Windows Analysis Report
Documents.zip

Overview

General Information

Sample name: Documents.zip
Analysis ID: 1428208
MD5: 889ca52a0d02aae55c2ad5928333bf7a
SHA1: 56b37a87421d730cc85d259a9dcadb58209b4b2e
SHA256: 0fd4dc92a7affb0e2340b52171b83766b61d1374371af2e83155095bc90f2b50
Infos:

Detection

Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected Generic Patcher
Machine Learning detection for dropped file
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device

Classification

AV Detection
barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dll Avira: detection malicious, Label: HEUR/AGEN.1323878
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dll ReversingLabs: Detection: 75%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\dup2patcher.dll Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\Documents\desktop.ini
Source: classification engine Classification label: mal68.evad.winZIP@4/2@0/0
Source: C:\Windows\System32\OpenWith.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3060:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File created: C:\Users\user\AppData\Local\Temp\dup2patcher.dll
Source: C:\Windows\System32\OpenWith.exe File read: C:\Users\desktop.ini
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe"
Source: C:\Windows\System32\OpenWith.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: ninput.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: structuredquery.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: windows.storage.search.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: samlib.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: networkexplorer.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: assignedaccessruntime.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Windows\SysWOW64\MsftEdit.dll
Source: Documents.zip Static file information: File size 13680105 > 1048576
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File created: C:\Users\user\AppData\Local\Temp\dup2patcher.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File created: C:\Users\user\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll Jump to dropped file
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dup2patcher.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\OpenWith.exe TID: 3792 Thread sleep count: 81 > 30
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe File opened: C:\Users\user\Documents\desktop.ini

HIPS / PFW / Operating System Protection Evasion
barindex
Yara detected Generic Patcher
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\dup2patcher.dll, type: DROPPED
Source: Yara match File source: 00000015.00000002.2471795592.000000006FAF3000.00000080.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.2460753360.0000000001240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
windows-stand
⊘No contacted IP infos