Automated Malware Analysis IOC Report for

Details

Filetype:	HTML document, ASCII text, with CRLF line terminators
Entropy:	4.612103521212723
Filename:	Facture_160087511.html
Filesize:	1522
MD5:	a357597ee910609541b96d20695b5f72
SHA1:	b8e29385c4cb7f8d38fbdb35fa942eceb6ee9882
SHA256:	a118598b60795591743786e6ca24d1f8aaf4060d01297a1994a4cef8589518c6
SHA512:	5f43d0aa2d0549834e56571549b5b537925f2ddc3892db47f3e13fbd1d1918b55b9ab14ca3b5f0dee43255f3f208be0da18788d5bfb759c8aeebe63d3e561cdd
SSDEEP:	24:2qhNKXxdLgAuAc1Z0wxadMzUaHxvxz6ALplYiduaUMXn0oiWA+xopK/:HqAAPY1sWzUaxvx+ALplHdRXnmJK/
Preview:	<html>.. <meta http-equiv="Refresh" content="0; https://svacamp.com/wp-admin/css/css/a8" />.. <head>... </head><script enabled: true,....init: {.....portal: 'gmxfr',.....category: 'logout',.....categorytype: 'content',.....section: 'mail

Signature Hits	Behavior Group	Mitre Attack
Detected javascript redirector / loader	Phishing	Extra Window Memory Injection Disable or Modify Tools
HTML document with suspicious name	System Summary	Extra Window Memory Injection
HTML document with suspicious title	Phishing	Windows Service Extra Window Memory Injection Masquerading

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll
Category:	dropped
Dump:	ScreenConnect.Core.dll.17.dr
ID:	dr_33
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.031735419537473
Encrypted:	false
Size:	531456
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll
Category:	dropped
Dump:	ScreenConnect.Client.dll.17.dr
ID:	dr_37
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.5759745825926155
Encrypted:	false
Size:	192512
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll
Category:	dropped
Dump:	ScreenConnect.ClientService.dll.17.dr
ID:	dr_21
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.0424578422545006
Encrypted:	false
Size:	61952
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.ClientService.exe
Category:	dropped
Dump:	ScreenConnect.ClientService.exe.17.dr
ID:	dr_25
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.505299402844754
Encrypted:	false
Size:	95520
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Windows.dll
Category:	dropped
Dump:	ScreenConnect.Windows.dll.17.dr
ID:	dr_29
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.635479721420864
Encrypted:	false
Size:	1716224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsBackstageShell.exe
Category:	dropped
Dump:	ScreenConnect.WindowsBackstageShell.exe.17.dr
ID:	dr_26
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.318400837211405
Encrypted:	false
Size:	61216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe
Category:	dropped
Dump:	ScreenConnect.WindowsClient.exe.17.dr
ID:	dr_28
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.166636022526366
Encrypted:	false
Size:	587040
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Yara detected ScreenConnect Tool	Remote Access Functionality

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsFileManager.exe
Category:	dropped
Dump:	ScreenConnect.WindowsFileManager.exe.17.dr
ID:	dr_27
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.850192336318162
Encrypted:	false
Size:	81696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\Downloads\ScreenConnect.Client.exe (copy)
Category:	dropped
Dump:	Unconfirmed 748427.crdownload.0.dr
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Spawns processes	System Summary	Process Injection
Uses an in-process (OLE) Automation server	System Summary

Details

File:	C:\Users\user\Downloads\Unconfirmed 748427.crdownload
Category:	dropped
Dump:	Unconfirmed 748427.crdownload.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.369212533584497
Encrypted:	false
Size:	86304
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for dropped file	AV Detection
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\Downloads\a859b993-1a6c-433e-adfe-3c7effaf6efb.tmp
Category:	dropped
Dump:	a859b993-1a6c-433e-adfe-3c7effaf6efb.tmp.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.4961464832295714
Encrypted:	false
Size:	32405
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Category:	dropped
Dump:	77EC63BDA74BD0D0E0426DC8F8008506.17.dr
ID:	dr_13
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Entropy:	7.99584879649948
Encrypted:	true
Size:	69993
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
Category:	dropped
Dump:	8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B.17.dr
ID:	dr_17
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	7.586932358225902
Encrypted:	false
Size:	727
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops certificate files (DER)	E-Banking Fraud

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Category:	dropped
Dump:	C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141.17.dr
ID:	dr_15
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	7.5893283342641915
Encrypted:	false
Size:	727
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops certificate files (DER)	E-Banking Fraud

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Category:	dropped
Dump:	F2E248BEDDBB2D85122423C41028BFD4.17.dr
ID:	dr_11
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	Certificate, Version=3
Entropy:	7.688784034406474
Encrypted:	false
Size:	1428
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops certificate files (DER)	E-Banking Fraud

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Category:	dropped
Dump:	57C8EDB95DF3F0AD4EE2DC2B8CFD4157.17.dr
ID:	dr_30
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.448753640320332
Encrypted:	false
Size:	338
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Category:	dropped
Dump:	77EC63BDA74BD0D0E0426DC8F80085060.17.dr
ID:	dr_14
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.135433401638173
Encrypted:	false
Size:	330
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B
Category:	modified
Dump:	8EC9B1D0ABBD7F98B401D425828828CE_BE4413523710330F97BEE5D4A544C42B0.17.dr
ID:	dr_18
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.9475886557448523
Encrypted:	false
Size:	404
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Category:	dropped
Dump:	C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.17.dr
ID:	dr_16
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.9844304104350527
Encrypted:	false
Size:	412
Whitelisted:	false

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Category:	dropped
Dump:	F2E248BEDDBB2D85122423C41028BFD40.17.dr
ID:	dr_12
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.068646898467291
Encrypted:	false
Size:	254
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.cdf-ms
Category:	dropped
Dump:	scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445.cdf-ms.17.dr
ID:	dr_19
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	5.119413667292155
Encrypted:	false
Size:	25496
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.cdf-ms
Category:	dropped
Dump:	scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9.cdf-ms.17.dr
ID:	dr_32
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	4.267328038674719
Encrypted:	false
Size:	3452
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.cdf-ms
Category:	dropped
Dump:	scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9.cdf-ms.17.dr
ID:	dr_31
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	4.092321390177708
Encrypted:	false
Size:	5260
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.cdf-ms
Category:	dropped
Dump:	scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6.cdf-ms.17.dr
ID:	dr_24
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.979099019400539
Encrypted:	false
Size:	6588
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.cdf-ms
Category:	dropped
Dump:	scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd.cdf-ms.17.dr
ID:	dr_35
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	4.267743948908668
Encrypted:	false
Size:	3032
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.cdf-ms
Category:	dropped
Dump:	scre..tion_25b0fbb6ef7eb094_0017.0009_none_4b563d129b766e28.cdf-ms.17.dr
ID:	dr_42
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	5.711707708879154
Encrypted:	false
Size:	14612
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.cdf-ms
Category:	dropped
Dump:	scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.cdf-ms.17.dr
ID:	dr_20
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	4.171183581251846
Encrypted:	false
Size:	4428
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\manifests\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.manifest
Category:	dropped
Dump:	scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924.manifest.17.dr
ID:	dr_39
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.0848956029560135
Encrypted:	false
Size:	1636
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config
Category:	dropped
Dump:	ScreenConnect.WindowsClient.exe.config.17.dr
ID:	dr_23
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.842791478883622
Encrypted:	false
Size:	266
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\5yliz2fi.newcfg
Category:	dropped
Dump:	5yliz2fi.newcfg.28.dr
ID:	dr_46
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.018889682243647
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\Client.en-US.resources
Category:	dropped
Dump:	Client.en-US.resources.24.dr
ID:	dr_43
Target ID:	24
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.WindowsClient.exe
Type:	data
Entropy:	4.764447249091755
Encrypted:	false
Size:	48951
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\Client.resources
Category:	dropped
Dump:	Client.resources.24.dr
ID:	dr_44
Target ID:	24
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.WindowsClient.exe
Type:	data
Entropy:	7.7401940386372345
Encrypted:	false
Size:	26722
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\guhv21ht.newcfg
Category:	dropped
Dump:	guhv21ht.newcfg.28.dr
ID:	dr_50
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.018845167469441
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\iil0umr4.newcfg
Category:	dropped
Dump:	iil0umr4.newcfg.28.dr
ID:	dr_48
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.016928642812608
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\k2d0ckb5.newcfg
Category:	dropped
Dump:	k2d0ckb5.newcfg.28.dr
ID:	dr_53
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.020110364509098
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\misekgib.newcfg
Category:	modified
Dump:	misekgib.newcfg.28.dr
ID:	dr_51
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.018359861133562
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\oqecrn00.newcfg
Category:	dropped
Dump:	oqecrn00.newcfg.28.dr
ID:	dr_45
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.016928642812608
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\pz05t2zv.newcfg
Category:	dropped
Dump:	pz05t2zv.newcfg.28.dr
ID:	dr_47
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.018050255881193
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\user.config (copy)
Category:	dropped
Dump:	oqecrn00.newcfg.28.dr
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\xd1yuia0.newcfg
Category:	dropped
Dump:	xd1yuia0.newcfg.28.dr
ID:	dr_49
Target ID:	28
Process:	C:\Users\user\AppData\Local\Apps\2.0\NKN6D4GD.WE6\GTV6MLEW.9MM\scre..tion_25b0fbb6ef7eb094_0017.0009_0d1f4c192b0d921d\ScreenConnect.ClientService.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.018463911566443
Encrypted:	false
Size:	584
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\ACGAD3OU.log
Category:	modified
Dump:	ACGAD3OU.log.17.dr
ID:	dr_22
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	Unicode text, UTF-16, little-endian text, with very long lines (649), with CRLF line terminators
Entropy:	3.8131116323885057
Encrypted:	false
Size:	15220
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Client.dll.genman
Category:	dropped
Dump:	ScreenConnect.Client.dll.genman.17.dr
ID:	dr_41
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.148278749531531
Encrypted:	false
Size:	1041
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Core.dll.genman
Category:	dropped
Dump:	ScreenConnect.Core.dll.genman.17.dr
ID:	dr_40
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.130181995746891
Encrypted:	false
Size:	1216
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.Windows.dll.genman
Category:	dropped
Dump:	ScreenConnect.Windows.dll.genman.17.dr
ID:	dr_38
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.056583067402645
Encrypted:	false
Size:	1982
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe.genman
Category:	dropped
Dump:	ScreenConnect.WindowsClient.exe.genman.17.dr
ID:	dr_36
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.02538862565643
Encrypted:	false
Size:	2573
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe.manifest
Category:	dropped
Dump:	ScreenConnect.WindowsClient.exe.manifest.17.dr
ID:	dr_9
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
Entropy:	5.957264907751996
Encrypted:	false
Size:	17866
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\7JVGGM9Y.9RB\KZWL13D3.XCX\ScreenConnect.WindowsClient.exe:Zone.Identifier
Category:	dropped
Dump:	ScreenConnect.WindowsClient.exe_Zone.Identifier.17.dr
ID:	dr_34
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.95006375643621
Encrypted:	false
Size:	26
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\Deployment\OOG971H4.9P9\Y7E97099.YRX.application
Category:	dropped
Dump:	Y7E97099.YRX.application.17.dr
ID:	dr_8
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
Entropy:	5.578736140860222
Encrypted:	false
Size:	112936
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06
Category:	dropped
Dump:	932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06.17.dr
ID:	dr_10
Target ID:	17
Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
Type:	data
Entropy:	3.463057265798253
Encrypted:	false
Size:	87
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Category:	dropped
Dump:	Docs.lnk.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.994061750988033
Encrypted:	false
Size:	2677
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Category:	dropped
Dump:	Gmail.lnk.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.007770307364548
Encrypted:	false
Size:	2679
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Category:	dropped
Dump:	Google Drive.lnk.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.017604899741946
Encrypted:	false
Size:	2693
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Category:	dropped
Dump:	Sheets.lnk.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.008104043733329
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Category:	dropped
Dump:	Slides.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	3.9969784838504205
Encrypted:	false
Size:	2681
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Category:	dropped
Dump:	YouTube.lnk.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 20:39:41 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Entropy:	4.010112604309219
Encrypted:	false
Size:	2683
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Category:	modified
Dump:	MpCmdRun.log.32.dr
ID:	dr_52
Target ID:	32
Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.2457736875054466
Encrypted:	false
Size:	2464
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Facture_160087511.html

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFacture_160087511.html

Files

URLs

Domains

IPs

IOC Report
Facture_160087511.html