Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

ID:	1428514
Product:	CloudBasic
Start time:	04:24:07
Start date:	19.04.2024
Sample:	SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ce1755d3643d9cc1c6fb58e7051d5ad9
SHA1:	ed7ed2be9c585917542bc1c9c21ece7fc7b2b3a5
SHA256:	6ef619bf548f43105b623bf7ffafa3f5d5b42bf6092d4949ec36677486ad67bd
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	ReversingLabs: Detection: 26%
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Virustotal: Detection: 30%			Perma Link

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Joe Sandbox ML: detected

Exploits

Source: Yara match	File source: 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe PID: 2636, type: MEMORYSTR

Compliance

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

System Summary

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F1C624		0_2_00007FF848F1C624
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F24D51		0_2_00007FF848F24D51
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F25DAC		0_2_00007FF848F25DAC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F1CDE9		0_2_00007FF848F1CDE9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F1586D		0_2_00007FF848F1586D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F10F2D		0_2_00007FF848F10F2D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F1A780		0_2_00007FF848F1A780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F25E3A		0_2_00007FF848F25E3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F18F28		0_2_00007FF848F18F28

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static PE information: No import functions for PE file found

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4553321535.000002D72CF18000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAmovadeh0 vs SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000000.2103518247.000002D71ACF2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameAcegevuyaH vs SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Binary or memory string: OriginalFilenameAcegevuyaH vs SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, GenericCreateGlobalFunctions.cs

Task registration methods: 'TaskStopsLongTimePattern'

Source: classification engine

Classification label: mal80.expl.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Mutant created: NULL

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	ReversingLabs: Detection: 26%
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Virustotal: Detection: 30%

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

String found in binary or memory: /AddInServer

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Section loaded: cryptbase.dll			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, TaskWaitBegincDisplayClass115.cs

.Net Code: ModuleReflectionOnlyLoadFrom

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F17963 push ebx; retf		0_2_00007FF848F1796A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848F100BD pushad ; iretd		0_2_00007FF848F100C1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Code function: 0_2_00007FF848FF026B push esp; retf 4810h		0_2_00007FF848FF0312

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe PID: 2636, type: MEMORYSTR

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Memory allocated: 2D71C7F0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Memory allocated: 2D734AF0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe	Memory allocated: 2D73D2B0000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Window / User API: threadDelayed 9966

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe TID: 5300	Thread sleep count: 9966 > 30			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe TID: 5300	Thread sleep time: -9966000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

System information queried: CurrentTimeZoneInformation

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe, 00000000.00000002.4552305215.000002D71CB16000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Process Stats: CPU usage > 42% for more than 60s

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Process token adjusted: Debug

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Memory allocated: page read and write | page guard

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader46.58558.2907.4089.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior