
Size: |
149792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
Category: |
dropped
|
Dump: |
GoogleUpdateComRegisterShell64.exe.3.dr
|
ID: |
dr_86
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.265775164697781
|
Encrypted: |
false
|
Ssdeep: |
6144:HSWt9h8QlLISZWVRohcq7dvni3F8QrBA/:yy9hdFIdRoGUxi35rBU
|
Size: |
227104
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
Category: |
dropped
|
Dump: |
GoogleUpdateCore.exe.3.dr
|
ID: |
dr_87
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.694752760358439
|
Encrypted: |
false
|
Ssdeep: |
6144:H6wCtJmRqyFmB6AOKmiMGwIAfx+iQ+FfFyLgG1da6edo:aw6JmRI6Bitwpx+iQafFykG1da6edo
|
Size: |
264480
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
Category: |
dropped
|
Dump: |
GoogleUpdateOnDemand.exe.3.dr
|
ID: |
dr_88
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.570439464104448
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C24qR8vSZksB+2hdqecER5AhC48S1m2YPrZ:H1ksB+0YlEXAe6QPt
|
Size: |
149792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
Category: |
dropped
|
Dump: |
java.exe0.3.dr
|
ID: |
dr_89
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.842641736460127
|
Encrypted: |
false
|
Ssdeep: |
6144:HN4LYbH0QQchx73BeFStIhEWDoZvynCMj+TwW:t4EbH0j4x7R6SvyCMqn
|
Size: |
299136
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
Category: |
dropped
|
Dump: |
javacpl.exe.3.dr
|
ID: |
dr_90
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.438717252478752
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjkrmKWGyeVK7qjh3rmKPNbS7cZPxyqPEoCW/ids8nBs+s8nK:9jDVn3CIqMyutjZqMNbSgxbFrj8m
|
Size: |
135808
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
Category: |
dropped
|
Dump: |
javaw.exe0.3.dr
|
ID: |
dr_91
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.8451849014225035
|
Encrypted: |
false
|
Ssdeep: |
6144:HNZXCs7zYA9xiNFiVg7s/uDoeBvhI7W6w9:tZXCs/YAh/elvhI7Wd
|
Size: |
299136
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
Category: |
dropped
|
Dump: |
javaws.exe0.3.dr
|
ID: |
dr_102
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.467991207417757
|
Encrypted: |
false
|
Ssdeep: |
12288:taNKdHVnfiMB7yIL+5IyoiYv5jPaeTmJWIvDxT9ULX8PCM:EKiBLZ05jNTmJWExixM
|
Size: |
437888
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
Category: |
dropped
|
Dump: |
jp2launcher.exe.3.dr
|
ID: |
dr_103
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.3405900124750865
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3Cz446dewltB2mNd/HOrveW1dexk834fRZ5Nyc:HO446d7T/H4X
|
Size: |
163456
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
Category: |
dropped
|
Dump: |
ssvagent.exe.3.dr
|
ID: |
dr_104
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.111462689691308
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjQs8nBs5s8nBskEsz2zy77hPxIAbBsnzA3QDkrDW8Kq5ns8w:9jDVn3CRUkEsqzy7pxI8BszFJqkb
|
Size: |
127104
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
Category: |
dropped
|
Dump: |
unpack200.exe.3.dr
|
ID: |
dr_105
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.120258922048456
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CVySSyyXC2BZC5vHa2L8jv+UII6qS2AroAxYN35gwxcPXtxdTsVcCXFzlb:HmSyMZOy406qS2AroAxnw6f9JCXN1
|
Size: |
223360
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
Category: |
dropped
|
Dump: |
OSPPREARM.EXE.3.dr
|
ID: |
dr_133
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.697957887327829
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3Ctwl0hzyfN7T34oshWGrAUdaz2w9Lf0M/RHym:H/iFIf34hcUsz225/
|
Size: |
203264
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
Category: |
dropped
|
Dump: |
AppVDllSurrogate.exe.3.dr
|
ID: |
dr_134
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.390402636503841
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CdfSoD7sDZ7/E2jijQvZ2ha5ZxXHyz7weLSMqpmmtj:HsfSoD7q/fji2SUKz7VHwmmtj
|
Size: |
209912
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
Category: |
dropped
|
Dump: |
AppVDllSurrogate32.exe.3.dr
|
ID: |
dr_135
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.390402636503841
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CdfSoD7sDZ7/E2jijQvZ2ha5ZxXHyz7weLSMqpmmtj:HsfSoD7q/fji2SUKz7VHwmmtj
|
Size: |
209912
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
Category: |
dropped
|
Dump: |
AppVDllSurrogate64.exe.3.dr
|
ID: |
dr_136
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.884007020814632
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CXPEGT3EB2e1aWGNU6ITL85x0HRerzJ0YF6OYLy0PPDq29BA+7891:HePEC0QjWGNU6ITL1H0zvjkBA+7891
|
Size: |
264144
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
Category: |
dropped
|
Dump: |
AppVLP.exe.3.dr
|
ID: |
dr_137
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.669536051051947
|
Encrypted: |
false
|
Ssdeep: |
6144:HHmmt0fSoD7ZAOhPiURg/4KAaxZTTlvIfaUcuI4hWxBP9SGO0zyqEL:mmt0LDdOUO42ZdocuI4kxBgGONqEL
|
Size: |
430680
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
Category: |
dropped
|
Dump: |
Integrator.exe.3.dr
|
ID: |
dr_145
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.574980714652117
|
Encrypted: |
false
|
Ssdeep: |
98304:SkkCqyDEY7+o3OBvfGVY+40yajyS+9s/pLOq:SkkCqaE68eV+0y8E6L1
|
Size: |
4473576
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
Category: |
dropped
|
Dump: |
ACCICONS.EXE.3.dr
|
ID: |
dr_147
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.921140114669554
|
Encrypted: |
false
|
Ssdeep: |
98304:sPNLniBaEJhRELqS/rhwov59SRZ5Vb9sybbsK+0rnsQ:eNLniBPJhRELqS/rhb59SRZ5Vb9sybb9
|
Size: |
4316096
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
Category: |
dropped
|
Dump: |
Microsoft.Mashup.Container.Loader.exe.3.dr
|
ID: |
dr_149
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.497034876760503
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjjELjOzHKd1XI/etzCJQx0cxnIO/IOmOe:9jDVn3C/E/OTKXI/etG8ICILJ
|
Size: |
94600
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
Category: |
dropped
|
Dump: |
AppSharingHookController.exe.3.dr
|
ID: |
dr_151
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.259774048158175
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjzvpz3ktxGvpzvy5ZWGalHFmMTK0KRTS8bOzc:9jDVn3ChToATzvmN0KRm8bOzc
|
Size: |
101496
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
Category: |
dropped
|
Dump: |
CLVIEW.EXE.3.dr
|
ID: |
dr_152
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.974935057430955
|
Encrypted: |
false
|
Ssdeep: |
6144:H9wACThwS0vn9IdRsLGEJTdPA6lDfZNAGVx:dwACThwSSn2dRANtlF3j
|
Size: |
455760
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
Category: |
dropped
|
Dump: |
CNFNOT32.EXE.3.dr
|
ID: |
dr_153
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.306161876175189
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CeLqB8edYkIrv6TXRw9xwqazULDjkAJZo0RAjUIqXfkRC:HJjilq8OPwRzso6AQ5yC
|
Size: |
225704
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
Category: |
dropped
|
Dump: |
Common.DBConnection.exe.3.dr
|
ID: |
dr_154
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.360216134334807
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjI67wZClMML07MiapFmPRHyzMwzobtM+zf:9jDVn3C067wZClMMQ7MiawHyzMwsL
|
Size: |
84928
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
Category: |
dropped
|
Dump: |
Common.DBConnection64.exe.3.dr
|
ID: |
dr_155
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.4117338726986
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjf0s7wZClMML072apFmPcnGzLHyxz5pOEtmwxz5E:9jDVn3Cbt7wZClMMQ72ahnGzextQyxtE
|
Size: |
83816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
Category: |
dropped
|
Dump: |
DATABASECOMPARE.EXE.3.dr
|
ID: |
dr_1
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.398645684410748
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C/W32GhNvMQ/58sl2U2Gszlz4SNBZCgMWku:HT2GhN0lsdspzPgg1
|
Size: |
233832
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
Category: |
dropped
|
Dump: |
SPREADSHEETCOMPARE.EXE.3.dr
|
ID: |
dr_10
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.701440127624774
|
Encrypted: |
false
|
Ssdeep: |
6144:HGWDxGH79J2VX5gEpvm7JA8I6BHAlSpFG/+Ls3ze30xB7zq2zs:hMxCvm7JK6JAB/6N30xpI
|
Size: |
502632
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
Category: |
dropped
|
Dump: |
filecompare.exe.3.dr
|
ID: |
dr_2
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.432766943626509
|
Encrypted: |
false
|
Ssdeep: |
6144:HAEshacHeGXduZtZ9zHVcI3uv7FgR3FTzWQ/ZZyp1:nsHHrtuZtPvh3FuQ/jyp1
|
Size: |
352704
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
Category: |
dropped
|
Dump: |
GRAPH.EXE.3.dr
|
ID: |
dr_12
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.942150351039283
|
Encrypted: |
false
|
Ssdeep: |
98304:jXuo5RMru45b5dZlAj0sqW7YDKMzVwgBWMTwLe7G:/R345NRAgsr7QH6h93
|
Size: |
4395184
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
Category: |
dropped
|
Dump: |
IEContentService.exe.3.dr
|
ID: |
dr_14
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.562655772669331
|
Encrypted: |
false
|
Ssdeep: |
12288:0zKRgqBDxoiPCLXHLuk/Wg4Reh2mbeF+IGboJdx:QKgMxoiPoXruPi/++IvJdx
|
Size: |
603928
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
Category: |
dropped
|
Dump: |
MSOHTMED.EXE.3.dr
|
ID: |
dr_22
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.177887108129733
|
Encrypted: |
false
|
Ssdeep: |
6144:HfyrmBq0RYSv3A5DhW15yChMFt2XTNJWLgCWzzYhPRt+:armBjYuALWJMn2XTmL7hPH+
|
Size: |
507024
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
Category: |
dropped
|
Dump: |
MSOSREC.EXE.3.dr
|
ID: |
dr_24
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.677240809250899
|
Encrypted: |
false
|
Ssdeep: |
6144:HbomAAOwPcPIqk4Vsvt0uews+qZP9zOPBxGiryKI:7sAETlVsKzZPixGBKI
|
Size: |
251560
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
Category: |
dropped
|
Dump: |
MSQRY32.EXE.3.dr
|
ID: |
dr_138
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.661640150830095
|
Encrypted: |
false
|
Ssdeep: |
12288:QdI8PdgELg6eaBlnjlZcTerWv+xdeFhvCs9TukINOW:Qa8PWELTBlZ+erw+xdeFUsUkEh
|
Size: |
751720
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
Category: |
dropped
|
Dump: |
NAMECONTROLSERVER.EXE.3.dr
|
ID: |
dr_139
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.583943417191568
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CcNDS5lS1jITI1FeBT77NDS5lS3j+Wzy6oUSA7hZ:H/NDS5lSxFeBTfNDS5lS7zUrsZ
|
Size: |
161968
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
Category: |
dropped
|
Dump: |
OLCFG.EXE.3.dr
|
ID: |
dr_144
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.629173652819627
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CpklWPsom9TiWWWWWWWQM+FtWAzhIwaeENinkf8xw3xUFv2tGPrtPmF:HMb5zPaNQnBxw34Oita
|
Size: |
159560
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
Category: |
dropped
|
Dump: |
ONENOTE.EXE.3.dr
|
ID: |
dr_146
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.307693632896114
|
Encrypted: |
false
|
Ssdeep: |
24576:iDZgOA74U4o//sbtwvZTqFDk9sg71SmY90gh/G7QJoma+9duNGeVG29H:+qHVhTr5UmY90sGE5dIDG29H
|
Size: |
2233240
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
Category: |
dropped
|
Dump: |
ONENOTEM.EXE.3.dr
|
ID: |
dr_148
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.020472039833597
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CxVFptXofXXXXXXuh9gLzltw6Q1hqOJHrtTh:HetXofXXXXXXASLzb9uhqK
|
Size: |
214432
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
Category: |
dropped
|
Dump: |
ORGCHART.EXE.3.dr
|
ID: |
dr_150
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.622834882149683
|
Encrypted: |
false
|
Ssdeep: |
12288:5oBdI/BUQtsfBCegl2eccL1q/xRyye7BfcwqEhDe:5oM/BB0Bml2m1q/xRPCcwFC
|
Size: |
620840
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
Category: |
dropped
|
Dump: |
OcPubMgr.exe.3.dr
|
ID: |
dr_140
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.690210199889685
|
Encrypted: |
false
|
Ssdeep: |
12288:rwF+k53zCG2tIuQ6DtJQSZDhLOhkZzV5i9w/lmd+jrcUiACW:sFXG6uQ6D9L2uV50AlmsjYUiAB
|
Size: |
1568248
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
Category: |
dropped
|
Dump: |
OfficeScrBroker.exe.3.dr
|
ID: |
dr_142
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.743211021940249
|
Encrypted: |
false
|
Ssdeep: |
12288:qf/4sOdw+RfEB6tuAlnWhGZco6ijmn5jFTSt7yCPUkazi7JThVoSZeR6aQTJ:a/4Vdw+Ra6V6g2kazidN6SoEVF
|
Size: |
634800
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
Category: |
dropped
|
Dump: |
OfficeScrSanBroker.exe.3.dr
|
ID: |
dr_143
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.742424721639432
|
Encrypted: |
false
|
Ssdeep: |
12288:9KxLM1deLycUTc1kZi7zb1QRHhhj7WGvF5PYcdTFtZ3G97aSDGGHrbTwqFwydBf6:9yY14evTc1kZi7zb1KHL8vbTlwOBC
|
Size: |
748192
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
Category: |
dropped
|
Dump: |
POWERPNT.EXE.3.dr
|
ID: |
dr_4
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.835267820033085
|
Encrypted: |
false
|
Ssdeep: |
6144:HgBeXsm81c57ZXFzY5Ucyw4TapP25xxlq4cUcMeTOMzwMwZ:KKs78A5UcyOPexxPcUcMeyvZ
|
Size: |
1917048
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
Category: |
dropped
|
Dump: |
PPTICO.EXE.3.dr
|
ID: |
dr_5
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.716620676635419
|
Encrypted: |
false
|
Ssdeep: |
12288:MyKs7cvZIFpCYVIUN2mGsb8HtkLaHLH04cLbUBRjLmP29DyZbT9oc/m06aCzE6hE:MyKsY+dy0ZScIBqBT11S0
|
Size: |
4099520
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
Category: |
dropped
|
Dump: |
PerfBoost.exe.3.dr
|
ID: |
dr_3
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.097565369298273
|
Encrypted: |
false
|
Ssdeep: |
6144:HDvhCpFviM0OKAOVf3m+2fCz29fx8/eAeTu:rEpFVKj3mFn9q
|
Size: |
452120
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
Category: |
dropped
|
Dump: |
SCANPST.EXE.3.dr
|
ID: |
dr_6
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.645619544353392
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C+uGaz7jFQ68ICP5q0WISDr34W+wst:H9RazrA5q0WISDrZS
|
Size: |
116664
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
Category: |
dropped
|
Dump: |
SDXHelper.exe.3.dr
|
ID: |
dr_7
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.618784004924734
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CnWKZbTKeR3Tzp+8IxR8jYYrjHaVLIPSL1CgNX:HEWK11Rp+8II5SLUgp
|
Size: |
167392
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
Category: |
dropped
|
Dump: |
SELFCERT.EXE.3.dr
|
ID: |
dr_8
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.049560419464244
|
Encrypted: |
false
|
Ssdeep: |
12288:hwbRB+ZRhFfGNpzX5PtiPWRnTLtx5eq4/RnYRoS2Ds+2EYR1XLlShtg7ksyST2Rz:hwbT+ZR3fGrzX5PtiPWRnTLtx5eq4/R9
|
Size: |
670928
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
Category: |
dropped
|
Dump: |
SETLANG.EXE.3.dr
|
ID: |
dr_9
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.232249977449497
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjYwdK75Rp1Ukkz2zct/rzdaBotnMuvWM6TUaE:9jDVn3C8wdK1Fiz2ir+o5vWM6TUaE
|
Size: |
115920
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
Category: |
dropped
|
Dump: |
SKYPESERVER.EXE.3.dr
|
ID: |
dr_11
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.589867905969904
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIj8LS+I1HtQdiHN4zbyezltnzGd1XuDxhkrTJwNZ5wmW1aHba:9jDVn3CDMi+zWeXdswvqiHm
|
Size: |
137776
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
Category: |
dropped
|
Dump: |
UcMapi.exe.3.dr
|
ID: |
dr_13
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.900326076066606
|
Encrypted: |
false
|
Ssdeep: |
12288:B61ZFViRpx5tuwZl4asd/arEISgX0IkEMhTy:B61jViRTfVINdCr6gX0hEl
|
Size: |
1206680
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
Category: |
dropped
|
Dump: |
VPREVIEW.EXE.3.dr
|
ID: |
dr_15
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.711809129691251
|
Encrypted: |
false
|
Ssdeep: |
12288:N1rOCPapfd5bhooUBuFiExw/LXa20Dj6EzfJ:TrfIbbhooUBu3wzXa/Dj64
|
Size: |
400336
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Category: |
dropped
|
Dump: |
WINWORD.EXE.3.dr
|
ID: |
dr_33
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.275857968418624
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C+K2OKsuWoZEsVK2OKsuWoZEckAQckAIDpAPfKrss1yyKrss1yAZDvYbNs:HFztkAzkAZqrEdrEAZUCwFjNNYEzcL
|
Size: |
1662344
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
Category: |
dropped
|
Dump: |
WORDICON.EXE.3.dr
|
ID: |
dr_35
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.7790611757541432
|
Encrypted: |
false
|
Ssdeep: |
6144:HfgSRJQYKV++VYwjatvsDVpDsehRAKzYM:jQYZTWbDj5
|
Size: |
3531712
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
Category: |
dropped
|
Dump: |
Wordconv.exe.3.dr
|
ID: |
dr_34
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.540426690354964
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjdKfEBr3fHT4nAzHGkYJ+ziw6+zb:9jDVn3C5Ph3IAzHGEJn
|
Size: |
83880
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
Category: |
dropped
|
Dump: |
XLICONS.EXE.3.dr
|
ID: |
dr_37
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.8136169439369434
|
Encrypted: |
false
|
Ssdeep: |
6144:HTUh82lTMY/C3uuQyMyquNlBXYJ7M444IB:zkyIgG47B
|
Size: |
4319112
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
Category: |
dropped
|
Dump: |
lync99.exe.3.dr
|
ID: |
dr_16
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.956516239338196
|
Encrypted: |
false
|
Ssdeep: |
6144:HLWSXeSC+hBMdNRneNMToeGYeneqjpGtBlmF:rLevUEcLe9l2
|
Size: |
785448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
Category: |
dropped
|
Dump: |
misc.exe.3.dr
|
ID: |
dr_17
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.767890126852415
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CZyTUawK12P04ti0o5gmQNJDJnJG20FxPlJPJSS12Zzwww6G:Hes4wqmQN59wtSS2zwmG
|
Size: |
1081280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
Category: |
dropped
|
Dump: |
msoadfsb.exe.3.dr
|
ID: |
dr_18
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.501183472507012
|
Encrypted: |
false
|
Ssdeep: |
49152:ouoh1EWXRkd+h9y6NsRZ9MtL4kD5G5LVuhqITJemL9SQM3:ouohO2km9PNsRZ9MtL4ktG5LV93
|
Size: |
1722808
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
Category: |
dropped
|
Dump: |
msoasb.exe.3.dr
|
ID: |
dr_19
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.601341453438916
|
Encrypted: |
false
|
Ssdeep: |
6144:H2+OpwoajoJ/cLr6eNI0A2kg79zge/ceeE1+v:WDWhS5g72veeU+v
|
Size: |
307784
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
Category: |
dropped
|
Dump: |
msoev.exe.3.dr
|
ID: |
dr_20
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.4364760489218
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIj3zKAtCz72I/Q/RPTO5piDDFwzS:9jDVn3CDuFvgy5piDD6zS
|
Size: |
97920
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
Category: |
dropped
|
Dump: |
officeappguardwin32.exe.3.dr
|
ID: |
dr_141
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.560674117940361
|
Encrypted: |
false
|
Ssdeep: |
49152:sl8U9+tiqfG7C+5I6ZOX0Bh4MdDHc/EBRXXZUABfmcQ:sl8+++7hOXODHc/EdQ
|
Size: |
1994448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
Category: |
dropped
|
Dump: |
MSOXMLED.EXE.3.dr
|
ID: |
dr_42
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.251115866408002
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjg6gJJRaCAd1uhNRu7z3zHt4s+zbCtbCc0xXNmi9RHYOqEWu:9jDVn3CM6gxe7z3OzY+9jTYbE+la
|
Size: |
275872
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
Category: |
dropped
|
Dump: |
ai.exe.3.dr
|
ID: |
dr_39
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.538671140064808
|
Encrypted: |
false
|
Ssdeep: |
12288:cccV8BFJ0kz4uP9V6wY2M48aVNfffNfYRweSat8UVNfffNfRtAUUn4lDW7f5sBzl:cOFJbl/6r2M48aVNfffNfWVNfffNfDw+
|
Size: |
751520
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
Category: |
dropped
|
Dump: |
aimgr.exe.3.dr
|
ID: |
dr_40
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.352615959240564
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CYDbGpEPwVH+lMCNy0GEVVS1ikLrDdevXqHai8MBEL4:HvXSSwVgvfkhvzHcWEM
|
Size: |
182712
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
Category: |
dropped
|
Dump: |
OSPPSVC.EXE.3.dr
|
ID: |
dr_44
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.265483678533901
|
Encrypted: |
false
|
Ssdeep: |
49152:S/xFnOvtaWIDn0apLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrQKl+RPp:ktLK3BDhtvS0Hpe4zbpaAKQkroGIz
|
Size: |
5174360
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
Category: |
dropped
|
Dump: |
DW20.EXE.3.dr
|
ID: |
dr_55
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.58382976193959
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CdU5adWAKmzUccnzkVBgEuKjj0WWtPPoI:Hl+EjzCg+j6P3
|
Size: |
139712
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
Category: |
dropped
|
Dump: |
FLTLDR.EXE.3.dr
|
ID: |
dr_58
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.72931983017243
|
Encrypted: |
false
|
Ssdeep: |
6144:HtzgSb/029S2P/7nzGxFrRN0r0ivCZci1FXiO8DaS4wwE0CBlFJmcx:Cw/2q/roN7ivCZci1FC74wdBlFYU
|
Size: |
380368
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
Category: |
dropped
|
Dump: |
MSOICONS.EXE.3.dr
|
ID: |
dr_59
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.7384563900398096
|
Encrypted: |
false
|
Ssdeep: |
6144:HXvk8/0NhFYAddenZhUhTNnLUrh+9nTGLljX4wuSzVF:h4wXF
|
Size: |
1269696
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
Category: |
dropped
|
Dump: |
MSOXMLED.EXE0.3.dr
|
ID: |
dr_60
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.208685719486811
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjhRaCAd1uhNRuiazvhzpwtWhz7I3EWwwrwYx6RPWdn6ysl4a:9jDVn3CTezzvhF1h3wEWwwbx6ksl4D
|
Size: |
266648
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
Category: |
dropped
|
Dump: |
OLicenseHeartbeat.exe.3.dr
|
ID: |
dr_61
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.5533271442159
|
Encrypted: |
false
|
Ssdeep: |
12288:r4tuuLntIMDXw5vde5EFf1Pmbd3lSz3dfp1Swf5M0blmFKuJOJZM30j3:ktFDKMg4iX3djfy0blmFlme303
|
Size: |
715760
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
Category: |
dropped
|
Dump: |
ai.exe0.3.dr
|
ID: |
dr_56
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.6681128438997535
|
Encrypted: |
false
|
Ssdeep: |
12288:YM/Of/Bboj+clWnIKgrP6TFPLNWuX4Pemn3oi8ky9Q8WSe/aSqizuO1qukdQAPnQ:Z8JgryFPLNWuX40RulAPn1OcnGVNfffl
|
Size: |
619944
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
Category: |
dropped
|
Dump: |
aimgr.exe0.3.dr
|
ID: |
dr_57
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.549626515163885
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3ChQPtLW7twRxI5mc5TNN3AsdVgNwihwT3RqEM6ZOfHXb42:HUQMzhdV0nh4Hof7
|
Size: |
150416
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
Category: |
dropped
|
Dump: |
OSE.EXE.3.dr
|
ID: |
dr_62
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.702474708890312
|
Encrypted: |
false
|
Ssdeep: |
6144:HI872jsLuLnPo2TTHswP2TGz3FUCHySYI:o+2jsLuT3MfTGW5I
|
Size: |
264576
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
Category: |
dropped
|
Dump: |
AppSharingHookController64.exe.3.dr
|
ID: |
dr_63
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.046444869642985
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjtweqz1lezmtJwzojsKyyJFGgHZ//rHzb:9jDVn3ChqzXe0wSyyJFD//Hb
|
Size: |
108448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
Category: |
dropped
|
Dump: |
MSOHTMED.EXE0.3.dr
|
ID: |
dr_74
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.016740362739492
|
Encrypted: |
false
|
Ssdeep: |
12288:mpo/FEVciSJJtH4PoR6moWEBfQLxZPhEx7xgtV2hv4tkYUK2tlIqR7lmNK/IKrtK:dFEWi4JtH4PoRfoFIxZPk0NKbB0R
|
Size: |
662600
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
Category: |
dropped
|
Dump: |
SQLDumper.exe.3.dr
|
ID: |
dr_75
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.475305678917416
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C04ZAh7ULoQdHBjw8Q2pFj4+W1ISYpksZmRohnonRBfTjzJEthEWV:HdPfQdhMuj4VM8imPjGthEWV
|
Size: |
260560
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
Category: |
dropped
|
Dump: |
accicons.exe.3.dr
|
ID: |
dr_76
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.9160215324980747
|
Encrypted: |
false
|
Ssdeep: |
98304:gYN3nsBQ5ghvEyqf/whWovz9hRJ5RbisrbdsPO9jXsw:9N3nsBcghvEyqf/whxz9hRJ5Rbisrbdr
|
Size: |
4316200
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
Category: |
dropped
|
Dump: |
dbcicons.exe.3.dr
|
ID: |
dr_77
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.695616435376692
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIj1wu7mzj9zNtP9zNps8Q:9jDVn3CRLmzj9P95psb
|
Size: |
124056
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
Category: |
dropped
|
Dump: |
grv_icons.exe.3.dr
|
ID: |
dr_78
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.495103243727003
|
Encrypted: |
false
|
Ssdeep: |
6144:H4yUkKOEEIK128d2VKjw0EYsfZJnPmTuJjac2a51lHpLszc/kzY56Y:Yx/B/kib
|
Size: |
358336
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
Category: |
dropped
|
Dump: |
joticon.exe.3.dr
|
ID: |
dr_79
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.104332376686739
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CbwRnjnzhCiXXXXXX1AzZwAazTwdOLxN1IHO:HAwRnj7XXXXXXSzuz8OZ
|
Size: |
763032
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
Category: |
dropped
|
Dump: |
lyncicon.exe.3.dr
|
ID: |
dr_80
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
2.9662538355867576
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CNfCEq7tOxIfMFzCEpAm/4rx7z1arf+9:Hpz8w
|
Size: |
895120
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
Category: |
dropped
|
Dump: |
misc.exe0.3.dr
|
ID: |
dr_81
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.763871004422156
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CTo4TUawK1uT040i0ougmQmJDJnJ+20FxPlJPPSSfzZ9Ar9oN:HD243xmQm59UtUSfz3
|
Size: |
1082008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
Category: |
dropped
|
Dump: |
osmclienticon.exe.3.dr
|
ID: |
dr_92
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.039073791237599
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIjljhzxwKehzgt5t1D:9jDVn3ChhLehEthD
|
Size: |
105440
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
Category: |
dropped
|
Dump: |
outicon.exe.3.dr
|
ID: |
dr_93
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.952251787898776
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CEPMMRMMMmMMMvMMMwMMMNMMMWMMM3MMsewVOOMzMMvMMOMMMJMM2MMQMe:H6wVR6V7byjUWAZyVVdz8eEdGo
|
Size: |
537536
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
Category: |
dropped
|
Dump: |
pj11icon.exe.3.dr
|
ID: |
dr_94
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.076233767167976
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CS3ppPpNpDpspp/pCp0pmppdpspppRppMpLp0ppppbpQp2pphpSpXpQppt:HoKQSNdhnSzv
|
Size: |
1271952
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
Category: |
dropped
|
Dump: |
pptico.exe.3.dr
|
ID: |
dr_95
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.7128505697145826
|
Encrypted: |
false
|
Ssdeep: |
12288:1BKs7fvZIFpCYVIVN2mGsb8HtVLaHw3j4cLbUBRjLFP29DyZbT9gb/m06aCzE6h9:1BKszX0FjOeblHiled/k
|
Size: |
4099760
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
Category: |
dropped
|
Dump: |
pubs.exe.3.dr
|
ID: |
dr_96
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
4.314080541048139
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3Cw6bZt+ATS583ONo4aezJ8ZfqiA:Hl6bZtazB
|
Size: |
1273488
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
Category: |
dropped
|
Dump: |
sscicons.exe.3.dr
|
ID: |
dr_97
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.695616435376692
|
Encrypted: |
false
|
Ssdeep: |
1536:93zvwzhWCbinhBhIj1wu7mzj9zNtP9zNps8Q:9jDVn3CRLmzj9P95psb
|
Size: |
124056
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
Category: |
dropped
|
Dump: |
visicon.exe.3.dr
|
ID: |
dr_98
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.8455513663334706
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CPd0qVmvzC1SvXKo3NzbsZ6DdIAZcbEcofUnpfRII8Lp9qgN3WJp0Rf5Nr:HS/V/CfDhNG5sMXjjzmEPoL
|
Size: |
2970664
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
Category: |
dropped
|
Dump: |
wordicon.exe.3.dr
|
ID: |
dr_99
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.7747474780011
|
Encrypted: |
false
|
Ssdeep: |
6144:HcsSR7PYKzz38YwZItvsDu7DbDhRAUzHW:APYmLWSDBy
|
Size: |
3531712
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
Category: |
dropped
|
Dump: |
xlicons.exe.3.dr
|
ID: |
dr_100
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.8095120838376153
|
Encrypted: |
false
|
Ssdeep: |
6144:HQmRfvlTZY/C3ul0ywb/uXMo+YJ7M41zXLWIB:w+6M+595B
|
Size: |
4319272
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
Category: |
dropped
|
Dump: |
misc.exe1.3.dr
|
ID: |
dr_101
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.763871004422156
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CTo4TUawK1uT040i0ougmQmJDJnJ+20FxPlJPPSSfzZ9Ar9oN:HD243xmQm59UtUSfz3
|
Size: |
1082008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
Category: |
dropped
|
Dump: |
misc.exe2.3.dr
|
ID: |
dr_112
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.763871004422156
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CTo4TUawK1uT040i0ougmQmJDJnJ+20FxPlJPPSSfzZ9Ar9oN:HD243xmQm59UtUSfz3
|
Size: |
1082008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
Category: |
dropped
|
Dump: |
misc.exe3.3.dr
|
ID: |
dr_113
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.763871004422156
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CTo4TUawK1uT040i0ougmQmJDJnJ+20FxPlJPPSSfzZ9Ar9oN:HD243xmQm59UtUSfz3
|
Size: |
1082008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
Category: |
dropped
|
Dump: |
misc.exe4.3.dr
|
ID: |
dr_114
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
3.763871004422156
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CTo4TUawK1uT040i0ougmQmJDJnJ+20FxPlJPPSSfzZ9Ar9oN:HD243xmQm59UtUSfz3
|
Size: |
1082008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
Category: |
dropped
|
Dump: |
ie_to_edge_stub.exe.3.dr
|
ID: |
dr_106
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.423457480559621
|
Encrypted: |
false
|
Ssdeep: |
6144:HcLWET8DS698nGX2OduCwUJWh/JmmS3DAjqnkrzFoEh+vMKC239YUFgBdQ/:8LxT8DhyiLduCe/lSpn6zOvYUFg4/
|
Size: |
582184
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
Category: |
dropped
|
Dump: |
setup.exe.3.dr
|
ID: |
dr_110
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.448074445014414
|
Encrypted: |
false
|
Ssdeep: |
49152:8B1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EK:2HzorVmr2FkRpdJYolA
|
Size: |
3837992
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
Category: |
dropped
|
Dump: |
cookie_exporter.exe.3.dr
|
ID: |
dr_107
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.18437243869242
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CK2VSd2ga8KActASiZAkXS1xU5M3XgcoT0cs4qIm6Y6:HgVSktVjv3Xg5T0FIY6
|
Size: |
161832
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
Category: |
dropped
|
Dump: |
elevation_service.exe.3.dr
|
ID: |
dr_108
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.550061415685094
|
Encrypted: |
false
|
Ssdeep: |
24576:+hDdVrQwm5ztlU0A7fMAHmpmZ3QXE/0/lVaLpmasGvP0:+hDdVrQ95RW0Y9HyWQXE/09Val0GE
|
Size: |
1827880
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
Category: |
dropped
|
Dump: |
identity_helper.exe.3.dr
|
ID: |
dr_109
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.527952526251227
|
Encrypted: |
false
|
Ssdeep: |
12288:8doA0Eh2XptoQZRuefMYR6RrAJU9CsxmMocSipEylqFfouDMA+nkSddSDBDIq:870E0ZCQZMip6Rrt9RoctGfmdd0
|
Size: |
1297448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
Category: |
dropped
|
Dump: |
msedge.exe.3.dr
|
ID: |
dr_111
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.510282840179405
|
Encrypted: |
false
|
Ssdeep: |
49152:GpawZh+vD5oLv9eqJ/iUPnspBu/MLPgyLMLQB4gQDyJ0ryMOAqk9l/hO2y/BT:vehFLvTQDpB5oSOmlBl
|
Size: |
4251688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
Category: |
dropped
|
Dump: |
msedge_proxy.exe.3.dr
|
ID: |
dr_119
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.517135995351987
|
Encrypted: |
false
|
Ssdeep: |
12288:Ryeb4D2VLtrQA1Yim7XGLZxHwlqxlThfkY8bo0cITiLEpPoVfMA+nkthF2g0oz5:RiD2VmA1YXQHwlklb8boUuWPg2gX
|
Size: |
1319976
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
Category: |
dropped
|
Dump: |
msedge_pwa_launcher.exe.3.dr
|
ID: |
dr_120
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.536595851108034
|
Encrypted: |
false
|
Ssdeep: |
24576:nfD3zcv9ZhsSGSQoryOzozU63IqRNhB0kDKPHkkkkkkkBoIeAz:nfD3zO9ZhBGlopzM3HRNr00z
|
Size: |
2327080
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
Category: |
dropped
|
Dump: |
msedgewebview2.exe.3.dr
|
ID: |
dr_118
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.542341206299019
|
Encrypted: |
false
|
Ssdeep: |
49152:PTaRe7mkn5KLvD5qGVC008Jpb4tgLUgGEsLABD5wTQh07yrLMLl9YPhe:2I72LvkrCpbxJRoIMx
|
Size: |
3790800
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
Category: |
dropped
|
Dump: |
notification_click_helper.exe.3.dr
|
ID: |
dr_121
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.528528343425516
|
Encrypted: |
false
|
Ssdeep: |
12288:D406WoyJHeFOqDRA7uKk+TjnkgiMnQq+UI7MBImQWkv7yfOYIXbwohMA+nkXZnHC:EW9Jml9mmijZiMnF+ZxmQWcbLw8Vi
|
Size: |
1535528
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
Category: |
dropped
|
Dump: |
pwahelper.exe.3.dr
|
ID: |
dr_122
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.529565207687641
|
Encrypted: |
false
|
Ssdeep: |
12288:X5eN+kL3gVeYt/uakJMtleRO40BbdJrPVJAzAlPY6mYzJuomPMA+nkVogIkd9:XwNHwoYhua6MtERO4qbBJTY6mY1uIgp
|
Size: |
1273384
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Category: |
dropped
|
Dump: |
msedge.exe0.3.dr
|
ID: |
dr_123
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.510282840179405
|
Encrypted: |
false
|
Ssdeep: |
49152:GpawZh+vD5oLv9eqJ/iUPnspBu/MLPgyLMLQB4gQDyJ0ryMOAqk9l/hO2y/BT:vehFLvTQDpB5oSOmlBl
|
Size: |
4251688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
Category: |
dropped
|
Dump: |
msedge_proxy.exe0.3.dr
|
ID: |
dr_124
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.517135995351987
|
Encrypted: |
false
|
Ssdeep: |
12288:Ryeb4D2VLtrQA1Yim7XGLZxHwlqxlThfkY8bo0cITiLEpPoVfMA+nkthF2g0oz5:RiD2VmA1YXQHwlklb8boUuWPg2gX
|
Size: |
1319976
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
Category: |
dropped
|
Dump: |
pwahelper.exe0.3.dr
|
ID: |
dr_125
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.529565207687641
|
Encrypted: |
false
|
Ssdeep: |
12288:X5eN+kL3gVeYt/uakJMtleRO40BbdJrPVJAzAlPY6mYzJuomPMA+nkVogIkd9:XwNHwoYhua6MtERO4qbBJTY6mY1uIgp
|
Size: |
1273384
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeComRegisterShellARM64.exe.3.dr
|
ID: |
dr_126
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.886784618834654
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CAcxiNNpCPPQPg2cluc/Xswbz8cz3quKoNX1gd:HtcwVz4B8c37KoNX1q
|
Size: |
225232
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeUpdate.exe.3.dr
|
ID: |
dr_127
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.801698588859647
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CtW4l/DReos0gXf+EvC6C36eCWdMuoB+ISzBqUGxNtvKAbFP3cSEt0phcf:Hql/DRfkTC3dM7B+mCivAT
|
Size: |
247760
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeUpdateBroker.exe.3.dr
|
ID: |
dr_128
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.477728660509138
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CH684ePKoTB+IvoAewtxUff8aohGme+YDfYz8FrR7:H8rTB+AleYIkifYUF
|
Size: |
142288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeUpdateComRegisterShell64.exe.3.dr
|
ID: |
dr_129
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.1148979372120635
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CUXEV0tle+5IbvBCMmNginHy8lZoY46Mu/rLogrlKq9YXI35EvMl:H7UVwleMITTmNv1ohWsqYI354I
|
Size: |
259024
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeUpdateCore.exe.3.dr
|
ID: |
dr_130
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.4599130518430234
|
Encrypted: |
false
|
Ssdeep: |
6144:HaFKucTm3RhMfoSG5dCd7hjAOe9UmXY2Gh++CgBlPMoX:YKucTm3RhMfoSBjA9U2Yxh+Zgb7X
|
Size: |
305120
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeUpdateOnDemand.exe.3.dr
|
ID: |
dr_131
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.47834155931346
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C8aivqozB+IvcZ4wrZU+l/8xoAm2+YDfYz8GrR/:HXzB+Aw4CZNr2fYLl
|
Size: |
142288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
Category: |
dropped
|
Dump: |
MicrosoftEdgeUpdateSetup.exe.3.dr
|
ID: |
dr_132
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.9132785241650145
|
Encrypted: |
false
|
Ssdeep: |
24576:2wy53G70SeiN9YqxCCg83udcWXDYajPF2410wuRpGfFki94qSe/wsNfzUG:ny53w24gQu3TPZ2psFkiSqwozX
|
Size: |
1640416
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
Category: |
dropped
|
Dump: |
Uninstall.exe0.3.dr
|
ID: |
dr_116
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.280073745498036
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CRRD5b0qZ7y4jem7y6tkNRCywDw1DiJkuKUY:H6D5lZ7y4j9KT4DteUY
|
Size: |
144866
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
Category: |
dropped
|
Dump: |
maintenanceservice.exe.3.dr
|
ID: |
dr_115
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.418884915561345
|
Encrypted: |
false
|
Ssdeep: |
6144:HCPr2vXzrEbslNp/JNsJKQl0GkRAqVNf0O3:iDQXRVTZu0GP+ZR
|
Size: |
280480
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
Category: |
dropped
|
Dump: |
integrator.exe.3.dr
|
ID: |
dr_30
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.574980714652117
|
Encrypted: |
false
|
Ssdeep: |
98304:SkkCqyDEY7+o3OBvfGVY+40yajyS+9s/pLOq:SkkCqaE68eV+0y8E6L1
|
Size: |
4473576
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
Category: |
dropped
|
Dump: |
ConfigSecurityPolicy.exe.3.dr
|
ID: |
dr_31
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.341472497327005
|
Encrypted: |
false
|
Ssdeep: |
12288:5LH18t6x1hjaNHBlfBVDZS82JninSFVlDW:5LOwxyNHBVEHRiSFVlDW
|
Size: |
501656
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
Category: |
dropped
|
Dump: |
MpCmdRun.exe.3.dr
|
ID: |
dr_21
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.32564887081766
|
Encrypted: |
false
|
Ssdeep: |
24576:u7Z1jyzcKSmKsvwMZJ1XBsn/gu2bRC6dulyyn2WdXM6cWlLIJ:8Z1tKTwMZJ1XBsn/UC6dugWA
|
Size: |
1637776
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
Category: |
dropped
|
Dump: |
MpCopyAccelerator.exe.3.dr
|
ID: |
dr_32
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.661915670118636
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CYFtCsHjgU7HOg6KTe/+EypudsD22QnSUEhydebz41:Hhtx0SA+EySaQKeUz41
|
Size: |
224632
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
Category: |
dropped
|
Dump: |
MpDlpCmd.exe.3.dr
|
ID: |
dr_23
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.92162685642819
|
Encrypted: |
false
|
Ssdeep: |
6144:HwzBRUKCBTwZVr2miTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVO5:QzBRnCBOrsBOBf
|
Size: |
431336
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
Category: |
dropped
|
Dump: |
MsMpEng.exe.3.dr
|
ID: |
dr_26
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.037533723529305
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3C1/VpSIcnsHKTe8LnZCA5OfkQAm95kQOJeqx6u:HetkIpdA5OfzDUeqx6u
|
Size: |
175160
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops or copies MsMpEng.exe (Windows Defender, likely to bypass HIPS) |
HIPS / PFW / Operating System Protection Evasion |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
Category: |
dropped
|
Dump: |
NisSrv.exe.3.dr
|
ID: |
dr_27
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.473278820426229
|
Encrypted: |
false
|
Ssdeep: |
49152:4nW4jqFRZega3xejvY7GQOx4K1fm15FKqO7t78Ity6fod76lmlW8U:/s3OBj4UmOH
|
Size: |
3162480
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
Category: |
dropped
|
Dump: |
MpCmdRun.exe0.3.dr
|
ID: |
dr_28
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.512519622174871
|
Encrypted: |
false
|
Ssdeep: |
24576:U+sGOL9NLM3r4Viwj6KLqGua43loEeUFmwv:U4AA4eGua43lgUFrv
|
Size: |
1309408
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
Category: |
dropped
|
Dump: |
mpextms.exe.3.dr
|
ID: |
dr_25
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.477017323101845
|
Encrypted: |
false
|
Ssdeep: |
12288:29/Bro8OEYbhEdbsrg4Sxz2/Sl92ncG15fQ224i5pQ+poPCcqyt4:w/BrnYuqFcL3pQ+pDX
|
Size: |
922944
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
Category: |
dropped
|
Dump: |
VC_redist.x64.exe.3.dr
|
ID: |
dr_29
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
7.210825802452257
|
Encrypted: |
false
|
Ssdeep: |
12288:TskY7gjcjhVIEhqgM7bWvcsi6aVUfIy+U40vy3W/ceKSHMsiFyY6XNmnMwJ:TsZgjS1hqgSC/izkfFjymk4HM5yJwMK
|
Size: |
692064
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\chrome.exe
|
Category: |
dropped
|
Dump: |
chrome.exe.3.dr
|
ID: |
dr_43
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.825172986759551
|
Encrypted: |
false
|
Ssdeep: |
3072:9jDVn3CUMWLuzeHpl18fCtnRPF9EVnb43jaI5gr/uHqZLWfp2KkvL5kdnQB:HRdmCtnRPF9cCGr/uH0gkSdQB
|
Size: |
182272
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Infects executable files (exe, dll, sys, html) |
Spreading, Persistence and Installation Behavior |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Windows\svchost.com
|
Category: |
dropped
|
Dump: |
svchost.com.3.dr
|
ID: |
dr_41
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.265227064080851
|
Encrypted: |
false
|
Ssdeep: |
768:9wKz21DftRu9ShVhWCboDrv4ehB7t3Y5NNibQteOZvav:93zvwzhWCbinhBhIjyYGv
|
Size: |
41472
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files with a suspicious file extension |
Persistence and Installation Behavior |
|
Creates files inside the system directory |
System Summary |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the windows directory (C:\Windows) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Sigma detected: Classes Autorun Keys Modification |
System Summary |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order 24007219.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order 24007219.exe.log
|
Category: |
dropped
|
Dump: |
Order 24007219.exe.log.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
5.34331486778365
|
Encrypted: |
false
|
Ssdeep: |
24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
|
Size: |
1216
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Machine Learning detection for sample |
AV Detection |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Binary may include packed or encrypted code |
Data Obfuscation |
Obfuscated Files or Information
|
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) |
System Summary |
|
Creates files inside the user directory |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using the .NET runtime (Probably coded in C#) |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a COM descriptor data directory |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\3582-490\Order 24007219.exe
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\3582-490\Order 24007219.exe
|
Category: |
dropped
|
Dump: |
Order 24007219.exe.3.dr
|
ID: |
dr_36
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
data
|
Entropy: |
7.927160358837657
|
Encrypted: |
false
|
Ssdeep: |
12288:smDk1uLpfI0YOwqO8Dx1q3oIGkuFsxwkG7+qF2UA6zlH+AfS4NtT9gnjs5SJd7DF:GO7O8Dx1qRuFsxwke9HpV0d
|
Size: |
751616
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Machine Learning detection for sample |
AV Detection |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Binary may include packed or encrypted code |
Data Obfuscation |
Obfuscated Files or Information
|
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using the .NET runtime (Probably coded in C#) |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a COM descriptor data directory |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Non-ISO extended-ASCII text, with CR line terminators
|
modified
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
Category: |
modified
|
Dump: |
tmp5023.tmp.3.dr
|
ID: |
dr_117
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
Non-ISO extended-ASCII text, with CR line terminators
|
Entropy: |
3.0
|
Encrypted: |
false
|
Ssdeep: |
3:dT:dT
|
Size: |
8
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
|
|
|
File: |
C:\Windows\appcompat\Programs\Amcache.hve
|
Category: |
dropped
|
Dump: |
Amcache.hve.3.dr
|
ID: |
dr_38
|
Target ID: |
3
|
Process: |
C:\Users\user\Desktop\Order 24007219.exe
|
Type: |
MS Windows registry file, NT/2000 or above
|
Entropy: |
4.418980042724621
|
Encrypted: |
false
|
Ssdeep: |
6144:zSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNd0uhiTw:+vloTMW+EZMM6DFyn03w
|
Size: |
1835008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|