#U202f#U202f#U2005#U00a0.scr.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32+ executable (GUI) x86-64, for MS Windows
|
Entropy: |
7.994157894224668
|
Filename: |
#U202f#U202f#U2005#U00a0.scr.exe
|
Filesize: |
8505922
|
MD5: |
d87b402b821fa842d89283aa8654d9c0
|
SHA1: |
30c086651e1bcd191163c01efbab55f51ec04691
|
SHA256: |
791a66abbd58ac34dc72565455fb6e596bb14b93aa5b0109e0d53c60b87b5678
|
SHA512: |
37ff5b178e10c2a64ca5cd3c11b2dd8ac153de7b62f363f2a0b608590befa07bc4e8f35a2ab7e57fb2b9ec06e2a91dfad99ce024cc787a777b410f5e0ad81de8
|
SSDEEP: |
196608:WoeEzryqpLjv+bhqNVoB8Ck5c7GpNlpq41J2jnFHbk9qtlDfJP:EWyKL+9qz88Ck+7q3p91Jin8qfZ
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Adds a directory exclusion to Windows Defender |
HIPS / PFW / Operating System Protection Evasion |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Machine Learning detection for sample |
AV Detection |
|
Modifies Windows Defender protection settings |
HIPS / PFW / Operating System Protection Evasion |
Access Token Manipulation
|
Modifies existing user documents (likely ransomware behavior) |
Spam, unwanted Advertisements and Ransom Demands |
File and Directory Discovery
Data Encrypted for Impact
|
Removes signatures from Windows Defender |
HIPS / PFW / Operating System Protection Evasion |
Access Token Manipulation
|
Tries to harvest and steal WLAN passwords |
Stealing of Sensitive Information |
Access Token Manipulation
|
Tries to harvest and steal browser information (history, passwords, etc) |
Stealing of Sensitive Information |
|
Tries to steal Crypto Currency Wallets |
Stealing of Sensitive Information |
|
Very long command line found |
System Summary |
|
Contains functionality to check if a debugger is running (IsDebuggerPresent) |
Anti Debugging |
|
Contains functionality to dynamically determine API calls |
Data Obfuscation, Anti Debugging |
|
Contains functionality to query CPU information (cpuid) |
Language, Device and Operating System Detection |
|
Contains functionality which may be used to detect a debugger (GetProcessHeap) |
Anti Debugging |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Creates a start menu entry (Start Menu\Programs\Startup) |
Boot Survival |
Access Token Manipulation
|
Detected potential crypto function |
System Summary |
Access Token Manipulation
|
Drops PE files |
Persistence and Installation Behavior |
Access Token Manipulation
|
Extensive use of GetProcAddress (often used to hide API calls) |
Hooking and other Techniques for Hiding and Protection |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Found evasive API chain checking for process token information |
Malware Analysis System Evasion |
Access Token Manipulation
|
Found large amount of non-executed APIs |
Malware Analysis System Evasion |
Access Token Manipulation
|
Found potential string decryption / allocating functions |
System Summary |
Deobfuscate/Decode Files or Information
Obfuscated Files or Information
|
PE / OLE file has an invalid certificate |
System Summary |
File and Directory Discovery
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
|
Sample file is different than original file name gathered from version info |
System Summary |
Access Token Manipulation
|
Stores files to the Windows start menu directory |
Boot Survival |
Registry Run Keys / Startup Folder
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
|
Very long cmdline option found, this is very uncommon (may be encrypted or packed) |
HIPS / PFW / Operating System Protection Evasion |
|
Contains functionality for error logging |
System Summary |
Access Token Manipulation
|
Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
Contains functionality to query local / system time |
Language, Device and Operating System Detection |
Access Token Manipulation
System Information Discovery
|
Contains functionality to query system information |
Malware Analysis System Evasion |
|
Contains functionality to query time zone information |
Language, Device and Operating System Detection |
Access Token Manipulation
|
Contains functionality to register its own exception handler |
Anti Debugging |
|
Creates temporary files |
System Summary |
|
Enumerates the file system |
Spreading, Malware Analysis System Evasion |
|
Found strings which match to known social media urls |
Networking |
|
PE file has an executable .text section and no other executable section |
System Summary |
Access Token Manipulation
|
Reads software policies |
System Summary |
Access Token Manipulation
|
SQL strings found in memory and binary data |
System Summary |
File and Directory Discovery
|
Sample is known by Antivirus |
System Summary |
Access Token Manipulation
|
Sample might require command line arguments |
System Summary |
Access Token Manipulation
|
Sample reads its own file content |
System Summary |
Access Token Manipulation
|
Tries to load missing DLLs |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
PE file contains a valid data directory to section mapping |
System Summary |
|
PE file contains a debug data directory |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a mix of data directories often seen in goodware |
System Summary |
|
PE file has a high image base, often used for DLLs |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\QzNtG.zip
|
RAR archive data, v5
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\QzNtG.zip
|
Category: |
dropped
|
Dump: |
QzNtG.zip.68.dr
|
ID: |
dr_88
|
Target ID: |
68
|
Process: |
C:\Users\user\AppData\Local\Temp\_MEI17882\rar.exe
|
Type: |
RAR archive data, v5
|
Entropy: |
7.999715655207366
|
Encrypted: |
true
|
Ssdeep: |
12288:V6csZheMJP68MEJhii/BpF9GRvsnEgc1vgi80kft9UPTcX6FrjvwGivQ86jXHa:V2/JhiwbevwEpI3A9lbavUX6
|
Size: |
691454
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Rar Usage with Password and Compression Level |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Sigma detected: Files Added To An Archive Using Rar.EXE |
System Summary |
|
Spawns processes |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\rar.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\rar.exe
|
Category: |
dropped
|
Dump: |
rar.exe.0.dr
|
ID: |
dr_54
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (console) x86-64, for MS Windows
|
Entropy: |
6.409476333013752
|
Encrypted: |
false
|
Ssdeep: |
12288:3lPCcFDlj+gV4zOifKlOWVNcjfQww0S5JPgdbBC9qxbYG9Y:3lPCcvj+YYrfSOWVNcj1JS5JPgdbBCZd
|
Size: |
630736
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Rar Usage with Password and Compression Level |
System Summary |
|
Contains functionality to communicate with device drivers |
System Summary |
|
Contains functionality to shutdown / reboot the system |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Drops PE files |
Persistence and Installation Behavior |
|
Uses Microsoft's Enhanced Cryptographic Provider |
Cryptography |
|
Contains functionality to adjust token privileges (e.g. debug / backup) |
System Summary |
Access Token Manipulation
|
Contains functionality to check free disk space |
System Summary |
System Information Discovery
|
Contains functionality to create a new security descriptor |
HIPS / PFW / Operating System Protection Evasion |
|
Contains functionality to query windows version |
Language, Device and Operating System Detection |
System Information Discovery
|
Reads ini files |
System Summary |
File and Directory Discovery
|
Sigma detected: Files Added To An Archive Using Rar.EXE |
System Summary |
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\rarreg.key
|
ASCII text
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\rarreg.key
|
Category: |
dropped
|
Dump: |
rarreg.key.0.dr
|
ID: |
dr_55
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
ASCII text
|
Entropy: |
4.447296373872587
|
Encrypted: |
false
|
Ssdeep: |
12:Bn9j9sxpCDPxfhKLiaE5cNH0u/OCIhjWO:B9jiWDpf025cNU7CIEO
|
Size: |
456
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Blank Grabber |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
C:\Users\user\AppData\Local\Temp\xuxqeuoy\xuxqeuoy.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (606), with no line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\xuxqeuoy\xuxqeuoy.cmdline
|
Category: |
dropped
|
Dump: |
xuxqeuoy.cmdline.41.dr
|
ID: |
dr_80
|
Target ID: |
41
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
Unicode text, UTF-8 (with BOM) text, with very long lines (606), with no line terminators
|
Entropy: |
5.341114417844032
|
Encrypted: |
false
|
Ssdeep: |
12:p37Lvkmb6KOkqe1xBkrk+ikqCH1WZE2CHw:V3ka6KOkqeFkqC6E2CQ
|
Size: |
609
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Dot net compiler compiles file from suspicious location |
Data Obfuscation |
|
Compiles C# or VB.Net code |
Data Obfuscation |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Sigma detected: Dynamic .NET Compilation Via Csc.EXE |
System Summary |
|
Sigma detected: Dynamic CSharp Compile Artefact |
System Summary |
|
Spawns processes |
System Summary |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
Category: |
dropped
|
Dump: |
StartupProfileData-NonInteractive.23.dr
|
ID: |
dr_74
|
Target ID: |
23
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
data
|
Entropy: |
0.34726597513537405
|
Encrypted: |
false
|
Ssdeep: |
3:Nlll:Nll
|
Size: |
64
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\??? \Display (1).png
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\??? \Display (1).png
|
Category: |
dropped
|
Dump: |
Display (1).png.41.dr
|
ID: |
dr_76
|
Target ID: |
41
|
Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Type: |
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
Entropy: |
7.922476060998595
|
Encrypted: |
false
|
Ssdeep: |
12288:NDKZM3lTvUyWFppcFKYMR7VnWEDpUQIZQtVy+bCSFGRip1APIKJTJ:N/1ZWFpprBRbZbCSFGREKRJ
|
Size: |
674400
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MpCmdRun.log
|
Category: |
modified
|
Dump: |
MpCmdRun.log.88.dr
|
ID: |
dr_93
|
Target ID: |
88
|
Process: |
C:\Program Files\Windows Defender\MpCmdRun.exe
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.106809372209216
|
Encrypted: |
false
|
Ssdeep: |
12:Q58KRBubdpkoPAGdjrZ4ZuZk9+MlWlLehW51IC44ZOI:QOaqdmOFdjrSA++kWResLIagI
|
Size: |
894
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\RES6756.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4b6, 9 symbols, created Sun Aug 4 02:13:43 2024,
1st section name ".debug$S"
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\RES6756.tmp
|
Category: |
dropped
|
Dump: |
RES6756.tmp.44.dr
|
ID: |
dr_83
|
Target ID: |
44
|
Process: |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
Type: |
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4b6, 9 symbols, created Sun Aug 4 02:13:43 2024,
1st section name ".debug$S"
|
Entropy: |
4.126657831616209
|
Encrypted: |
false
|
Ssdeep: |
24:HSq9U7bMKHdwKaZXNeI+ycuZhNYHakS5QPNnqS+d:c7neKaVw1ul2a3CqSe
|
Size: |
1372
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\VCRUNTIME140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\VCRUNTIME140.dll
|
Category: |
dropped
|
Dump: |
VCRUNTIME140.dll.0.dr
|
ID: |
dr_10
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.6016214745004635
|
Encrypted: |
false
|
Ssdeep: |
1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
|
Size: |
119192
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_bz2.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_bz2.pyd
|
Category: |
dropped
|
Dump: |
_bz2.pyd.0.dr
|
ID: |
dr_11
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.786807948324802
|
Encrypted: |
false
|
Ssdeep: |
1536:uscTnfmhcU0UHpuF/g7Z2Zyqm7zIpCVVB7SyTUxIS:KTnfmCNUUF/wNvIpCVVB+
|
Size: |
49944
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_ctypes.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_ctypes.pyd
|
Category: |
dropped
|
Dump: |
_ctypes.pyd.0.dr
|
ID: |
dr_12
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.828031934321066
|
Encrypted: |
false
|
Ssdeep: |
1536:ew1k7TaJIRmh4ojzkHhqccsmgvGaCaaY0O4CNXGtQzOPe7IpLPFz7SykACdxU:nJIK4CkBVNGO9XGV+IpLPFzuE
|
Size: |
60696
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_decimal.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_decimal.pyd
|
Category: |
dropped
|
Dump: |
_decimal.pyd.0.dr
|
ID: |
dr_13
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.933255580303333
|
Encrypted: |
false
|
Ssdeep: |
3072:/ucwkcSosIOPVrF3nuJNX6GllaIpOqTbIU:/tdosVF3nm6Mlb9
|
Size: |
108312
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_hashlib.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_hashlib.pyd
|
Category: |
dropped
|
Dump: |
_hashlib.pyd.0.dr
|
ID: |
dr_14
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.665340177942189
|
Encrypted: |
false
|
Ssdeep: |
768:Q6nLeqO/i25L2qrKBMK4XpMcfIpOIYe5YiSyvfsAMxkET:rtO/P5ZTKXcfIpOIYU7SyHqxn
|
Size: |
36632
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_lzma.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_lzma.pyd
|
Category: |
dropped
|
Dump: |
_lzma.pyd.0.dr
|
ID: |
dr_15
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.9102806934135135
|
Encrypted: |
false
|
Ssdeep: |
1536:PeAeeAQ2otR9fI9zq2FYDnbrEVmcrpr8byTjvO31IpZ1u37SyGxe:Zr9w9q2ODSmGpQyTjvOlIpZ1u3V
|
Size: |
88344
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_queue.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_queue.pyd
|
Category: |
dropped
|
Dump: |
_queue.pyd.0.dr
|
ID: |
dr_16
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.416677958221918
|
Encrypted: |
false
|
Ssdeep: |
768:izemeFCt412MpaqIpQUYZ5YiSyv/AMxkEG:We7F6UqqIpQUYH7SynxC
|
Size: |
26904
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_socket.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_socket.pyd
|
Category: |
dropped
|
Dump: |
_socket.pyd.0.dr
|
ID: |
dr_17
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.71788244939252
|
Encrypted: |
false
|
Ssdeep: |
768:x1X8N3Hvl24aQ4V/npCjdsCsEWsVf+odBfnpw24IpLwlBa5YiSyv0axAMxkEX3:7Xo3PIQ0pChsvEWsF5dBfe24IpLwlB4X
|
Size: |
45336
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_sqlite3.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_sqlite3.pyd
|
Category: |
dropped
|
Dump: |
_sqlite3.pyd.0.dr
|
ID: |
dr_18
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.8415704915035995
|
Encrypted: |
false
|
Ssdeep: |
1536:NW6W6CtwjHecGAg2FakvwzgoBr5EaOdIpOQ107SyTxJ:NW6vCtwjDgF/cucIpOQ10J
|
Size: |
59160
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\_ssl.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\_ssl.pyd
|
Category: |
dropped
|
Dump: |
_ssl.pyd.0.dr
|
ID: |
dr_19
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
7.854645866844732
|
Encrypted: |
false
|
Ssdeep: |
1536:VoAuijXACpT59jGxJkHNcdU38umWs2EamTSqUCr5IpC7e3E7SyCxYM:mi0k4JkHmvL2ETmqUCFIpC7eU6
|
Size: |
67352
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-console-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-console-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-console-l1-1-0.dll.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.666783255943408
|
Encrypted: |
false
|
Ssdeep: |
192:WDGBWfhWxPWULwu0Sc2HnhWgN7aMWBHiOk9qnajMDkVt2:W+WfhWTD/HRN73hlQDkO
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-datetime-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-datetime-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-datetime-l1-1-0.dll.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.667879503485911
|
Encrypted: |
false
|
Ssdeep: |
192:W2WfhWoNLWULwu0Sc2HnhWgN7a8WaDwmvOk9qnajMDkfw:W2WfhWoLD/HRN75wOhlQDkfw
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-debug-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-debug-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-debug-l1-1-0.dll.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.672949439516452
|
Encrypted: |
false
|
Ssdeep: |
192:WvMWfhWoZWULwu0Sc2HnhWgN7a8WHjmcsmsqnaj5fQ19IdOr:WvMWfhWozD/HRN7fcs9l1Gicr
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-errorhandling-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-errorhandling-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
|
ID: |
dr_3
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.728898668835788
|
Encrypted: |
false
|
Ssdeep: |
192:W4mxD3JbDWfhWoqEWULwu0Sc2HnhWgN7a8W1FFUOk9qnajMDkU0:W4AbDWfhWojD/HRN7aghlQDkz
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-file-l1-1-0.dll.0.dr
|
ID: |
dr_4
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.617142193321366
|
Encrypted: |
false
|
Ssdeep: |
192:W/IAuVYPvVX8rFTs0WfhWoOWULwu0Sc2HnhWgN7a8WW52bTfvXqnajan5J7N0y:WFBPvVXuWfhWogD/HRN7D0XlOnP
|
Size: |
15760
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l1-2-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-file-l1-2-0.dll.0.dr
|
ID: |
dr_5
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.688511108737727
|
Encrypted: |
false
|
Ssdeep: |
192:WOMWfhW8WULwu0Sc2HnhWgN7asWatDwmcVTW1KqnajKswlZzX:W5WfhWaD/HRN7FwmEy4lGswldX
|
Size: |
12168
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l2-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-file-l2-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-file-l2-1-0.dll.0.dr
|
ID: |
dr_6
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.795365219000848
|
Encrypted: |
false
|
Ssdeep: |
192:WxVzWfhWFWULwu0Sc2HnhWgN7aMW/tImZdGP2qnajxfgX:WxVzWfhWvD/HRN7c3LlFfu
|
Size: |
12152
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-handle-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-handle-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-handle-l1-1-0.dll.0.dr
|
ID: |
dr_7
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.693611789221205
|
Encrypted: |
false
|
Ssdeep: |
192:WrWfhWZWULwu0Sc2HnhWgN7aMWubjafvXqnajan5tu2:WrWfhWzD/HRN7XYXlOna2
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-heap-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-heap-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-heap-l1-1-0.dll.0.dr
|
ID: |
dr_8
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.6505620878411085
|
Encrypted: |
false
|
Ssdeep: |
192:WZZlKWfhWomWULwu0Sc2HnhWgN7a8WyLhWOk9qnajMDks:WLlKWfhWo4D/HRN7LEhlQDks
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-interlocked-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-interlocked-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-interlocked-l1-1-0.dll.0.dr
|
ID: |
dr_9
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.716058514516582
|
Encrypted: |
false
|
Ssdeep: |
192:W9WfhWo0WULwu0Sc2HnhWgN7a8WBinOk9qnajMDkFE:W9WfhWoSD/HRN7e2hlQDkFE
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-libraryloader-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-libraryloader-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
|
ID: |
dr_20
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.656708616069495
|
Encrypted: |
false
|
Ssdeep: |
192:WkvuBL3BBLJWfhWiWULwu0Sc2HnhWgN7asWhpfH2vArqnajKsrw:WkvuBL3BrWfhWUD/HRN7QH24rlGsrw
|
Size: |
13192
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-localization-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-localization-l1-2-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-localization-l1-2-0.dll.0.dr
|
ID: |
dr_21
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.718242382400788
|
Encrypted: |
false
|
Ssdeep: |
384:WpOMw3zdp3bwjGjue9/0jCRrndbWsWfhWOD/HRN7DlEnEQmDWlGs76Qq:8OMwBprwjGjue9/0jCRrndbG/DvhEE1t
|
Size: |
14728
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-memory-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-memory-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-memory-l1-1-0.dll.0.dr
|
ID: |
dr_22
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.693787977570938
|
Encrypted: |
false
|
Ssdeep: |
192:WyqWfhWowWULwu0Sc2HnhWgN7a8Wi6msOk9qnajMDk7:WyqWfhWoOD/HRN78BhlQDk7
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-namedpipe-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-namedpipe-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
|
ID: |
dr_23
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.794778399632109
|
Encrypted: |
false
|
Ssdeep: |
192:WqWfhWo+WULwu0Sc2HnhWgN7a8WYRK+sOk9qnajMDkBSF:WqWfhWoQD/HRN7oBhlQDkBSF
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-processenvironment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-processenvironment-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
|
ID: |
dr_24
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.668461025084757
|
Encrypted: |
false
|
Ssdeep: |
192:W8WWfhWo9WULwu0Sc2HnhWgN7a8WC/OFOk9qnajMDkmUa:W8WWfhWoHD/HRN7PshlQDkmp
|
Size: |
13200
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-processthreads-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-processthreads-l1-1-0.dll.0.dr
|
ID: |
dr_25
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.726978001238247
|
Encrypted: |
false
|
Ssdeep: |
384:WOWXk1JzNcKSIHWfhWoxD/HRN7rMphlQDk1z+:FbcKStxxDvre916
|
Size: |
14224
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-processthreads-l1-1-1.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-processthreads-l1-1-1.dll.0.dr
|
ID: |
dr_26
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.717379913510996
|
Encrypted: |
false
|
Ssdeep: |
192:Wet2DfIe9jWfhWo3OWULwu0Sc2HnhWgN7a8WZkYfvXqnajan5CHB:Wet2DfIe9jWfhWo3gD/HRN7AXlOnG
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-profile-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-profile-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-profile-l1-1-0.dll.0.dr
|
ID: |
dr_27
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.830571011340059
|
Encrypted: |
false
|
Ssdeep: |
192:WUaVWfhWo+9WULwu0Sc2HnhWgN7a8WeL/ismsqnaj5fQ1TIK+:WUIWfhWo+HD/HRN7tLqs9l1G8K+
|
Size: |
11664
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-rtlsupport-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
|
ID: |
dr_28
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.6657444922829105
|
Encrypted: |
false
|
Ssdeep: |
192:WIGeVxWfhWoAWULwu0Sc2HnhWgN7a8WapOk9qnajMDkQID:WIGeVxWfhWoeD/HRN7hhlQDkQe
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-string-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-string-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-string-l1-1-0.dll.0.dr
|
ID: |
dr_29
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.74899803008622
|
Encrypted: |
false
|
Ssdeep: |
192:WIyMv9WfhW/FdWULwu0Sc2HnhWgN7aMW/H51Ok9qnajMDk0gW:WIyMv9WfhWdnD/HRN7chlQDkq
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-synch-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-synch-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-synch-l1-1-0.dll.0.dr
|
ID: |
dr_30
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.638468632973363
|
Encrypted: |
false
|
Ssdeep: |
384:W9dv3V0dfpkXc0vVaCWfhWgD/HRN7Rus9l1G43U:Udv3VqpkXc0vVabBDvRuX4E
|
Size: |
14224
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-synch-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-synch-l1-2-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-synch-l1-2-0.dll.0.dr
|
ID: |
dr_31
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.773105243711014
|
Encrypted: |
false
|
Ssdeep: |
192:WvtZ36WfhWoilWULwu0Sc2HnhWgN7a8WNuesmsqnaj5fQ1wIuw:WvtZ36WfhWoiPD/HRN7SVs9l1GLr
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-sysinfo-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
|
ID: |
dr_32
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.674239472803797
|
Encrypted: |
false
|
Ssdeep: |
192:WQKIMFqnWfhWo5WULwu0Sc2HnhWgN7a8W8wLaOk9qnajMDkrn:WQTnWfhWoTD/HRN7LlhlQDkj
|
Size: |
13200
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-timezone-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-timezone-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-timezone-l1-1-0.dll.0.dr
|
ID: |
dr_33
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.753356465656725
|
Encrypted: |
false
|
Ssdeep: |
192:W2BtoXeOWfhWoZWULwu0Sc2HnhWgN7a8Wnmesmsqnaj5fQ1VIe:WUOWfhWozD/HRN78Zs9l1GKe
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-util-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-core-util-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-core-util-l1-1-0.dll.0.dr
|
ID: |
dr_34
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.681422616175001
|
Encrypted: |
false
|
Ssdeep: |
192:WTtWWfhWogWULwu0Sc2HnhWgN7a8W2nOk9qnajMDkLy0:WTtWWfhWo+D/HRN7bhlQDkLP
|
Size: |
12176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-conio-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-conio-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-crt-conio-l1-1-0.dll.0.dr
|
ID: |
dr_35
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.693101559801798
|
Encrypted: |
false
|
Ssdeep: |
192:WN5WfhWo3WULwu0Sc2HnhWgN7a8W/N9DOk9qnajMDk3USQ:WN5WfhWoFD/HRN7Y/hlQDkkSQ
|
Size: |
13200
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-convert-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-convert-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-crt-convert-l1-1-0.dll.0.dr
|
ID: |
dr_36
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.498240379789961
|
Encrypted: |
false
|
Ssdeep: |
192:WjypdkKBcyxWfhWooWULwu0Sc2HnhWgN7a8WZVsmsqnaj5fQ1PIF:WyuyxWfhWomD/HRN7ss9l1GAF
|
Size: |
16272
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-environment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-environment-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-crt-environment-l1-1-0.dll.0.dr
|
ID: |
dr_37
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\#U202f#U202f#U2005#U00a0.scr.exe
|
Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Entropy: |
6.658711005242304
|
Encrypted: |
false
|
Ssdeep: |
192:WPWfhWobWULwu0Sc2HnhWgN7a8WybueOk9qnajMDkaU:WPWfhWo5D/HRN7NbzhlQDkaU
|
Size: |
12688
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI17882\api-ms-win-crt-filesystem-l1-1-0.dll
|
Category: |
dropped
|
Dump: |
api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
|
ID: |
dr_38
|
Target ID: |
| |