Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Virustotal: Detection: 49% |
Perma Link |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\.Jakob\Other\OffensiveTools\SharpDPAPI\SharpChrome\obj\Debug\SharpChrome.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Source: |
Binary string: C:\.Jakob\Other\OffensiveTools\SharpDPAPI\SharpChrome\obj\Debug\SharpChrome.pdbt source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Code function: 4x nop then jmp 00007FFD9B8909ECh |
0_2_00007FFD9B8905FA |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Code function: 4x nop then dec eax |
0_2_00007FFD9B890E3D |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, 00000000.00000000.1662599128.0000017AE4604000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameSharpChrome.exe8 vs SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Binary or memory string: OriginalFilenameSharpChrome.exe8 vs SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Crypto.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Crypto.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Crypto.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Dpapi.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Dpapi.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, LSADump.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Helpers.cs |
Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Helpers.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Chrome.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Sqlite3.cs |
Suspicious method names: .Sqlite3.accessPayload |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Sqlite3.cs |
Suspicious method names: .Sqlite3.copyPayload |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, Sqlite3.cs |
Suspicious method names: .Sqlite3.fetchPayload |
Source: classification engine |
Classification label: mal52.winEXE@2/2@0/0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe.log |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Mutant created: NULL |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03 |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, 00000000.00000000.1662488123.0000017AE4532000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, 00000000.00000000.1662488123.0000017AE4532000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;?Cannot add a PRIMARY KEY column5Cannot add a UNIQUE columnuCannot add a REFERENCES column with non-NULL default value |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, 00000000.00000000.1662488123.0000017AE4532000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe, 00000000.00000000.1662488123.0000017AE4532000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Virustotal: Detection: 49% |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\.Jakob\Other\OffensiveTools\SharpDPAPI\SharpChrome\obj\Debug\SharpChrome.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Source: |
Binary string: C:\.Jakob\Other\OffensiveTools\SharpDPAPI\SharpChrome\obj\Debug\SharpChrome.pdbt source: SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Memory allocated: 17AE4830000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Memory allocated: 17AFE360000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe TID: 7400 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.740.29920.exe VolumeInformation |
Jump to behavior |