Source: Bewerbungsschreiben.exe |
Virustotal: Detection: 27% |
Perma Link |
Source: Bewerbungsschreiben.exe |
Joe Sandbox ML: detected |
Source: Bewerbungsschreiben.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 0_2_00007FFA35A32BE7 |
0_2_00007FFA35A32BE7 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 2_2_0031D819 |
2_2_0031D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 2_2_00319369 |
2_2_00319369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 2_2_00313FE8 |
2_2_00313FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 3_2_00423FE8 |
3_2_00423FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 3_2_00429369 |
3_2_00429369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 3_2_0042D819 |
3_2_0042D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 4_2_00D39369 |
4_2_00D39369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 4_2_00D33FE8 |
4_2_00D33FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 4_2_00D3D819 |
4_2_00D3D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 5_2_00F59369 |
5_2_00F59369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 5_2_00F53FE8 |
5_2_00F53FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 5_2_00F5D819 |
5_2_00F5D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 6_2_0037D819 |
6_2_0037D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 6_2_00379369 |
6_2_00379369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 6_2_00373FE8 |
6_2_00373FE8 |
Source: Bewerbungsschreiben.exe, 00000000.00000002.669510440.000000001BCA0000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamePositiveSign.dll< vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.669260070.000000001B820000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSoapName.dll2 vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000000.658437026.0000000000C96000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.669163828.000000001B780000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.666891379.0000000001219000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameLmHUZrzoUwNIKJkNITHH.exe4 vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000002.00000000.662939455.0000000000396000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000003.00000002.664096938.00000000004A6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000004.00000002.664916914.0000000000DB6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000005.00000002.665611516.0000000000FD6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000006.00000002.666445214.00000000003F6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe |
Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: classification engine |
Classification label: mal72.troj.evad.winEXE@11/1@0/0 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bewerbungsschreiben.exe.log |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Mutant created: \Sessions\1\BaseNamedObjects\JPCTvSGJRYCL |
Source: Bewerbungsschreiben.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Bewerbungsschreiben.exe |
Virustotal: Detection: 27% |
Source: unknown |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe 'C:\Users\user\Desktop\Bewerbungsschreiben.exe' |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
|
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll |
Jump to behavior |
Source: Bewerbungsschreiben.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: Bewerbungsschreiben.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: initial sample |
Static PE information: section name: .text entropy: 7.80392973587 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Yara match |
File source: 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Bewerbungsschreiben.exe PID: 6424, type: MEMORY |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
Binary or memory string: SBIEDLL.DLL |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Code function: 2_2_0031471C sldt word ptr [edx] |
2_2_0031471C |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe TID: 1680 |
Thread sleep time: -54969s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe TID: 1836 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp |
Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process token adjusted: Debug |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Queries volume information: C:\Users\user\Desktop\Bewerbungsschreiben.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: Yara match |
File source: 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Bewerbungsschreiben.exe PID: 6424, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Bewerbungsschreiben.exe PID: 6424, type: MEMORY |