Play interactive tour

Edit tour

Windows Analysis Report https://pinnaclepetroleuminc.godaddysites.com/

Overview

General Information

Sample URL:	https://pinnaclepetroleuminc.godaddysites.com/
Analysis ID:	448978
Infos:
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Detected potential crypto function

Queries the volume information (name, serial number etc) of a device

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 4232 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

wget.exe (PID: 5720 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

chrome.exe (PID: 720 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'C:\Users\user\Desktop\download\index.html' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6024 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

HTTPS traffic detected: 72.167.191.83:443 -> 192.168.2.3:49714 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic

Snort IDS: 466 ICMP L3retriever Ping 192.168.2.3: -> 23.10.249.73:

Source: unknown

DNS traffic detected: queries for: pinnaclepetroleuminc.godaddysites.com

Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/0
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.211956778.0000000000CF5000.00000004.00000040.sdmp, cmdline.out.3.dr	String found in binary or memory: http://certs.godaddy.com/repository/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://certs.godaddy.com/repository/1301
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crl
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crl0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crlV
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crlM
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crlj
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.godaddy.com/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.godaddy.com/0
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.godaddy.com/05
Source: index.html.3.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://apis.google.com
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: https://certs.godaddy.com/repository/
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.6.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.6.dr	String found in binary or memory: https://content.googleapis.com
Source: 83efb3ab-45cc-4f9a-b960-a2a9c2594ccb.tmp.7.dr, 0786e044-ff35-44fc-9ee5-40f554e01a64.tmp.7.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.6.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.6.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.6.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.6.dr	String found in binary or memory: https://hangouts.google.com/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: https://img1.wsimg.com
Source: index.html.3.dr	String found in binary or memory: https://img1.wsimg.com/isteam/ip/2c799769-c520-435d-aaec-05af746a3db0/image_2021-07-14_175004.png
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp	String found in binary or memory: https://isteam.wsimg.com
Source: wget.exe, 00000003.00000003.211516799.0000000002BA8000.00000004.00000001.sdmp	String found in binary or memory: https://kenyavalleyapt.buzz/info28962/proposal62271299
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.6.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: wget.exe, 00000003.00000002.211937943.0000000000B10000.00000004.00000020.sdmp, cmdline.out.3.dr, index.html.3.dr	String found in binary or memory: https://pinnaclepetroleuminc.godaddysites.com/
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp	String found in binary or memory: https://pinnaclepetroleuminc.godaddysites.com/M
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://play.google.com
Source: 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://r3---sn-1gieen7e.gvt1.com
Source: 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.6.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json72.6.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json72.6.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: index.html.3.dr	String found in binary or memory: https://www.fontsquirrel.com/license/league-spartan
Source: wget.exe, 00000003.00000002.212548294.0000000002B9F000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.212554022.0000000002BA7000.00000004.00000001.sdmp, index.html.3.dr	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.6.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://www.google.com;
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.6.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.6.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.6.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757

Source: unknown

HTTPS traffic detected: 72.167.191.83:443 -> 192.168.2.3:49714 version: TLS 1.2

Source: C:\Windows\SysWOW64\wget.exe	Code function: 3_2_00D2EB80		3_2_00D2EB80
Source: C:\Windows\SysWOW64\wget.exe	Code function: 3_2_00D2A21A		3_2_00D2A21A

Source: classification engine

Classification label: mal48.win@36/175@4/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4952:120:WilError_01

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\f400f45c-e7e1-4864-8907-8ceadf68bd67.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'C:\Users\user\Desktop\download\index.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/'	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Code function: 3_2_00D2F903 push 00000078h; retf

3_2_00D2F905

Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: wget.exe	Binary or memory string: Hyper-V RAW
Source: wget.exe, 00000003.00000002.211971311.0000000000D18000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\wget.exe

Queries volume information: C:\Users\user\Desktop\download VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	Security Software Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	System Information Discovery12	Remote Desktop Prot

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://pinnaclepetroleuminc.godaddysites.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix