LexusXA Installer.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {6E016F4D-F842-4D13-BDA0-1D990584865D}, Number of Words: 2, Subject: LexusXA Installer, Author: LexusORG,
Name of Creating Application: LexusXA Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI,
Database, Create Time/Date: Fri Nov 29 15:27:42 2024, Last Saved Time/Date: Fri Nov 29 15:27:42 2024, Last Printed: Fri Nov
29 15:27:42 2024, Number of Pages: 450
|
initial sample
|
|
|
|
Filetype: |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {6E016F4D-F842-4D13-BDA0-1D990584865D}, Number of Words: 2, Subject: LexusXA Installer, Author: LexusORG,
Name of Creating Application: LexusXA Installer, Template: ;1033, Title: Installation Database, Keywords: Installer, MSI,
Database, Create Time/Date: Fri Nov 29 15:27:42 2024, Last Saved Time/Date: Fri Nov 29 15:27:42 2024, Last Printed: Fri Nov
29 15:27:42 2024, Number of Pages: 450
|
Entropy: |
7.967822878642443
|
Filename: |
LexusXA Installer.msi
|
Filesize: |
21343744
|
MD5: |
4a4cda00a1e1a32986cc1130d7db54ca
|
SHA1: |
57bd34c1c3372dd72d5c7ddcaa5bfb1dc387f4e2
|
SHA256: |
5d2ab1efe433963996b35b16231631e7a69a8f7c951b25009626111fbc23d560
|
SHA512: |
72d766fa5ed9421a633804cbbc2df2e50b252c39c3e48b82a8a7adb9ecb54224ffb96c5dec0486c5b3eaac41cd2ca29691bed3e6ee13c4fd89d8d5c88d195482
|
SSDEEP: |
393216:0kXUJrUz+h+ZkrLP3HQlJBgJ2g1VXA3p81Es0LAxsX5PINm:0xrUOeGHwJRyO20LAxs58
|
Preview: |
........................>...................F...........................................x.......{..............................................................................................................................................................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe
|
Category: |
dropped
|
Dump: |
LexusXA-installer-win_x64.exe.1.dr
|
ID: |
dr_14
|
Target ID: |
1
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.992713508250193
|
Encrypted: |
true
|
Ssdeep: |
393216:rcnUpN33OZzSqPcAls+0DWjcukbdlDBSarqbVcAUfyU6b:4nU/+Fc6soGJhrqbVcrZO
|
Size: |
20133249
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Parts of this applications are using Borland Delphi (Probably coded in Delphi) |
System Summary |
|
Reads software policies |
System Summary |
System Information Discovery
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmp
|
Category: |
dropped
|
Dump: |
is-KAK7L.tmp.5.dr
|
ID: |
dr_35
|
Target ID: |
5
|
Process: |
C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.5671939633705705
|
Encrypted: |
false
|
Ssdeep: |
49152:ldJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQN333KT:bJYVM+LtVt3P/KuG2ONG9iqLRQN333a
|
Size: |
3308605
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp
|
Category: |
dropped
|
Dump: |
is-LOG4N.tmp.5.dr
|
ID: |
dr_36
|
Target ID: |
5
|
Process: |
C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
|
Type: |
PE32+ executable (GUI) x86-64, for MS Windows
|
Entropy: |
7.999140728183588
|
Encrypted: |
true
|
Ssdeep: |
393216:pmxB7gGhcgOhRITRP87kAt1zDB5uuICSnumNZrfcdRcXlb2tX/:yZVey84y1DuuxlkidCXUx
|
Size: |
18222592
|
Whitelisted: |
false
|
Reputation: |
low
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
|
C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy)
|
Category: |
dropped
|
Dump: |
is-KAK7L.tmp.5.dr
|
ID: |
dr_39
|
Target ID: |
5
|
Process: |
C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.5671939633705705
|
Encrypted: |
false
|
Ssdeep: |
49152:ldJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQN333KT:bJYVM+LtVt3P/KuG2ONG9iqLRQN333a
|
Size: |
3308605
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy)
|
Category: |
dropped
|
Dump: |
is-LOG4N.tmp.5.dr
|
ID: |
dr_40
|
Target ID: |
5
|
Process: |
C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp
|
Type: |
PE32+ executable (GUI) x86-64, for MS Windows
|
Entropy: |
7.999140728183588
|
Encrypted: |
true
|
Ssdeep: |
393216:pmxB7gGhcgOhRITRP87kAt1zDB5uuICSnumNZrfcdRcXlb2tX/:yZVey84y1DuuxlkidCXUx
|
Size: |
18222592
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Contains functionality to query local / system time |
Language, Device and Operating System Detection |
System Information Discovery
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
|
Category: |
dropped
|
Dump: |
version-checker-win-x64.exe.10.dr
|
ID: |
dr_41
|
Target ID: |
10
|
Process: |
C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe
|
Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.998318944962498
|
Encrypted: |
true
|
Ssdeep: |
393216:Fm1gr1pHcLWZNIciK8UKyStalGn90TC/Y+Xr9eX0O5+tZiRi5uV:6Sbnf8Vbtz90OV7lOAt6WQ
|
Size: |
18201888
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Checks for available system drives (often done to infect USB drives) |
Spreading |
Replication Through Removable Media
Peripheral Device Discovery
|
Contains functionality to check if a debugger is running (IsDebuggerPresent) |
Anti Debugging |
Security Software Discovery
|
Contains functionality to communicate with device drivers |
System Summary |
|
Contains functionality to query CPU information (cpuid) |
Language, Device and Operating System Detection |
System Information Discovery
|
Contains functionality to query locales information (e.g. system language) |
Language, Device and Operating System Detection |
System Information Discovery
|
Contains functionality to read the PEB |
Anti Debugging |
|
Contains functionality which may be used to detect a debugger (GetProcessHeap) |
Anti Debugging |
Security Software Discovery
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Detected potential crypto function |
System Summary |
|
Drops PE files |
Persistence and Installation Behavior |
|
File is packed with WinRar |
Data Obfuscation |
|
Found potential string decryption / allocating functions |
System Summary |
Obfuscated Files or Information
Deobfuscate/Decode Files or Information
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
Obfuscated Files or Information
|
Checks the free space of harddrives |
Malware Analysis System Evasion |
System Information Discovery
|
Contains functionality for error logging |
System Summary |
|
Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
Contains functionality to load and extract PE file embedded resources |
System Summary |
|
Contains functionality to query system information |
Malware Analysis System Evasion |
System Information Discovery
|
Contains functionality to query windows version |
Language, Device and Operating System Detection |
System Information Discovery
|
Contains functionality to register its own exception handler |
Anti Debugging |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Might use command line arguments |
System Summary |
Command and Scripting Interpreter
|
Program exit points |
Malware Analysis System Evasion |
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\MSI2254.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI2254.tmp
|
Category: |
dropped
|
Dump: |
MSI2254.tmp.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Creates temporary files |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\MSI22D2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI22D2.tmp
|
Category: |
dropped
|
Dump: |
MSI22D2.tmp.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI2312.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI2312.tmp
|
Category: |
dropped
|
Dump: |
MSI2312.tmp.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI2332.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI2332.tmp
|
Category: |
dropped
|
Dump: |
MSI2332.tmp.0.dr
|
ID: |
dr_3
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI2362.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI2362.tmp
|
Category: |
dropped
|
Dump: |
MSI2362.tmp.0.dr
|
ID: |
dr_4
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI242E.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI242E.tmp
|
Category: |
dropped
|
Dump: |
MSI242E.tmp.0.dr
|
ID: |
dr_5
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI245E.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI245E.tmp
|
Category: |
dropped
|
Dump: |
MSI245E.tmp.0.dr
|
ID: |
dr_6
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI5736.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI5736.tmp
|
Category: |
dropped
|
Dump: |
MSI5736.tmp.0.dr
|
ID: |
dr_7
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\MSI5766.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\MSI5766.tmp
|
Category: |
dropped
|
Dump: |
MSI5766.tmp.0.dr
|
ID: |
dr_8
|
Target ID: |
0
|
Process: |
C:\Windows\System32\msiexec.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.608727172078022
|
Encrypted: |
false
|
Ssdeep: |
24576:2Nmq6KGDx4JYKcP/+h0lhSMXl+GGXo8Wea/xwuX:Ymq6KGk/cHrOGGY8Wea/xwuX
|
Size: |
1021792
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Category: |
dropped
|
Dump: |
version-checker-won-x64.exe.11.dr
|
ID: |
dr_42
|
Target ID: |
11
|
Process: |
C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
|
Type: |
PE32+ executable (GUI) x86-64, for MS Windows
|
Entropy: |
7.996888036807003
|
Encrypted: |
true
|
Ssdeep: |
393216:B6AcUXZL01+l+uq+Vvz1+TtIiFo0VkscWLeG2tP6cjE4:wi01+l+uqgvz1QtIm5f2tPFE4
|
Size: |
18301069
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Tries to harvest and steal browser information (history, passwords, etc) |
Stealing of Sensitive Information |
|
Contains functionality to open a port and listen for incoming connection (possibly a backdoor) |
Remote Access Functionality |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Drops PE files |
Persistence and Installation Behavior |
|
Extensive use of GetProcAddress (often used to hide API calls) |
Hooking and other Techniques for Hiding and Protection |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
Found evasive API chain checking for process token information |
Malware Analysis System Evasion |
|
Found large amount of non-executed APIs |
Malware Analysis System Evasion |
|
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines) |
Malware Analysis System Evasion |
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
Contains functionality to create a new security descriptor |
HIPS / PFW / Operating System Protection Evasion |
|
Contains functionality to query time zone information |
Language, Device and Operating System Detection |
|
Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
Queries process information (via WMI, Win32_Process) |
System Summary |
System Information Discovery
Windows Management Instrumentation
|
Spawns processes |
System Summary |
|
Tries to load missing DLLs |
System Summary |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd
|
Category: |
dropped
|
Dump: |
_ARC4.pyd.12.dr
|
ID: |
dr_95
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.704418348721006
|
Encrypted: |
false
|
Ssdeep: |
96:nDzsc9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDj90OcX6gY/7ECFV:Dzs69damqTrpYTst0E5DjPcqgY/79X
|
Size: |
11264
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd
|
Category: |
dropped
|
Dump: |
_Salsa20.pyd.12.dr
|
ID: |
dr_96
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.968532257508093
|
Encrypted: |
false
|
Ssdeep: |
96:JF3rugNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDq4wYH/kcX6G:tF/1nb2mhQtkXHTeZ87VDqyMcqgYvEp
|
Size: |
13312
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd
|
Category: |
dropped
|
Dump: |
_chacha20.pyd.12.dr
|
ID: |
dr_97
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.061520684813544
|
Encrypted: |
false
|
Ssdeep: |
192:cdF/1nb2mhQtkXn0t/WS60YYDEbqvdvGyv9lkVcqgYvEMo:e2f6XSZ6XYD5vdvGyv9MgYvEMo
|
Size: |
13824
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd
|
Category: |
dropped
|
Dump: |
_pkcs1_decode.pyd.12.dr
|
ID: |
dr_98
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.236611028290556
|
Encrypted: |
false
|
Ssdeep: |
192:osiHXqpoUol3xZhRyQX5lDnRDFFav+tcqgRvE:K6D+XBDfDgRvE
|
Size: |
13824
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd
|
Category: |
dropped
|
Dump: |
_raw_aes.pyd.12.dr
|
ID: |
dr_109
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
6.558039926510444
|
Encrypted: |
false
|
Ssdeep: |
384:Dz5P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuTLg46:DzdqWB7YJlmLJ3oD/S4j990th9VTsC
|
Size: |
36352
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd
|
Category: |
dropped
|
Dump: |
_raw_aesni.pyd.12.dr
|
ID: |
dr_110
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.285246086368036
|
Encrypted: |
false
|
Ssdeep: |
192:jJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4mqccqgwYUMvEW:ZkRwi3wO26Ef+yuIm9PfDewgwYUMvE
|
Size: |
15872
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd
|
Category: |
dropped
|
Dump: |
_raw_arc2.pyd.12.dr
|
ID: |
dr_111
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.505232918566824
|
Encrypted: |
false
|
Ssdeep: |
192:9d9VkyQ5f8vjVaCHpKpTTjaNe7oca2DWZQ2dhmdcqgwNeecBih:rkP5cjIGpKlqD2DakzgwNeE
|
Size: |
16384
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd
|
Category: |
dropped
|
Dump: |
_raw_blowfish.pyd.12.dr
|
ID: |
dr_112
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
6.061115794354147
|
Encrypted: |
false
|
Ssdeep: |
384:pUv5cJMOZA0nmwBD+XpJgLa0Mp8QHg4P2llyM:GK1XBD+DgLa1gTi
|
Size: |
20992
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd
|
Category: |
dropped
|
Dump: |
_raw_cast.pyd.12.dr
|
ID: |
dr_113
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
6.475398255636883
|
Encrypted: |
false
|
Ssdeep: |
384:Zc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy7IYgLWi:q6H1TZXX5XmrXA+NNxWi0dLWi
|
Size: |
25088
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd
|
Category: |
dropped
|
Dump: |
_raw_cbc.pyd.12.dr
|
ID: |
dr_114
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.839420412830416
|
Encrypted: |
false
|
Ssdeep: |
192:CF/1nb2mhQtkr+juOxKbDbRHcqgYvEkrK:42f6iuOsbDXgYvEmK
|
Size: |
12288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd
|
Category: |
dropped
|
Dump: |
_raw_cfb.pyd.12.dr
|
ID: |
dr_115
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.905258571193623
|
Encrypted: |
false
|
Ssdeep: |
192:fRgPX8lvI+KnwSDTPUDEnKWPXcqgzQkvEd:4og9rUD/mpgzQkvE
|
Size: |
13824
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd
|
Category: |
dropped
|
Dump: |
_raw_ctr.pyd.12.dr
|
ID: |
dr_116
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.300728193650235
|
Encrypted: |
false
|
Ssdeep: |
192:jGYJ1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDr6krRcqgUF6+6vEX:jR01si8XSi3SACqe7tDlDgUUjvE
|
Size: |
14848
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd
|
Category: |
dropped
|
Dump: |
_raw_des.pyd.12.dr
|
ID: |
dr_117
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.260136375669177
|
Encrypted: |
false
|
Ssdeep: |
384:9RUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZvZY0JAIg+v:9rHGHfJidIK
|
Size: |
57856
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd
|
Category: |
dropped
|
Dump: |
_raw_des3.pyd.12.dr
|
ID: |
dr_118
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.276947153784193
|
Encrypted: |
false
|
Ssdeep: |
384:98Uqho9weF5/eHkRnYcZiGKdZHDL7idErZ8ZYXGg:9gCneH//idv2
|
Size: |
58368
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd
|
Category: |
dropped
|
Dump: |
_raw_ecb.pyd.12.dr
|
ID: |
dr_125
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.579354442149926
|
Encrypted: |
false
|
Ssdeep: |
96:j0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwoYPj15XkcX6gbW6z:pVddiT7pgTctEEI4qXDe11kcqgbW6
|
Size: |
10752
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd
|
Category: |
dropped
|
Dump: |
_raw_eksblowfish.pyd.12.dr
|
ID: |
dr_126
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
6.143744403797058
|
Encrypted: |
false
|
Ssdeep: |
384:7Uv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Qy0gYP2lXCM:UKR8I+K0lDFQgLa1WzU
|
Size: |
22016
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd
|
Category: |
dropped
|
Dump: |
_raw_ocb.pyd.12.dr
|
ID: |
dr_127
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.353670931504009
|
Encrypted: |
false
|
Ssdeep: |
384:tPHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8Ng6Vf4A:DPcnB8KSsB34cb+bcOYpMCBDB
|
Size: |
17920
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd
|
Category: |
dropped
|
Dump: |
_raw_ofb.pyd.12.dr
|
ID: |
dr_128
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
4.741875402338703
|
Encrypted: |
false
|
Ssdeep: |
192:sCF/1nb2mhQtkgU7L9D0E7tfcqgYvEJPb:N2f6L9D5JxgYvEJj
|
Size: |
12288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd
|
Category: |
dropped
|
Dump: |
_BLAKE2b.pyd.12.dr
|
ID: |
dr_129
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.213290591994899
|
Encrypted: |
false
|
Ssdeep: |
192:oF/1nb2mhQtkRySMfJ2ycxFzShJD9dAal2QDeJKcqgQx2QY:C2fKRQB2j8JD4fJagQx2QY
|
Size: |
14848
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd
|
Category: |
dropped
|
Dump: |
_BLAKE2s.pyd.12.dr
|
ID: |
dr_130
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.181893965844124
|
Encrypted: |
false
|
Ssdeep: |
192:cF/1nb2mhQt7fSOp/CJPvADQoKtxSOvbcqgEvcM+:22fNKOZWPIDMxVlgEvL
|
Size: |
14336
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd
|
Category: |
dropped
|
Dump: |
_MD2.pyd.12.dr
|
ID: |
dr_131
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.1399121410532445
|
Encrypted: |
false
|
Ssdeep: |
192:HsiHXqpo0cUp8XnUp8XjEQnlDtTI6rcqgcx2:J6DcUp8XUp8AclDy69gcx2
|
Size: |
14336
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd
|
Category: |
dropped
|
Dump: |
_MD4.pyd.12.dr
|
ID: |
dr_132
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.204576067987685
|
Encrypted: |
false
|
Ssdeep: |
192:JsiHXqpwUiv6wPf+4WVrd1DFrXqwWwcqgfvE:36biio2Pd1DFrlgfvE
|
Size: |
13824
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd
|
Category: |
dropped
|
Dump: |
_MD5.pyd.12.dr
|
ID: |
dr_133
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.4787123381499825
|
Encrypted: |
false
|
Ssdeep: |
192:3Z9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZuRsP0rcqgjPrvE:SQ0gH7zSccA5J6ECTGmDMa89gjPrvE
|
Size: |
15360
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd
|
Category: |
dropped
|
Dump: |
_RIPEMD160.pyd.12.dr
|
ID: |
dr_134
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.69653684522693
|
Encrypted: |
false
|
Ssdeep: |
384:pkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+D0ngkov:2nx7RI26LuuHKz8+D5N
|
Size: |
18432
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd
|
Category: |
dropped
|
Dump: |
_SHA1.pyd.12.dr
|
ID: |
dr_135
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.798411671336839
|
Encrypted: |
false
|
Ssdeep: |
384:cPHNP3MjevhSY/8EBbVxcJ0ihTLdFDUPHgj+kf4D:mPcKvr/jUJ0sbDoAj+t
|
Size: |
19456
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd
|
Category: |
dropped
|
Dump: |
_SHA224.pyd.12.dr
|
ID: |
dr_136
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.86552932624144
|
Encrypted: |
false
|
Ssdeep: |
384:V1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOhwgjxo:XjwyJUYToZwOLuzDNU1j
|
Size: |
22016
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd
|
Category: |
dropped
|
Dump: |
_SHA256.pyd.12.dr
|
ID: |
dr_137
|
Target ID: |
12
|
Process: |
C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe
|
Type: |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
Entropy: |
5.867427817795374
|
Encrypted: |
false
|
Ssdeep: |
384:b1jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNWegjxo:ZjwyJOYToZwOLuzDNW7j
|
Size: |
22016
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd
|
Category: |
dropped
|
Dump: |
_SHA384.pyd.12.dr
|
ID: |
dr_138
|
Target ID: |
12 | |