Source: unknown |
DNS traffic detected: query: gertec_certificates_installer_1.2.0.0.exe replaycode: Name error (3) |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: unknown |
DNS traffic detected: queries for: gertec_certificates_installer_1.2.0.0.exe |
Source: wget.exe, 00000002.00000002.2081491966.0000000000B80000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Gertec_Certificates_Installer_1.2.0.0.exe |
Source: wget.exe, 00000002.00000002.2081544894.0000000001130000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Gertec_Certificates_Installer_1.2.0.0.exea |
Source: wget.exe, 00000002.00000002.2081544894.0000000001130000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://Gertec_Certificates_Installer_1.2.0.0.exeng |
Source: wget.exe, 00000002.00000002.2081544894.0000000001135000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2081398214.00000000009CD000.00000004.00000010.00020000.00000000.sdmp, cmdline.out.0.dr |
String found in binary or memory: http://gertec_certificates_installer_1.2.0.0.exe/ |
Source: wget.exe, 00000002.00000002.2081544894.0000000001135000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://gertec_certificates_installer_1.2.0.0.exe/a |
Source: wget.exe, 00000002.00000002.2081544894.0000000001135000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://gertec_certificates_installer_1.2.0.0.exe/t |
Source: classification engine |
Classification label: clean2.win@4/1@1/0 |
Source: C:\Windows\SysWOW64\cmd.exe |
File created: C:\Users\user\Desktop\cmdline.out |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03 |
Source: C:\Windows\SysWOW64\wget.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://Gertec_Certificates_Installer_1.2.0.0.exe" > cmdline.out 2>&1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://Gertec_Certificates_Installer_1.2.0.0.exe" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://Gertec_Certificates_Installer_1.2.0.0.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: wget.exe, 00000002.00000002.2081436352.0000000000A58000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://gertec_certificates_installer_1.2.0.0.exe" > cmdline.out 2>&1 |