Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	7.998291471388156
Filename:	tehtris_offline_forensic_2.6.0.0.exe
Filesize:	15502144
MD5:	b24e639470b5cc0a46baa9fec06504af
SHA1:	9eed36e3dc36693372baeef8538d3024e75b8d79
SHA256:	1448e64b1323ae0ee97bcd7d712f8cb3a501c7fa06fb486f15da3601f1fa0a09
SHA512:	a64578152ecdaf9039ca99253e7108cb4fa7c12173467185dcddd5dc1053d7d75d26a476202a9c1e4fd655c90fd9e88861db3cfa2b1952039936615b29e20e71
SSDEEP:	393216:nRNR3iYOSiUq075W+4nHOdvQRjlTKKvYqFHj7ybKxg:nrdDObodvQRjhLYQPyGxg
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................./...............................@..................................o........ ............................

Signature Hits	Behavior Group	Mitre Attack
Found pyInstaller with non standard icon	Persistence and Installation Behavior
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses 32bit PE files	Compliance, System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery
PE file has an executable .text section and no other executable section	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary
Uses new MSVCR Dlls	Compliance, System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\09isgp
Category:	dropped
Dump:	09isgp.3.dr
ID:	dr_97
Target ID:	3
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text, with no line terminators
Entropy:	2.0
Encrypted:	false
Size:	4
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\Crypto.Cipher._AES.pyd
Category:	dropped
Dump:	Crypto.Cipher._AES.pyd.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.038342557344039
Encrypted:	false
Size:	29184
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\Include\pyconfig.h
Category:	dropped
Dump:	pyconfig.h.0.dr
ID:	dr_96
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	C source, ASCII text
Entropy:	5.345136937906198
Encrypted:	false
Size:	21321
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\Microsoft.VC90.CRT.manifest
Category:	dropped
Dump:	Microsoft.VC90.CRT.manifest.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.375616908722781
Encrypted:	false
Size:	1050
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\Microsoft.VC90.MFC.manifest
Category:	dropped
Dump:	Microsoft.VC90.MFC.manifest.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.3684366346449774
Encrypted:	false
Size:	1139
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\PIL._imaging.pyd
Category:	dropped
Dump:	PIL._imaging.pyd.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.675206706090499
Encrypted:	false
Size:	936960
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\PIL._imagingtk.pyd
Category:	dropped
Dump:	PIL._imagingtk.pyd.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.3093734784850035
Encrypted:	false
Size:	9216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\PIL._webp.pyd
Category:	dropped
Dump:	PIL._webp.pyd.0.dr
ID:	dr_24
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.736483891304412
Encrypted:	false
Size:	349184
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_bsddb.pyd
Category:	dropped
Dump:	_bsddb.pyd.0.dr
ID:	dr_25
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.769727775082088
Encrypted:	false
Size:	1107968
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_cffi_backend.pyd
Category:	dropped
Dump:	_cffi_backend.pyd.0.dr
ID:	dr_26
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.5618571058390796
Encrypted:	false
Size:	119808
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_ctypes.pyd
Category:	dropped
Dump:	_ctypes.pyd.0.dr
ID:	dr_27
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.497795473929825
Encrypted:	false
Size:	93184
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_hashlib.pyd
Category:	dropped
Dump:	_hashlib.pyd.0.dr
ID:	dr_28
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.841096025901925
Encrypted:	false
Size:	1014784
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_socket.pyd
Category:	dropped
Dump:	_socket.pyd.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.550794854150774
Encrypted:	false
Size:	48128
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_sqlite3.pyd
Category:	dropped
Dump:	_sqlite3.pyd.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4946641123978575
Encrypted:	false
Size:	51712
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_ssl.pyd
Category:	dropped
Dump:	_ssl.pyd.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.844168786190902
Encrypted:	false
Size:	1405952
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_testcapi.pyd
Category:	dropped
Dump:	_testcapi.pyd.0.dr
ID:	dr_12
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.524339001483802
Encrypted:	false
Size:	42496
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\_win32sysloader.pyd
Category:	dropped
Dump:	_win32sysloader.pyd.0.dr
ID:	dr_13
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.061610175097613
Encrypted:	false
Size:	7168
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\bz2.pyd
Category:	dropped
Dump:	bz2.pyd.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.752427751594252
Encrypted:	false
Size:	72704
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\DESCRIPTION.rst
Category:	dropped
Dump:	DESCRIPTION.rst.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text
Entropy:	4.818015898522134
Encrypted:	false
Size:	2180
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\INSTALLER
Category:	dropped
Dump:	INSTALLER.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text
Entropy:	1.5
Encrypted:	false
Size:	4
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\METADATA
Category:	dropped
Dump:	METADATA.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.087313118307497
Encrypted:	false
Size:	4714
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\RECORD
Category:	dropped
Dump:	RECORD.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	CSV text
Entropy:	5.59286242988929
Encrypted:	false
Size:	11621
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\WHEEL
Category:	dropped
Dump:	WHEEL.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.037696671172031
Encrypted:	false
Size:	102
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\entry_points.txt
Category:	dropped
Dump:	entry_points.txt.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text
Entropy:	4.421562083645507
Encrypted:	false
Size:	80
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\metadata.json
Category:	dropped
Dump:	metadata.json.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	JSON data
Entropy:	5.048485649819386
Encrypted:	false
Size:	2233
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography-1.7.2-py2.7.egg-info\top_level.txt
Category:	dropped
Dump:	top_level.txt.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text
Entropy:	4.039547553742005
Encrypted:	false
Size:	46
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography.hazmat.bindings._constant_time.pyd
Category:	dropped
Dump:	cryptography.hazmat.bindings._constant_time.pyd.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.21489975199494
Encrypted:	false
Size:	7168
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\cryptography.hazmat.bindings._openssl.pyd
Category:	dropped
Dump:	cryptography.hazmat.bindings._openssl.pyd.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.801194860825362
Encrypted:	false
Size:	1828864
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\embedded\yara\tehtris_enc.yar
Category:	dropped
Dump:	tehtris_enc.yar.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	Award BIOS Logo, 136 x 126
Entropy:	7.963714028792397
Encrypted:	false
Size:	6021
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.advanced.pyd
Category:	dropped
Dump:	eof.advanced.pyd.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.421209039784287
Encrypted:	false
Size:	112128
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.autostarts.pyd
Category:	dropped
Dump:	eof.autostarts.pyd.0.dr
ID:	dr_18
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.031592270925895
Encrypted:	false
Size:	28160
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.browsers_scan.pyd
Category:	dropped
Dump:	eof.browsers_scan.browsers_scan.pyd.0.dr
ID:	dr_29
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.235311188900963
Encrypted:	false
Size:	72192
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.chrome.pyd
Category:	dropped
Dump:	eof.browsers_scan.chrome.pyd.0.dr
ID:	dr_30
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.393962397625901
Encrypted:	false
Size:	111616
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.firefox.pyd
Category:	dropped
Dump:	eof.browsers_scan.firefox.pyd.0.dr
ID:	dr_31
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4305010940571705
Encrypted:	false
Size:	188416
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.ie.pyd
Category:	dropped
Dump:	eof.browsers_scan.ie.pyd.0.dr
ID:	dr_32
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.403565031396433
Encrypted:	false
Size:	104448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.misc.pyd
Category:	dropped
Dump:	eof.browsers_scan.misc.pyd.0.dr
ID:	dr_33
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4559297217011435
Encrypted:	false
Size:	148480
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.opera.pyd
Category:	dropped
Dump:	eof.browsers_scan.opera.pyd.0.dr
ID:	dr_34
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.385367048777922
Encrypted:	false
Size:	127488
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.optimizejars.pyd
Category:	dropped
Dump:	eof.browsers_scan.optimizejars.pyd.0.dr
ID:	dr_35
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.430005118693343
Encrypted:	false
Size:	99328
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.browsers_scan.regkey.pyd
Category:	dropped
Dump:	eof.browsers_scan.regkey.pyd.0.dr
ID:	dr_36
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.388477119744748
Encrypted:	false
Size:	64512
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.config.pyd
Category:	dropped
Dump:	eof.config.pyd.0.dr
ID:	dr_37
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.050080731883013
Encrypted:	false
Size:	37376
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.disk.pyd
Category:	dropped
Dump:	eof.disk.pyd.0.dr
ID:	dr_38
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.41518889933716
Encrypted:	false
Size:	121344
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.eof.pyd
Category:	dropped
Dump:	eof.eof.pyd.0.dr
ID:	dr_39
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.402938516007533
Encrypted:	false
Size:	147968
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic.pyd
Category:	dropped
Dump:	eof.forensic.pyd.0.dr
ID:	dr_40
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.306665638065492
Encrypted:	false
Size:	37888
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.amcache.pyd
Category:	dropped
Dump:	eof.forensic_scripts.amcache.pyd.0.dr
ID:	dr_41
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.406165667882317
Encrypted:	false
Size:	128000
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.app_compat_cache.pyd
Category:	dropped
Dump:	eof.forensic_scripts.app_compat_cache.pyd.0.dr
ID:	dr_42
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4623646493196025
Encrypted:	false
Size:	147968
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.prefetch.pyd
Category:	dropped
Dump:	eof.forensic_scripts.prefetch.pyd.0.dr
ID:	dr_43
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.339986881655648
Encrypted:	false
Size:	73728
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.recent_file_cache.pyd
Category:	dropped
Dump:	eof.forensic_scripts.recent_file_cache.pyd.0.dr
ID:	dr_44
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.284345532475225
Encrypted:	false
Size:	32768
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.registry.pyd
Category:	dropped
Dump:	eof.forensic_scripts.registry.pyd.0.dr
ID:	dr_45
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.251448661506351
Encrypted:	false
Size:	45568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.registry_file.pyd
Category:	dropped
Dump:	eof.forensic_scripts.registry_file.pyd.0.dr
ID:	dr_46
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.543989582605182
Encrypted:	false
Size:	444928
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.registry_live.pyd
Category:	dropped
Dump:	eof.forensic_scripts.registry_live.pyd.0.dr
ID:	dr_47
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.328854722149623
Encrypted:	false
Size:	43008
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.registry_tracks.pyd
Category:	dropped
Dump:	eof.forensic_scripts.registry_tracks.pyd.0.dr
ID:	dr_48
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.370671966450294
Encrypted:	false
Size:	81408
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.forensic_scripts.volume_shadow_copy.pyd
Category:	dropped
Dump:	eof.forensic_scripts.volume_shadow_copy.pyd.0.dr
ID:	dr_49
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.274525012072884
Encrypted:	false
Size:	35840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.Address.pyd
Category:	dropped
Dump:	eof.memorpy.Address.pyd.0.dr
ID:	dr_50
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.328065824250149
Encrypted:	false
Size:	62976
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.BaseProcess.pyd
Category:	dropped
Dump:	eof.memorpy.BaseProcess.pyd.0.dr
ID:	dr_51
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.375886554189573
Encrypted:	false
Size:	46080
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.Locator.pyd
Category:	dropped
Dump:	eof.memorpy.Locator.pyd.0.dr
ID:	dr_52
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.322866798850283
Encrypted:	false
Size:	48128
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.MemWorker.pyd
Category:	dropped
Dump:	eof.memorpy.MemWorker.pyd.0.dr
ID:	dr_53
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.466899722209181
Encrypted:	false
Size:	104960
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.Process.pyd
Category:	dropped
Dump:	eof.memorpy.Process.pyd.0.dr
ID:	dr_54
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.848127179924235
Encrypted:	false
Size:	14336
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.WinProcess.pyd
Category:	dropped
Dump:	eof.memorpy.WinProcess.pyd.0.dr
ID:	dr_55
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.490350461623646
Encrypted:	false
Size:	148992
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.WinStructures.pyd
Category:	dropped
Dump:	eof.memorpy.WinStructures.pyd.0.dr
ID:	dr_56
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.213521072820622
Encrypted:	false
Size:	61952
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.structures.pyd
Category:	dropped
Dump:	eof.memorpy.structures.pyd.0.dr
ID:	dr_57
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.95774592017594
Encrypted:	false
Size:	13312
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memorpy.utils.pyd
Category:	dropped
Dump:	eof.memorpy.utils.pyd.0.dr
ID:	dr_58
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.370824695484224
Encrypted:	false
Size:	49152
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.memscan.pyd
Category:	dropped
Dump:	eof.memscan.pyd.0.dr
ID:	dr_59
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.3736066953123505
Encrypted:	false
Size:	70144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.process.pyd
Category:	dropped
Dump:	eof.process.pyd.0.dr
ID:	dr_60
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.436158035823645
Encrypted:	false
Size:	187392
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.psutil_xp.psutil._psutil_windows.pyd
Category:	dropped
Dump:	eof.psutil_xp.psutil._psutil_windows.pyd.0.dr
ID:	dr_61
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.314321948614945
Encrypted:	false
Size:	39936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.tools.pyd
Category:	dropped
Dump:	eof.tools.pyd.0.dr
ID:	dr_62
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.460531976986463
Encrypted:	false
Size:	159744
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.windows_scripts.autostarts.pyd
Category:	dropped
Dump:	eof.windows_scripts.autostarts.pyd.0.dr
ID:	dr_63
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.4395796952023865
Encrypted:	false
Size:	350720
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.windows_scripts.hosts.pyd
Category:	dropped
Dump:	eof.windows_scripts.hosts.pyd.0.dr
ID:	dr_64
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.149938496707501
Encrypted:	false
Size:	26112
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.windows_scripts.installed_softwares.pyd
Category:	dropped
Dump:	eof.windows_scripts.installed_softwares.pyd.0.dr
ID:	dr_65
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.280261100917009
Encrypted:	false
Size:	58368
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.windows_scripts.security_products_state.pyd
Category:	dropped
Dump:	eof.windows_scripts.security_products_state.pyd.0.dr
ID:	dr_66
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.3092934476179
Encrypted:	false
Size:	56320
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.windows_scripts.signatures.pyd
Category:	dropped
Dump:	eof.windows_scripts.signatures.pyd.0.dr
ID:	dr_67
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.541571332139685
Encrypted:	false
Size:	522240
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\eof.yarapy.pyd
Category:	dropped
Dump:	eof.yarapy.pyd.0.dr
ID:	dr_68
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.443168419699998
Encrypted:	false
Size:	119808
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\mfc90.dll
Category:	dropped
Dump:	mfc90.dll.0.dr
ID:	dr_69
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.012770356754067
Encrypted:	false
Size:	3757568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\mfc90u.dll
Category:	dropped
Dump:	mfc90u.dll.0.dr
ID:	dr_70
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.009508208409266
Encrypted:	false
Size:	3772928
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\mfcm90.dll
Category:	dropped
Dump:	mfcm90.dll.0.dr
ID:	dr_71
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.0508544123612555
Encrypted:	false
Size:	59904
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\mfcm90u.dll
Category:	dropped
Dump:	mfcm90u.dll.0.dr
ID:	dr_72
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.048344728135143
Encrypted:	false
Size:	59904
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\msvcm90.dll
Category:	dropped
Dump:	msvcm90.dll.0.dr
ID:	dr_73
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.034678554881571
Encrypted:	false
Size:	225280
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\msvcp90.dll
Category:	dropped
Dump:	msvcp90.dll.0.dr
ID:	dr_74
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.521606850426073
Encrypted:	false
Size:	569680
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\msvcr90.dll
Category:	dropped
Dump:	msvcr90.dll.0.dr
ID:	dr_75
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.883619619946885
Encrypted:	false
Size:	653136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\psutil._psutil_windows.pyd
Category:	dropped
Dump:	psutil._psutil_windows.pyd.0.dr
ID:	dr_76
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.356637922773023
Encrypted:	false
Size:	47616
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\pyexpat.pyd
Category:	dropped
Dump:	pyexpat.pyd.0.dr
ID:	dr_77
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.612873761652003
Encrypted:	false
Size:	138240
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\python27.dll
Category:	dropped
Dump:	python27.dll.0.dr
ID:	dr_78
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.7224146477246824
Encrypted:	false
Size:	2631680
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\pythoncom27.dll
Category:	dropped
Dump:	pythoncom27.dll.0.dr
ID:	dr_79
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.645630182293659
Encrypted:	false
Size:	395776
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\pywintypes27.dll
Category:	dropped
Dump:	pywintypes27.dll.0.dr
ID:	dr_80
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.581545891211645
Encrypted:	false
Size:	109056
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\select.pyd
Category:	dropped
Dump:	select.pyd.0.dr
ID:	dr_81
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.995803092493926
Encrypted:	false
Size:	11776
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\sqlite3.dll
Category:	dropped
Dump:	sqlite3.dll.0.dr
ID:	dr_82
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.7716707465479296
Encrypted:	false
Size:	552960
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\tehtris_offline_forensic.exe.manifest
Category:	dropped
Dump:	tehtris_offline_forensic.exe.manifest.0.dr
ID:	dr_83
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.2677010672417275
Encrypted:	false
Size:	1603
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\unicodedata.pyd
Category:	dropped
Dump:	unicodedata.pyd.0.dr
ID:	dr_84
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.43571815419785
Encrypted:	false
Size:	688640
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32api.pyd
Category:	dropped
Dump:	win32api.pyd.0.dr
ID:	dr_85
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.5766707412687975
Encrypted:	false
Size:	99328
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32com.shell.shell.pyd
Category:	dropped
Dump:	win32com.shell.shell.pyd.0.dr
ID:	dr_86
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.5675400080246416
Encrypted:	false
Size:	360448
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32console.pyd
Category:	dropped
Dump:	win32console.pyd.0.dr
ID:	dr_87
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.318278473401064
Encrypted:	false
Size:	44544
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32evtlog.pyd
Category:	dropped
Dump:	win32evtlog.pyd.0.dr
ID:	dr_88
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.45651820282447
Encrypted:	false
Size:	48640
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32file.pyd
Category:	dropped
Dump:	win32file.pyd.0.dr
ID:	dr_89
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.623329768965339
Encrypted:	false
Size:	118784
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32gui.pyd
Category:	dropped
Dump:	win32gui.pyd.0.dr
ID:	dr_90
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.58733338676621
Encrypted:	false
Size:	166912
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32pipe.pyd
Category:	dropped
Dump:	win32pipe.pyd.0.dr
ID:	dr_91
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.187314720225589
Encrypted:	false
Size:	23040
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32process.pyd
Category:	dropped
Dump:	win32process.pyd.0.dr
ID:	dr_92
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.382798861959788
Encrypted:	false
Size:	35840
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32security.pyd
Category:	dropped
Dump:	win32security.pyd.0.dr
ID:	dr_93
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.535853767796153
Encrypted:	false
Size:	107520
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32trace.pyd
Category:	dropped
Dump:	win32trace.pyd.0.dr
ID:	dr_94
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.772736762466878
Encrypted:	false
Size:	14848
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI70442\win32ui.pyd
Category:	dropped
Dump:	win32ui.pyd.0.dr
ID:	dr_95
Target ID:	0
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.3748021173150855
Encrypted:	false
Size:	778240
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\tmpo8tal6\gen_py\__init__.py
Category:	dropped
Dump:	__init__.py.3.dr
ID:	dr_98
Target ID:	3
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.713840781302666
Encrypted:	false
Size:	176
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\tmpo8tal6\gen_py\dicts.dat
Category:	dropped
Dump:	dicts.dat.3.dr
ID:	dr_99
Target ID:	3
Process:	C:\Users\user\Desktop\tehtris_offline_forensic_2.6.0.0.exe
Type:	ASCII text
Entropy:	2.721928094887362
Encrypted:	false
Size:	10
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
tehtris_offline_forensic_2.6.0.0.exe

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporttehtris_offline_forensic_2.6.0.0.exe

Files

IOC Report
tehtris_offline_forensic_2.6.0.0.exe