qNdO4D18CF.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
|
initial sample
|
|
|
|
Filetype: |
MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
|
Entropy: |
7.992098117519039
|
Filename: |
qNdO4D18CF.exe
|
Filesize: |
3012834
|
MD5: |
ce2ec4539435dfeac7e246fe5565c521
|
SHA1: |
59f3da006005a109914c31b5d5cd94dc4c93309c
|
SHA256: |
d5ee74f4f460c4f861c01ecc3e22b679075949108b6fee594193695d4175d562
|
SHA512: |
408a1db2cd98702bca3811e124d78a56cbca79a1d200593759bde1947a4a599f8cd40cd8dbb2e7be7dec416e3f5de0c4466f98ddea1daf6d313671695f25a7ba
|
SSDEEP: |
49152:6h/814lignPl1s5Cp5+tOCiqgc8I7uBiYUtGGirMn0JkH4SwiLwRktMtL+CsA7Z:6h/8Hgn9u4P+l8I7uB6db0JhAw6tMtLr
|
Preview: |
MZ@.....................................!..L.!It's .NET EXE$@...PE..L....&.M............................^.... ...@....@..
....................................@.....................................O....@.. ....................`.............................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
.NET source code contains potential unpacker |
Data Obfuscation |
|
Adds a directory exclusion to Windows Defender |
HIPS / PFW / Operating System Protection Evasion |
|
Creates an undocumented autostart registry key |
Boot Survival |
|
Creates multiple autostart registry keys |
Boot Survival |
|
Machine Learning detection for sample |
AV Detection |
|
Allocates memory with a write watch (potentially for evading sandboxes) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Compiles C# or VB.Net code |
Data Obfuscation |
|
Contains long sleeps (>= 3 min) |
Malware Analysis System Evasion |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Enables debug privileges |
Anti Debugging |
|
May sleep (evasive loops) to hinder dynamic analysis |
Malware Analysis System Evasion |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
Obfuscated Files or Information
|
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011) |
System Summary |
|
Checks the free space of harddrives |
Malware Analysis System Evasion |
|
Contains medium sleeps (>= 30s) |
Malware Analysis System Evasion |
|
Creates an autostart registry key |
Boot Survival |
Registry Run Keys / Startup Folder
|
Creates files inside the program directory |
System Summary |
|
Creates files inside the user directory |
System Summary |
|
Creates guard pages, often used to prevent reverse engineering and debugging |
Anti Debugging |
|
Creates mutexes |
System Summary |
|
Creates temporary files |
System Summary |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Enumerates the file system |
Spreading, Malware Analysis System Evasion |
|
Executes batch files |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using the .NET runtime (Probably coded in C#) |
System Summary |
|
Queries a list of all running processes |
Malware Analysis System Evasion |
|
Queries the cryptographic machine GUID |
Language, Device and Operating System Detection |
|
Reads ini files |
System Summary |
File and Directory Discovery
|
Reads software policies |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Sample reads its own file content |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a COM descriptor data directory |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
Uses Microsoft Silverlight |
System Summary |
|
|
C:\Program Files (x86)\Steam\steamclient.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Category: |
dropped
|
Dump: |
steamclient.exe.0.dr
|
ID: |
dr_25
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
MS-DOS executable PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, MZ for MS-DOS
|
Entropy: |
7.992098117519039
|
Encrypted: |
true
|
Ssdeep: |
49152:6h/814lignPl1s5Cp5+tOCiqgc8I7uBiYUtGGirMn0JkH4SwiLwRktMtL+CsA7Z:6h/8Hgn9u4P+l8I7uB6db0JhAw6tMtLr
|
Size: |
3012834
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus detection for dropped file |
AV Detection |
|
Adds a directory exclusion to Windows Defender |
HIPS / PFW / Operating System Protection Evasion |
|
Machine Learning detection for dropped file |
AV Detection |
|
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) |
Malware Analysis System Evasion |
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Allocates memory with a write watch (potentially for evading sandboxes) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
Windows Management Instrumentation
|
Contains long sleeps (>= 3 min) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Detected potential crypto function |
System Summary |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Enables debug privileges |
Anti Debugging |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) |
Malware Analysis System Evasion |
System Information Discovery
Windows Management Instrumentation
|
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines) |
Malware Analysis System Evasion |
System Information Discovery
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) |
Malware Analysis System Evasion |
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
Sigma detected: CurrentVersion Autorun Keys Modification |
System Summary |
|
Sigma detected: CurrentVersion NT Autorun Keys Modification |
System Summary |
|
Checks the free space of harddrives |
Malware Analysis System Evasion |
System Information Discovery
|
Contains medium sleeps (>= 30s) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Queries process information (via WMI, Win32_Process) |
System Summary |
System Information Discovery
Windows Management Instrumentation
|
Spawns processes |
System Summary |
|
|
C:\Program Files (x86)\Steam\steamclient.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\Steam\steamclient.exe:Zone.Identifier
|
Category: |
dropped
|
Dump: |
steamclient.exe_Zone.Identifier.0.dr
|
ID: |
dr_24
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
3.95006375643621
|
Encrypted: |
false
|
Ssdeep: |
3:ggPYV:rPYV
|
Size: |
26
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus detection for dropped file |
AV Detection |
|
Machine Learning detection for dropped file |
AV Detection |
|
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) |
Malware Analysis System Evasion |
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Allocates memory with a write watch (potentially for evading sandboxes) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
Windows Management Instrumentation
|
Contains long sleeps (>= 3 min) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Detected potential crypto function |
System Summary |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Enables debug privileges |
Anti Debugging |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) |
Malware Analysis System Evasion |
System Information Discovery
Windows Management Instrumentation
|
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines) |
Malware Analysis System Evasion |
System Information Discovery
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) |
Malware Analysis System Evasion |
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
Checks the free space of harddrives |
Malware Analysis System Evasion |
System Information Discovery
|
Contains medium sleeps (>= 30s) |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
|
Queries process information (via WMI, Win32_Process) |
System Summary |
System Information Discovery
Windows Management Instrumentation
|
Spawns processes |
System Summary |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\qNdO4D18CF.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\qNdO4D18CF.exe.log
|
Category: |
dropped
|
Dump: |
qNdO4D18CF.exe.log.0.dr
|
ID: |
dr_32
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
ASCII text, with CRLF line terminators
|
Entropy: |
5.371983462188659
|
Encrypted: |
false
|
Ssdeep: |
48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVH1HzHKlT4vHNpv:iq+wmj0qCYqGSI6oPtzHeqKkt1VTqZ4T
|
Size: |
2126
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Machine Learning detection for sample |
AV Detection |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Uses 32bit PE files |
Compliance, System Summary |
|
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011) |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Parts of this applications are using the .NET runtime (Probably coded in C#) |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
PE file contains a COM descriptor data directory |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\XyagYCCOZX.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\XyagYCCOZX.bat
|
Category: |
dropped
|
Dump: |
XyagYCCOZX.bat.0.dr
|
ID: |
dr_31
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
DOS batch file, ASCII text, with CRLF line terminators
|
Entropy: |
5.1840976336164015
|
Encrypted: |
false
|
Ssdeep: |
3:mKDDVNGvTVLuVFcROr+jn9mbZj4I52ReIvvSBktKcKZG1t+kiE2J5xAIDEpEh:hCRLuVFOOr+DER52TSKOZG1wkn23fYpK
|
Size: |
172
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus detection for dropped file |
AV Detection |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Executes batch files |
System Summary |
|
Spawns processes |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\rmvercvh\rmvercvh.cmdline
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\rmvercvh\rmvercvh.cmdline
|
Category: |
dropped
|
Dump: |
rmvercvh.cmdline.0.dr
|
ID: |
dr_28
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
Entropy: |
5.065874272614737
|
Encrypted: |
false
|
Ssdeep: |
6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fTWm7x:Hu7L//TRq79cQWfqm7x
|
Size: |
250
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Dot net compiler compiles file from suspicious location |
Data Obfuscation |
|
Compiles C# or VB.Net code |
Data Obfuscation |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Sigma detected: Dynamic .NET Compilation Via Csc.EXE |
System Summary |
|
Sigma detected: Dynamic CSharp Compile Artefact |
System Summary |
|
Spawns processes |
System Summary |
|
|
C:\Users\user\Desktop\AFZZLiTQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\AFZZLiTQ.log
|
Category: |
dropped
|
Dump: |
AFZZLiTQ.log.0.dr
|
ID: |
dr_11
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.631194486392901
|
Encrypted: |
false
|
Ssdeep: |
384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
|
Size: |
32256
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\BCBhhiiL.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\BCBhhiiL.log
|
Category: |
dropped
|
Dump: |
BCBhhiiL.log.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.668291349855899
|
Encrypted: |
false
|
Ssdeep: |
384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
|
Size: |
36352
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\BdpSDMGd.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\BdpSDMGd.log
|
Category: |
dropped
|
Dump: |
BdpSDMGd.log.58.dr
|
ID: |
dr_175
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.668291349855899
|
Encrypted: |
false
|
Ssdeep: |
384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
|
Size: |
36352
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\BuRPCyHG.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\BuRPCyHG.log
|
Category: |
dropped
|
Dump: |
BuRPCyHG.log.0.dr
|
ID: |
dr_9
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.634433516692816
|
Encrypted: |
false
|
Ssdeep: |
384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
|
Size: |
33280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\BwVbAMfc.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\BwVbAMfc.log
|
Category: |
dropped
|
Dump: |
BwVbAMfc.log.54.dr
|
ID: |
dr_162
|
Target ID: |
54
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.0168086460579095
|
Encrypted: |
false
|
Ssdeep: |
96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
|
Size: |
9728
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\BzfkqkWQ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\BzfkqkWQ.log
|
Category: |
dropped
|
Dump: |
BzfkqkWQ.log.63.dr
|
ID: |
dr_190
|
Target ID: |
63
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.636032516496583
|
Encrypted: |
false
|
Ssdeep: |
384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\CYASrcKR.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\CYASrcKR.log
|
Category: |
dropped
|
Dump: |
CYASrcKR.log.63.dr
|
ID: |
dr_202
|
Target ID: |
63
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.8769270258874755
|
Encrypted: |
false
|
Ssdeep: |
1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
|
Size: |
85504
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\CpOixJXm.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\CpOixJXm.log
|
Category: |
dropped
|
Dump: |
CpOixJXm.log.50.dr
|
ID: |
dr_125
|
Target ID: |
50
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.699005826018714
|
Encrypted: |
false
|
Ssdeep: |
768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
|
Size: |
38400
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\CqvSLBwK.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\CqvSLBwK.log
|
Category: |
dropped
|
Dump: |
CqvSLBwK.log.63.dr
|
ID: |
dr_195
|
Target ID: |
63
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.629584586954759
|
Encrypted: |
false
|
Ssdeep: |
768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
|
Size: |
39936
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\CufHpEgE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\CufHpEgE.log
|
Category: |
dropped
|
Dump: |
CufHpEgE.log.36.dr
|
ID: |
dr_116
|
Target ID: |
36
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.909536568846014
|
Encrypted: |
false
|
Ssdeep: |
1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
|
Size: |
70144
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\DfbAZvLY.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\DfbAZvLY.log
|
Category: |
dropped
|
Dump: |
DfbAZvLY.log.58.dr
|
ID: |
dr_182
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.634433516692816
|
Encrypted: |
false
|
Ssdeep: |
384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
|
Size: |
33280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\DmprTJmg.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\DmprTJmg.log
|
Category: |
dropped
|
Dump: |
DmprTJmg.log.50.dr
|
ID: |
dr_132
|
Target ID: |
50
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.636032516496583
|
Encrypted: |
false
|
Ssdeep: |
384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\EFxianyZ.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\EFxianyZ.log
|
Category: |
dropped
|
Dump: |
EFxianyZ.log.58.dr
|
ID: |
dr_169
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.932541123129161
|
Encrypted: |
false
|
Ssdeep: |
1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
|
Size: |
69632
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\EhArHZqU.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\EhArHZqU.log
|
Category: |
dropped
|
Dump: |
EhArHZqU.log.54.dr
|
ID: |
dr_158
|
Target ID: |
54
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
6.170134230759619
|
Encrypted: |
false
|
Ssdeep: |
3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
|
Size: |
342528
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\FsrYoeiE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\FsrYoeiE.log
|
Category: |
dropped
|
Dump: |
FsrYoeiE.log.0.dr
|
ID: |
dr_15
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.679286635687991
|
Encrypted: |
false
|
Ssdeep: |
768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
|
Size: |
38912
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\GbyyMOOB.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\GbyyMOOB.log
|
Category: |
dropped
|
Dump: |
GbyyMOOB.log.36.dr
|
ID: |
dr_108
|
Target ID: |
36
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.636032516496583
|
Encrypted: |
false
|
Ssdeep: |
384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\GeNRoyLy.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\GeNRoyLy.log
|
Category: |
dropped
|
Dump: |
GeNRoyLy.log.63.dr
|
ID: |
dr_197
|
Target ID: |
63
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.0168086460579095
|
Encrypted: |
false
|
Ssdeep: |
96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
|
Size: |
9728
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\GpTgJexz.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\GpTgJexz.log
|
Category: |
dropped
|
Dump: |
GpTgJexz.log.0.dr
|
ID: |
dr_5
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.636032516496583
|
Encrypted: |
false
|
Ssdeep: |
384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\Gumzpbgc.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\Gumzpbgc.log
|
Category: |
dropped
|
Dump: |
Gumzpbgc.log.50.dr
|
ID: |
dr_140
|
Target ID: |
50
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.909536568846014
|
Encrypted: |
false
|
Ssdeep: |
1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
|
Size: |
70144
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\HLSRUZZF.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\HLSRUZZF.log
|
Category: |
dropped
|
Dump: |
HLSRUZZF.log.63.dr
|
ID: |
dr_205
|
Target ID: |
63
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.679286635687991
|
Encrypted: |
false
|
Ssdeep: |
768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
|
Size: |
38912
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\HSbycbvE.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\HSbycbvE.log
|
Category: |
dropped
|
Dump: |
HSbycbvE.log.36.dr
|
ID: |
dr_103
|
Target ID: |
36
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.723168999026349
|
Encrypted: |
false
|
Ssdeep: |
768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
|
Size: |
50176
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\HWSrgsLR.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\HWSrgsLR.log
|
Category: |
dropped
|
Dump: |
HWSrgsLR.log.58.dr
|
ID: |
dr_178
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.636032516496583
|
Encrypted: |
false
|
Ssdeep: |
384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\HiqIapca.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\HiqIapca.log
|
Category: |
dropped
|
Dump: |
HiqIapca.log.50.dr
|
ID: |
dr_129
|
Target ID: |
50
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.668291349855899
|
Encrypted: |
false
|
Ssdeep: |
384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
|
Size: |
36352
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\IRjpMTiY.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\IRjpMTiY.log
|
Category: |
dropped
|
Dump: |
IRjpMTiY.log.50.dr
|
ID: |
dr_121
|
Target ID: |
50
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.8769270258874755
|
Encrypted: |
false
|
Ssdeep: |
1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
|
Size: |
85504
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\ITtzBsaM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\ITtzBsaM.log
|
Category: |
dropped
|
Dump: |
ITtzBsaM.log.58.dr
|
ID: |
dr_185
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.0168086460579095
|
Encrypted: |
false
|
Ssdeep: |
96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
|
Size: |
9728
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\IYriOWqO.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\IYriOWqO.log
|
Category: |
dropped
|
Dump: |
IYriOWqO.log.54.dr
|
ID: |
dr_155
|
Target ID: |
54
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.636032516496583
|
Encrypted: |
false
|
Ssdeep: |
384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\IaBrEuiC.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\IaBrEuiC.log
|
Category: |
dropped
|
Dump: |
IaBrEuiC.log.63.dr
|
ID: |
dr_210
|
Target ID: |
63
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.668291349855899
|
Encrypted: |
false
|
Ssdeep: |
384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
|
Size: |
36352
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\IsFPfNCu.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\IsFPfNCu.log
|
Category: |
dropped
|
Dump: |
IsFPfNCu.log.0.dr
|
ID: |
dr_20
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.0168086460579095
|
Encrypted: |
false
|
Ssdeep: |
96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
|
Size: |
9728
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\JxaHDTDN.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\JxaHDTDN.log
|
Category: |
dropped
|
Dump: |
JxaHDTDN.log.58.dr
|
ID: |
dr_171
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.699005826018714
|
Encrypted: |
false
|
Ssdeep: |
768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
|
Size: |
38400
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\KJWyVjBG.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\KJWyVjBG.log
|
Category: |
dropped
|
Dump: |
KJWyVjBG.log.54.dr
|
ID: |
dr_154
|
Target ID: |
54
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.870612048031897
|
Encrypted: |
false
|
Ssdeep: |
768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
|
Size: |
46592
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\KMIinpLK.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\KMIinpLK.log
|
Category: |
dropped
|
Dump: |
KMIinpLK.log.58.dr
|
ID: |
dr_174
|
Target ID: |
58
|
Process: |
C:\Users\user\Desktop\qNdO4D18CF.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.41854385721431
|
Encrypted: |
false
|
Ssdeep: |
384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
|
Size: |
22016
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\Desktop\KRGQASbM.log
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\KRGQASbM.log
|
Category: |
dropped
|
Dump: |
KRGQASbM.log.54.dr
|
ID: |
dr_145
|
Target ID: |
54
|
Process: |
C:\Program Files (x86)\Steam\steamclient.exe
|
Type: |
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
Entropy: |
5.7028690200758465
|
Encrypted: |
false
|
Ssdeep: |
768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
|
Size: |
40448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|