Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
ReversingLabs: Detection: 56% |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Joe Sandbox ML: detected |
Source: 11.1.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: Joe Sandbox View |
IP Address: 162.159.137.232 162.159.137.232 |
Source: Joe Sandbox View |
IP Address: 162.159.135.233 162.159.135.233 |
Source: Joe Sandbox View |
JA3 fingerprint: ce5f3254611a8c095a3d821d44539877 |
Source: unknown |
DNS traffic detected: queries for: discord.com |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: ftp://ftp.kunwersachdev.com/maerst |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: http://JvKUzM.com |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
String found in binary or memory: http://gorohov.narod.ru/index.htm |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
String found in binary or memory: http://gorohov.narod.ru/index.htmS |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: unknown |
Network traffic detected: HTTP traffic on port 49733 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49733 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49732 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49732 -> 443 |
Source: initial sample |
Static PE information: Filename: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00408C60 |
11_2_00408C60 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_0040DC11 |
11_2_0040DC11 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00407C3F |
11_2_00407C3F |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00418CCC |
11_2_00418CCC |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00406CA0 |
11_2_00406CA0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004028B0 |
11_2_004028B0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_0041A4BE |
11_2_0041A4BE |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00418244 |
11_2_00418244 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00401650 |
11_2_00401650 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00402F20 |
11_2_00402F20 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004193C4 |
11_2_004193C4 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00418788 |
11_2_00418788 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00402F89 |
11_2_00402F89 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00402B90 |
11_2_00402B90 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004073A0 |
11_2_004073A0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_023EF758 |
11_2_023EF758 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_023E3D93 |
11_2_023E3D93 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_023E0C60 |
11_2_023E0C60 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_023E0C50 |
11_2_023E0C50 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_04A700E0 |
11_2_04A700E0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_04A700D0 |
11_2_04A700D0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_04A70073 |
11_2_04A70073 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_05BB4950 |
11_2_05BB4950 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_05BB2A38 |
11_2_05BB2A38 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_05BB1E20 |
11_2_05BB1E20 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_05BB2168 |
11_2_05BB2168 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00408C60 |
11_1_00408C60 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_0040DC11 |
11_1_0040DC11 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00407C3F |
11_1_00407C3F |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00418CCC |
11_1_00418CCC |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00406CA0 |
11_1_00406CA0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_004028B0 |
11_1_004028B0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_0041A4BE |
11_1_0041A4BE |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00418244 |
11_1_00418244 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00401650 |
11_1_00401650 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00402F20 |
11_1_00402F20 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_004193C4 |
11_1_004193C4 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00418788 |
11_1_00418788 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00402F89 |
11_1_00402F89 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00402B90 |
11_1_00402B90 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_004073A0 |
11_1_004073A0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: String function: 0040D606 appears 48 times |
|
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: String function: 0040E1D8 appears 88 times |
|
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Static PE information: invalid certificate |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918795043.00000000036E4000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameLkFCDrqOCOdatOyKIEUEwX.exe4 vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918795043.00000000036E4000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilename_.dll4 vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919463877.0000000004A40000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919787092.0000000005750000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewbemdisp.tlbj% vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919446938.0000000004A30000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamenlsbres.dllj% vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919809687.0000000005760000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.917830550.000000000273A000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameclrjit.dllT vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.917830550.000000000273A000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilename vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.917830550.000000000273A000.00000004.00000001.sdmp |
Binary or memory string: 3l,\\StringFileInfo\\040904B0\\OriginalFilename vs PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Section loaded: mscorjit.dll |
Jump to behavior |
Source: classification engine |
Classification label: mal92.troj.evad.winEXE@3/0@2/2 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
11_2_004019F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
11_2_004019F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Command line argument: 08A |
11_2_00413780 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Command line argument: 08A |
11_2_00413780 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Command line argument: 08A |
11_1_00413780 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
ReversingLabs: Detection: 56% |
Source: unknown |
Process created: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe 'C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe' |
|
Source: unknown |
Process created: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
|
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process created: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Static file information: File size 1218752 > 1048576 |
Source: |
Binary string: _.pdb source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.918795043.00000000036E4000.00000004.00000001.sdmp |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Unpacked PE file: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R; |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Unpacked PE file: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.400000.0.unpack |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
11_2_004019F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041C6470 push ecx; mov dword ptr [esp], edx |
0_3_041C6475 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DA574 push 0042AB4Bh; ret |
0_3_041DA5BB |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041C658C push ecx; mov dword ptr [esp], edx |
0_3_041C6591 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041C65D0 push ecx; mov dword ptr [esp], edx |
0_3_041C65D5 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041E55CC push ecx; mov dword ptr [esp], ecx |
0_3_041E55D0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041D8678 push 00428C2Ch; ret |
0_3_041D869C |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041D86B8 push 00428C6Ch; ret |
0_3_041D86DC |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041D96A0 push 00429C66h; ret |
0_3_041D96D6 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041C46C4 push 00414C99h; ret |
0_3_041C4709 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041D96E8 push 00429C9Ch; ret |
0_3_041D970C |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041D9720 push 00429CE0h; ret |
0_3_041D9750 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041BD77C push 0040DE80h; ret |
0_3_041BD8F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041C478C push 00414D40h; ret |
0_3_041C47B0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DF014 push 0042F611h; ret |
0_3_041DF081 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC08C push 0042C640h; ret |
0_3_041DC0B0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DF08C push 0042F66Dh; ret |
0_3_041DF0DD |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041F1088 push 0044163Ch; ret |
0_3_041F10AC |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC0C4 push 0042C678h; ret |
0_3_041DC0E8 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC0FC push 0042C6B0h; ret |
0_3_041DC120 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DE0F8 push 0042E6D9h; ret |
0_3_041DE149 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC13C push 0042C6F0h; ret |
0_3_041DC160 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041B613C push 004066F0h; ret |
0_3_041B6160 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041BE144 push 0040E6F8h; ret |
0_3_041BE168 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC174 push 0042C728h; ret |
0_3_041DC198 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DE194 push 0042E754h; ret |
0_3_041DE1C4 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041B61B4 push 00406768h; ret |
0_3_041B61D8 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC1AC push 0042C760h; ret |
0_3_041DC1D0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DB1D4 push 0042B7A8h; ret |
0_3_041DB218 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DC1E4 push 0042C798h; ret |
0_3_041DC208 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041B71E0 push 00407794h; ret |
0_3_041B7204 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 0_3_041DE228 push 0042E7DCh; ret |
0_3_041DE24C |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
File created: \pro forma invoice - - magautkcp (24-nov-20).exe |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Registry key monitored for changes: HKEY_CURRENT_USER_Classes |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
11_2_004019F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Window / User API: threadDelayed 639 |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Window / User API: threadDelayed 9198 |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe TID: 5596 |
Thread sleep count: 49 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe TID: 5596 |
Thread sleep time: -45194522980588373s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe TID: 5512 |
Thread sleep count: 639 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe TID: 5512 |
Thread sleep count: 9198 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919809687.0000000005760000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919809687.0000000005760000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919809687.0000000005760000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.919809687.0000000005760000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
11_2_0040CE09 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
11_2_004019F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear, |
11_2_004019F0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_0040ADB0 GetProcessHeap,HeapFree, |
11_2_0040ADB0 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process token adjusted: Debug |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
11_2_0040CE09 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
11_2_0040E61C |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
11_2_00416F6A |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_004123F1 SetUnhandledExceptionFilter, |
11_2_004123F1 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
11_1_0040CE09 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
11_1_0040E61C |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
11_1_00416F6A |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_1_004123F1 SetUnhandledExceptionFilter, |
11_1_004123F1 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Memory written: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe base: 400000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Process created: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Jump to behavior |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.916311863.0000000000CB0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.916311863.0000000000CB0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.916311863.0000000000CB0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe, 0000000B.00000002.916311863.0000000000CB0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: GetLocaleInfoA, |
11_2_00417A20 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: GetLocaleInfoA, |
11_1_00417A20 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Queries volume information: unknown VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, |
11_2_00412A15 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Code function: 11_2_05BB4744 GetUserNameW, |
11_2_05BB4744 |
Source: C:\Users\user\Desktop\PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: Yara match |
File source: 0000000B.00000002.918795043.00000000036E4000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.917038973.0000000002680000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.916512263.0000000002380000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000003.765764476.000000000086E000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.916402342.00000000022A6000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe PID: 6944, type: MEMORY |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2380000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2680000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2380000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2680000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe PID: 6944, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.918795043.00000000036E4000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.917038973.0000000002680000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.916512263.0000000002380000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000003.765764476.000000000086E000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.918550525.00000000027B7000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000B.00000002.916402342.00000000022A6000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe PID: 6944, type: MEMORY |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2380000.1.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2680000.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2380000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 11.2.PRO FORMA INVOICE - - MAGAUTKCP (24-Nov-20).exe.2680000.2.raw.unpack, type: UNPACKEDPE |