Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Avira: detected |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Virustotal: Detection: 31% | Perma Link |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | ReversingLabs: Detection: 17% |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: initial sample | Icon embedded in PE file: bad icon match: 20047c7c70f0e004 |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BEC119 NtAllocateVirtualMemory, |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe, 00000000.00000002.871466300.0000000000419000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameVOLDFRELSERS.exe vs DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Binary or memory string: OriginalFilenameVOLDFRELSERS.exe vs DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_00403DD6 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_0040415B |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BEC119 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE42B5 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4484 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BECED6 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE303C |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4419 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4245 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE3BBE |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE3BBC |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE2F9B |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4195 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE2F90 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4184 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE452C |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE3700 |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4358 |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Virustotal: Detection: 31% |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | ReversingLabs: Detection: 17% |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Source: classification engine | Classification label: mal76.rans.troj.evad.winEXE@1/0@0/0 |
Source: Yara match | File source: 00000000.00000002.872323022.0000000002BE0000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_00409455 push es; iretd |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_00407E31 push ds; retf |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_004072C1 push edx; retf |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_00406294 push edx; retf |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_00406D73 push es; retf |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_004099EF push esp; iretd |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_00407BFF push FFFFFFA7h; iretd |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE0390 push BDC367A8h; ret |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE4F84 push esi; iretd |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Process information set: NOOPENFILEERRORBOX |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE3B3F rdtsc |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE58BF mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE88B4 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BECED6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE5833 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE5859 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BEB5AE mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE599C mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BEBDCB mov eax, dword ptr fs:[00000030h] |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe | Code function: 0_2_02BE3B3F rdtsc |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe, 00000000.00000002.871715764.0000000000DF0000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe, 00000000.00000002.871715764.0000000000DF0000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe, 00000000.00000002.871715764.0000000000DF0000.00000002.00020000.sdmp | Binary or memory string: &Program Manager |
Source: DHL_Shipment_Notification_1231413385_Notification_1231413385_september2021.exe, 00000000.00000002.871715764.0000000000DF0000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.