Source: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp |
Malware Configuration Extractor: GuLoader {"Payload URL": "https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi}"} |
Source: RICHIESTA DI OFFERTA.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor |
URLs: https://bamontarquitectura.com.mx/IRANSAT_kowbB4.bi} |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_004092BC |
0_2_004092BC |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6692 |
0_2_029B6692 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BE280 |
0_2_029BE280 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6AAB |
0_2_029B6AAB |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B62A3 |
0_2_029B62A3 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B66C7 |
0_2_029B66C7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6EC7 |
0_2_029B6EC7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B36FA |
0_2_029B36FA |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B12E8 |
0_2_029B12E8 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B16E3 |
0_2_029B16E3 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6E00 |
0_2_029B6E00 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B662B |
0_2_029B662B |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1A43 |
0_2_029B1A43 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1276 |
0_2_029B1276 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1664 |
0_2_029B1664 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6F9B |
0_2_029B6F9B |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1783 |
0_2_029B1783 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BAFD7 |
0_2_029BAFD7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B5FF1 |
0_2_029B5FF1 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B63F7 |
0_2_029B63F7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6BEB |
0_2_029B6BEB |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BC329 |
0_2_029BC329 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BDB55 |
0_2_029BDB55 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B634E |
0_2_029B634E |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6778 |
0_2_029B6778 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6B6B |
0_2_029B6B6B |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B709F |
0_2_029B709F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6C93 |
0_2_029B6C93 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B7CAB |
0_2_029B7CAB |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B18FB |
0_2_029B18FB |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B681F |
0_2_029B681F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B7022 |
0_2_029B7022 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B7025 |
0_2_029B7025 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BA455 |
0_2_029BA455 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B684F |
0_2_029B684F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B55A6 |
0_2_029B55A6 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BC5D9 |
0_2_029BC5D9 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B69D8 |
0_2_029B69D8 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B61DC |
0_2_029B61DC |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6138 |
0_2_029B6138 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B692D |
0_2_029B692D |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6D2C |
0_2_029B6D2C |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BAFD7 |
0_2_029BAFD7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6955 |
0_2_029B6955 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6554 |
0_2_029B6554 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B3971 |
0_2_029B3971 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1175 |
0_2_029B1175 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BA969 |
0_2_029BA969 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B156F |
0_2_029B156F |
Source: RICHIESTA DI OFFERTA.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: RICHIESTA DI OFFERTA.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855399216.0000000002210000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameuser32j% vs RICHIESTA DI OFFERTA.exe |
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.854982624.0000000000435000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe |
Source: RICHIESTA DI OFFERTA.exe |
Binary or memory string: OriginalFilenameIndtr8.exe vs RICHIESTA DI OFFERTA.exe |
Source: RICHIESTA DI OFFERTA.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal84.troj.evad.winEXE@1/0@0/0 |
Source: RICHIESTA DI OFFERTA.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: RICHIESTA DI OFFERTA.exe |
Virustotal: Detection: 20% |
Source: Yara match |
File source: 00000000.00000002.856112688.00000000029B0000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_0040C06E push 00000000h; retf |
0_2_0040C0B0 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_00406625 push ebp; iretd |
0_2_0040662F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B0095 pushad ; retf |
0_2_029B0097 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B3429 push 84000002h; retf |
0_2_029B342F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B010B pushad ; retf |
0_2_029B010D |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6692 |
0_2_029B6692 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BE280 |
0_2_029BE280 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6AAB |
0_2_029B6AAB |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B62A3 |
0_2_029B62A3 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B66C7 |
0_2_029B66C7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B36FA |
0_2_029B36FA |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B12E8 |
0_2_029B12E8 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B16E3 |
0_2_029B16E3 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B662B |
0_2_029B662B |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1276 |
0_2_029B1276 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1664 |
0_2_029B1664 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1783 |
0_2_029B1783 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B5FF1 |
0_2_029B5FF1 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B63F7 |
0_2_029B63F7 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B634E |
0_2_029B634E |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6778 |
0_2_029B6778 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B18FB |
0_2_029B18FB |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B681F |
0_2_029B681F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BA455 |
0_2_029BA455 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B684F |
0_2_029B684F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BC5D9 |
0_2_029BC5D9 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B69D8 |
0_2_029B69D8 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B61DC |
0_2_029B61DC |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6138 |
0_2_029B6138 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B692D |
0_2_029B692D |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6955 |
0_2_029B6955 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B6554 |
0_2_029B6554 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B3971 |
0_2_029B3971 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B1175 |
0_2_029B1175 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BA969 |
0_2_029BA969 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B156F |
0_2_029B156F |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
RDTSC instruction interceptor: First address: 00000000029BE352 second address: 00000000029BE352 instructions: |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
RDTSC instruction interceptor: First address: 00000000029BE352 second address: 00000000029BE352 instructions: |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
API coverage: 9.9 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029B7AB1 mov eax, dword ptr fs:[00000030h] |
0_2_029B7AB1 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BC5D9 mov eax, dword ptr fs:[00000030h] |
0_2_029BC5D9 |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BB1FE mov eax, dword ptr fs:[00000030h] |
0_2_029BB1FE |
Source: C:\Users\user\Desktop\RICHIESTA DI OFFERTA.exe |
Code function: 0_2_029BA900 mov eax, dword ptr fs:[00000030h] |
0_2_029BA900 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp |
Binary or memory string: &Program Manager |
Source: RICHIESTA DI OFFERTA.exe, 00000000.00000002.855242988.0000000000D80000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |