Source: Bewerbungsschreiben.exe | Virustotal: Detection: 27% | Perma Link |
Source: Bewerbungsschreiben.exe | Joe Sandbox ML: detected |
Source: Bewerbungsschreiben.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 0_2_00007FFA35A32BE7 | 0_2_00007FFA35A32BE7 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 2_2_0031D819 | 2_2_0031D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 2_2_00319369 | 2_2_00319369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 2_2_00313FE8 | 2_2_00313FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 3_2_00423FE8 | 3_2_00423FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 3_2_00429369 | 3_2_00429369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 3_2_0042D819 | 3_2_0042D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 4_2_00D39369 | 4_2_00D39369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 4_2_00D33FE8 | 4_2_00D33FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 4_2_00D3D819 | 4_2_00D3D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 5_2_00F59369 | 5_2_00F59369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 5_2_00F53FE8 | 5_2_00F53FE8 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 5_2_00F5D819 | 5_2_00F5D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 6_2_0037D819 | 6_2_0037D819 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 6_2_00379369 | 6_2_00379369 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 6_2_00373FE8 | 6_2_00373FE8 |
Source: Bewerbungsschreiben.exe, 00000000.00000002.669510440.000000001BCA0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamePositiveSign.dll< vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.669260070.000000001B820000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSoapName.dll2 vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000000.658437026.0000000000C96000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.669163828.000000001B780000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.666891379.0000000001219000.00000004.00000020.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameLmHUZrzoUwNIKJkNITHH.exe4 vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000002.00000000.662939455.0000000000396000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000003.00000002.664096938.00000000004A6000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000004.00000002.664916914.0000000000DB6000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000005.00000002.665611516.0000000000FD6000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe, 00000006.00000002.666445214.00000000003F6000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe | Binary or memory string: OriginalFilenameOutOfMemoryException.exe vs Bewerbungsschreiben.exe |
Source: Bewerbungsschreiben.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: classification engine | Classification label: mal72.troj.evad.winEXE@11/1@0/0 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bewerbungsschreiben.exe.log | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Mutant created: \Sessions\1\BaseNamedObjects\JPCTvSGJRYCL |
Source: Bewerbungsschreiben.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: Bewerbungsschreiben.exe | Virustotal: Detection: 27% |
Source: unknown | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe 'C:\Users\user\Desktop\Bewerbungsschreiben.exe' | |
Source: unknown | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | |
Source: unknown | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | |
Source: unknown | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | |
Source: unknown | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | |
Source: unknown | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll | Jump to behavior |
Source: Bewerbungsschreiben.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: Bewerbungsschreiben.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: initial sample | Static PE information: section name: .text entropy: 7.80392973587 |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Yara match | File source: 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Bewerbungsschreiben.exe PID: 6424, type: MEMORY |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | Binary or memory string: SBIEDLL.DLL |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Code function: 2_2_0031471C sldt word ptr [edx] | 2_2_0031471C |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe TID: 1680 | Thread sleep time: -54969s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe TID: 1836 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: Bewerbungsschreiben.exe, 00000000.00000002.667200650.0000000002EC1000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process information queried: ProcessInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process token adjusted: Debug | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Memory allocated: page read and write | page guard | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Process created: C:\Users\user\Desktop\Bewerbungsschreiben.exe C:\Users\user\Desktop\Bewerbungsschreiben.exe | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Queries volume information: C:\Users\user\Desktop\Bewerbungsschreiben.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\Bewerbungsschreiben.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid | Jump to behavior |
Source: Yara match | File source: 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Bewerbungsschreiben.exe PID: 6424, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.667795575.0000000012ED1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Bewerbungsschreiben.exe PID: 6424, type: MEMORY |