Documents.zip
|
Zip archive data, at least v1.0 to extract, compression method=store
|
initial sample
|
|
|
|
Filetype: |
Zip archive data, at least v1.0 to extract, compression method=store
|
Entropy: |
7.9999867151513575
|
Filename: |
Documents.zip
|
Filesize: |
13680105
|
MD5: |
889ca52a0d02aae55c2ad5928333bf7a
|
SHA1: |
56b37a87421d730cc85d259a9dcadb58209b4b2e
|
SHA256: |
0fd4dc92a7affb0e2340b52171b83766b61d1374371af2e83155095bc90f2b50
|
SHA512: |
deb9a4ff8b21f0137c6817a38710698306853d8fbee0f3b22bbb863000bd677853ab115318fd8da4bb125b67ed14ed76d7ea8084d02ec8491d814e87780800a9
|
SSDEEP: |
393216:rAxnrz0n24YXjPCcTabQnsUV13Jqd+tUMgaUXjVuB7MTjUZMy:ranX748Dns013JqUtUMgaURuUin
|
Preview: |
PK.........|.Xi.HL1...1...<...MDE_File_Sample_5a1a1e6cc30fa7274f0635f7b54dc4f186da280b.zipPK.........t.X.'+.W...K.....$.Stardock_Fences_v4.21.7z..
.........)^V2....(^V2....#^V2.......\g.:.Z@...sK...+Cz_.../.R...7gsc..cK.........n8.[d0&.....U..Y-...&7..+..
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll
|
Category: |
dropped
|
Dump: |
C5E3399ED9A072FE864748D49BA96094.dll.21.dr
|
ID: |
dr_1
|
Target ID: |
21
|
Process: |
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
2.3834002847708287
|
Encrypted: |
false
|
Size: |
2560
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\dup2patcher.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\dup2patcher.dll
|
Category: |
dropped
|
Dump: |
dup2patcher.dll.21.dr
|
ID: |
dr_0
|
Target ID: |
21
|
Process: |
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_777680118a9128f5f59b3855ddeb6361b4171722.zip\stardock.fences.3.0.5.x64-patch.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.2594747501346975
|
Encrypted: |
false
|
Size: |
391168
|
Whitelisted: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus detection for dropped file |
AV Detection |
|
Multi AV Scanner detection for dropped file |
AV Detection |
Security Software Discovery
|
Yara detected Generic Patcher |
HIPS / PFW / Operating System Protection Evasion |
|
Machine Learning detection for dropped file |
AV Detection |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Creates temporary files |
System Summary |
|
|