Source: | Binary string: System.Core.pdbP source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: C:\Users\Private\Desktop\mbbborclar\mbbborclar\obj\Debug\mbbborclar.pdb source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: | Binary string: mscorlib.pdb source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3162873892.0000000002CDA000.00000004.00000800.00020000.00000000.sdmp, WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.ni.pdbRSDS source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: mscorlib.ni.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: C:\Users\Private\Desktop\mbbborclar\mbbborclar\obj\Debug\mbbborclar.pdb\ source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: | Binary string: System.pdb4 source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.Core.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\mbbborclar.pdbt source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3161772118.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: mbbborclar.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.PDB source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3161772118.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.ni.pdbRSDS source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.Core.ni.pdb source: WERF177.tmp.dmp.7.dr |
Source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3161772118.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000000.2011718336.0000000000982000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamembbborclar.exe6 vs SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3162873892.0000000002CDA000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamembbborclar.exe6 vs SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Binary or memory string: OriginalFilenamembbborclar.exe6 vs SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: 00000000.00000002.3162873892.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: | Binary string: System.Core.pdbP source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: C:\Users\Private\Desktop\mbbborclar\mbbborclar\obj\Debug\mbbborclar.pdb source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: | Binary string: mscorlib.pdb source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3162873892.0000000002CDA000.00000004.00000800.00020000.00000000.sdmp, WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.ni.pdbRSDS source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: mscorlib.ni.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: C:\Users\Private\Desktop\mbbborclar\mbbborclar\obj\Debug\mbbborclar.pdb\ source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe |
Source: | Binary string: System.pdb4 source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.Core.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\mbbborclar.pdbt source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3161772118.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: mbbborclar.pdb source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.PDB source: SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe, 00000000.00000002.3161772118.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.ni.pdbRSDS source: WERF177.tmp.dmp.7.dr |
Source: | Binary string: System.Core.ni.pdb source: WERF177.tmp.dmp.7.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.7.dr | Binary or memory string: VMware |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.7.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.7.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.7.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.7.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.7.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.7.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.7.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.7.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.7.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.7.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.7.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.7.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.7.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.7.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.7.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.7.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.7.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.7.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.7.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.7.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |