Windows Analysis Report
SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe
Analysis ID:	1437895
MD5:	ff6d984a5cd4f15041dae1a58de7cd5c
SHA1:	ccf361f309d5197a4657843bf1d5270d8e5dd143
SHA256:	1f36105fbca8245e77816446dac72f48a87dba68aa89c323ec655010764d0f2c
Tags:	exe
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected UAC Bypass using CMSTP

Found potential dummy code loops (likely to delay analysis)

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Potential time zone aware malware

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

ReversingLabs: Detection: 23%

Machine Learning detection for sample

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Joe Sandbox ML: detected

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe PID: 6024, type: MEMORYSTR

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 4x nop then jmp 00007FF848F322DFh		0_2_00007FF848F319A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 4x nop then jmp 00007FF848F346FCh		0_2_00007FF848F344F5

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F35AB0	0_2_00007FF848F35AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F3C924	0_2_00007FF848F3C924
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F3AB68	0_2_00007FF848F3AB68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F465B8	0_2_00007FF848F465B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F3D0E9	0_2_00007FF848F3D0E9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F30620	0_2_00007FF848F30620

PE file does not import any functions

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000000.1968356454.0000014285422000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameasia.exe* vs SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Binary or memory string: OriginalFilenameasia.exe* vs SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Source: classification engine

Classification label: mal76.expl.evad.winEXE@2/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2624:120:WilError_03

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static file information: TRID: Win64 Executable Console Net Framework (206006/5) 48.58%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

ReversingLabs: Detection: 23%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Section loaded: userenv.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains a suspicious time stamp

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Static PE information: 0xFAFBEEAE [Sat Jun 9 06:43:58 2103 UTC]

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF848F3FC16 pushfd ; retf		0_2_00007FF848F3FC29
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Code function: 0_2_00007FF84900026B push esp; retf 4810h		0_2_00007FF849000312

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe PID: 6024, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Memory allocated: 14286F10000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Memory allocated: 1429F160000 memory reserve \| memory write watch			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Window / User API: threadDelayed 5441			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe	Window / User API: threadDelayed 4539			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe TID: 4040	Thread sleep count: 5441 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe TID: 4040	Thread sleep time: -5441000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe TID: 5960	Thread sleep count: 4539 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe TID: 5960	Thread sleep time: -4539000s >= -30000s	Jump to behavior

Potential time zone aware malware

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

System information queried: CurrentTimeZoneInformation

Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe, 00000000.00000002.4408858008.0000014287181000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II

Anti Debugging

Found potential dummy code loops (likely to delay analysis)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Process Stats: CPU usage > 42% for more than 60s

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Memory allocated: page read and write | page guard

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1437895
Product:	CloudBasic
Start time:	01:26:06
Start date:	08.05.2024
Sample:	SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ff6d984a5cd4f15041dae1a58de7cd5c
SHA1:	ccf361f309d5197a4657843bf1d5270d8e5dd143
SHA256:	1f36105fbca8245e77816446dac72f48a87dba68aa89c323ec655010764d0f2c
Filetype:	Win64 Executable Console Net Framework (206006/5) 48.58%

Windows Analysis Report
SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Exploits

Compliance

Software Vulnerabilities

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Exploits

Compliance

Software Vulnerabilities

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win64.PWSX-gen.17202.22243.exe