Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe
Analysis ID:	1617649
MD5:	b5563d46fab00984999c0ecb16bd0256
SHA1:	2c69a0ba54e3df3543bedfa9ec6cacfe7b5e2404
SHA256:	c6f441e5281b224ea5f28a25609475965c677663c648d4732cc34ecee8459830
Tags:	exeuser-SecuriteInfoCom
Infos:

Detection

AgentTesla, GuLoader

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected GuLoader

Joe Sandbox ML detected suspicious sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Switches to a custom stack to bypass stack traces

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe (PID: 396 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe" MD5: B5563D46FAB00984999C0ECB16BD0256)

SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe (PID: 3244 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe" MD5: B5563D46FAB00984999C0ECB16BD0256)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://inhanoi.net.vn", "Username": "newboxoffice@inhanoi.net.vn", "Password": "^TSt3!FK$UBA"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000004.00000002.4253028764.0000000032D1C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000004.00000002.4253028764.0000000032CF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.4253028764.0000000032CF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1980240094.0000000005478000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe PID: 396	JoeSecurity_GuLoader_3	Yara detected GuLoader	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe PID: 3244	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe PID: 3244	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 2 entries

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-18T06:27:41.774077+0100	2803270	2	Potentially Bad Traffic	192.168.2.4	49738	172.217.18.14	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe.3244.4.memstrmin

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://inhanoi.net.vn", "Username": "newboxoffice@inhanoi.net.vn", "Password": "^TSt3!FK$UBA"}

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Virustotal: Detection: 23%

Perma Link

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.129:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 0_2_00405FFD FindFirstFileA,FindClose,	0_2_00405FFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 0_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_0040559B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_00405FFD FindFirstFileA,FindClose,	4_2_00405FFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_00402688 FindFirstFileA,	4_2_00402688
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	4_2_0040559B

Source: global traffic

TCP traffic: 192.168.2.4:54917 -> 162.159.36.2:53

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 45.252.248.26 45.252.248.26

Source: Joe Sandbox View

ASN Name: AZDIGI-AS-VNAZDIGICorporationVN AZDIGI-AS-VNAZDIGICorporationVN

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic

Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49738 -> 172.217.18.14:443

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: inhanoi.net.vn

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4253028764.0000000032D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://inhanoi.net.vn
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4253028764.0000000032CA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4253028764.0000000032CA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4253028764.0000000032CA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4253028764.0000000032CA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/t
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.0000000002488000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.00000000024C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4252513480.0000000031D70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.00000000024C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73#
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100602228.0000000002511000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2115788681.000000000250E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100553261.000000000250E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.000000000250E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/12
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100602228.0000000002511000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2115788681.000000000250E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100553261.000000000250E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.000000000250E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/d
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.00000000024F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100602228.0000000002511000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2115788681.00000000024F2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100553261.000000000250E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73&export=download
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100602228.0000000002511000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100553261.000000000250E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73&export=downloadd0
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100602228.0000000002511000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2100553261.000000000250E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1F5xciwj-aCR3PTy0qxCEs8BDk3CdEw73&export=downloade
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064744500.0000000002514000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2064863701.0000000002514000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 172.217.18.14:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.129:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49740 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Code function: 0_2_00405050 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405050

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_004030D9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		4_2_004030D9

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

File created: C:\Windows\resources\0809

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 0_2_00406344	0_2_00406344
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 0_2_0040488F	0_2_0040488F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_00406344	4_2_00406344
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_0040488F	4_2_0040488F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_02424A58	4_2_02424A58
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_0242DAA8	4_2_0242DAA8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_0242ABF9	4_2_0242ABF9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_0242A9E0	4_2_0242A9E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_02423E40	4_2_02423E40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_02424188	4_2_02424188
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_3546F7C4	4_2_3546F7C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_3546B290	4_2_3546B290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35469C48	4_2_35469C48
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BCB6E8	4_2_35BCB6E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BC7E28	4_2_35BC7E28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BC5650	4_2_35BC5650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BC3110	4_2_35BC3110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BCB2C7	4_2_35BCB2C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BCC218	4_2_35BCC218
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BC8470	4_2_35BC8470
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Code function: 4_2_35BC7748	4_2_35BC7748

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000000.00000002.1972247975.0000000000436000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameundfangelsen resurceanvendelser.exeDVarFileInfo$ vs SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4252717476.0000000032A09000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2115788681.000000000250E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4233413828.0000000000436000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameundfangelsen resurceanvendelser.exeDVarFileInfo$ vs SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.000000000250E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Binary or memory string: OriginalFilenameundfangelsen resurceanvendelser.exeDVarFileInfo$ vs SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Section loaded: wintypes.dll	Jump to behavior

Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: 00000000.00000002.1980240094.0000000005478000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	API/Special instruction interceptor: Address: 58B48C8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	API/Special instruction interceptor: Address: 1C248C8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	RDTSC instruction interceptor: First address: 585C9DB second address: 585C9DB instructions: 0x00000000 rdtsc 0x00000002 cmp edx, 74374FBFh 0x00000008 cmp ebx, ecx 0x0000000a jc 00007FB91CC15F0Ch 0x0000000c cmp ax, bx 0x0000000f cmp bx, dx 0x00000012 inc ebp 0x00000013 test eax, edx 0x00000015 inc ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	RDTSC instruction interceptor: First address: 1BCC9DB second address: 1BCC9DB instructions: 0x00000000 rdtsc 0x00000002 cmp edx, 74374FBFh 0x00000008 cmp ebx, ecx 0x0000000a jc 00007FB91CE56FBCh 0x0000000c cmp ax, bx 0x0000000f cmp bx, dx 0x00000012 inc ebp 0x00000013 test eax, edx 0x00000015 inc ebx 0x00000016 rdtsc

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Memory allocated: 23E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Memory allocated: 32CA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Memory allocated: 32A10000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599453	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598796	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598353	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598250	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598140	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 598031	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597921	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597812	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597703	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597593	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597484	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597375	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597265	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597156	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 597046	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596937	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596828	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596718	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596607	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596500	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596390	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596279	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596171	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 596062	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595953	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595843	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595734	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595625	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595515	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595296	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 594968	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 594748	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Thread delayed: delay time: 594640	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Window / User API: threadDelayed 8922			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Window / User API: threadDelayed 939			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 1344	Thread sleep count: 8922 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 1344	Thread sleep count: 939 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598796s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598353s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -598031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597812s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -597046s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596937s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596828s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596718s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596607s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596390s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596279s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596171s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -596062s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595843s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595515s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595296s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -594968s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -594859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -594748s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe TID: 6548	Thread sleep time: -594640s >= -30000s	Jump to behavior

Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000000.00000002.1974204572.0000000000698000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.00000000024C1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.00000000024F8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000003.2115788681.00000000024FC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe, 00000004.00000002.4234694035.0000000002488000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh7M

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	API call chain: ExitProcess graph end node			graph_0-4746
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	API call chain: ExitProcess graph end node			graph_0-4749

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: Yara match	File source: 00000004.00000002.4253028764.0000000032D1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.4253028764.0000000032CF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe PID: 3244, type: MEMORYSTR

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	3 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	226 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 Process Injection	2 Obfuscated Files or Information	Security Account Manager	311 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	141 Virtualization/Sandbox Evasion	Distributed Component Object Model	1 Clipboard Data	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Masquerading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	141 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.5457.19170.exe