Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
ReversingLabs: Detection: 87% |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: unknown |
DNS traffic detected: query: kyliansuperm92139124.shop replaycode: Server failure (2) |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
DNS traffic detected: queries for: kyliansuperm92139124.shop |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000002.2076741590.000001E221723000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://go.mic |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000002.2077669632.000001E223251000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000002.2077669632.000001E2232EA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000002.2077669632.000001E223251000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://kyliansuperm92139124.shop |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000002.2077669632.000001E223251000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://kyliansuperm92139124.shop/customer/809 |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Static PE information: No import functions for PE file found |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000000.1984123602.000001E221502000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, .cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, .cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, .cs |
Base64 encoded string: 'wptFkG0ATOUpMhL79wADQIlA3Wv41kVfbeMWaWFijOya0ybGEH5tlNtP74JTZbB0' |
Source: classification engine |
Classification label: mal60.troj.winEXE@1/1@4/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe.log |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
ReversingLabs: Detection: 87% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: Yara match |
File source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe PID: 3060, type: MEMORYSTR |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Memory allocated: 1E221850000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Memory allocated: 1E23B250000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe TID: 3012 |
Thread sleep time: -30000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe TID: 2136 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe, 00000000.00000002.2076741590.000001E221723000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Process token adjusted: Debug |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.24833.2705.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |