Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	5.932054700309843
Filename:	1COK25f1vT.exe
Filesize:	102400
MD5:	5918b91ac2931af0267e4af06f3fd2e2
SHA1:	1ce7cccf52a0a569d013c0a91efb4f808c3c6194
SHA256:	41acb7b14d4167374da9039e1324caac71b397bf246abb50cb9ae1ca197b3cc1
SHA512:	85c24f4447886373f5522a2cc1b10b74d7f6ae15bebc27137ab07ec8ad0d075074dd662a09714acae57b8b03055b8cfc991bb6a235fb92c65e3a9b92577a710d
SSDEEP:	3072:ZaIH38JFPi5C0C02y1uewWxEPpcPLnnpt7:jH38765C0D2y0ewWiyPLnnD
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L....^.X.................`... ...............p....@................

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Detected AZORult Info Stealer	Stealing of Sensitive Information
Detected unpacking (changes PE section rights)	Data Obfuscation
Hides threads from debuggers	Anti Debugging	Virtualization/Sandbox Evasion
Tries to steal Mail credentials (via file / registry access)	Stealing of Sensitive Information	Email Collection
Maps a DLL or memory area into another process	HIPS / PFW / Operating System Protection Evasion
Tries to steal Crypto Currency Wallets	Stealing of Sensitive Information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)	Stealing of Sensitive Information	Credentials in Registry
Tries to detect Any.run	Malware Analysis System Evasion
Tries to harvest and steal ftp login credentials	Stealing of Sensitive Information
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion
Self deletion via cmd delete	Hooking and other Techniques for Hiding and Protection	File Deletion
Tries to harvest and steal Bitcoin Wallet information	Stealing of Sensitive Information
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information	Data from Local System
Tries to steal Instant Messenger accounts or passwords	Stealing of Sensitive Information	Credentials In Files
Tries to harvest and steal browser information (history, passwords, etc)	Stealing of Sensitive Information	OS Credential Dumping
Uses 32bit PE files	Compliance, System Summary
Yara signature match	System Summary
Antivirus or Machine Learning detection for unpacked file	AV Detection	Software Packing
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Detected potential crypto function	System Summary	System Time Discovery Process Discovery Archive Collected Data
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)	Malware Analysis System Evasion, Anti Debugging
Contains functionality to call native functions	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging
Abnormal high CPU Usage	System Summary
Is looking for software installed on the system	Malware Analysis System Evasion
Queries information about the installed CPU (vendor, model number etc)	Language, Device and Operating System Detection	Native API File and Directory Discovery
Sample file is different than original file name gathered from version info	System Summary
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection	Application Shimming
PE file contains strange resources	System Summary
Drops PE files	Persistence and Installation Behavior
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains functionality to read the PEB	Anti Debugging
Uses Microsoft's Enhanced Cryptographic Provider	Cryptography
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Queries a list of all running processes	Malware Analysis System Evasion
Sample is known by Antivirus	System Summary
Contains functionality to query system information	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Parts of this applications are using VB runtime library 6.0 (Probably coded in Visual Basic)	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Uses an in-process (OLE) Automation server	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Reads ini files	System Summary
SQL strings found in memory and binary data	System Summary	File and Directory Discovery
Queries a list of all running drivers	Malware Analysis System Evasion
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to query time zone information	Language, Device and Operating System Detection	System Time Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to register its own exception handler	Anti Debugging
URLs found in memory or binary data	Networking
Contains functionality to download additional files from the internet	Networking
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Reads the hosts file	System Summary	Remote System Discovery
Checks if Microsoft Office is installed	System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll.12.dr
ID:	dr_31
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.080160932980843
Encrypted:	false
Ssdeep:	192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
Size:	18744
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll.12.dr
ID:	dr_32
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.093995452106596
Encrypted:	false
Ssdeep:	192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
Size:	18232
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll.12.dr
ID:	dr_33
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.1028816880814265
Encrypted:	false
Ssdeep:	384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
Size:	18232
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll.12.dr
ID:	dr_34
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.126358371711227
Encrypted:	false
Ssdeep:	192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
Size:	18232
Whitelisted:	false
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll.12.dr
ID:	dr_42
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.014255619395433
Encrypted:	false
Ssdeep:	384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
Size:	21816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll.12.dr
ID:	dr_44
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.112057846012794
Encrypted:	false
Ssdeep:	192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll.12.dr
ID:	dr_46
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.166618249693435
Encrypted:	false
Ssdeep:	192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll.12.dr
ID:	dr_48
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.1117101479630005
Encrypted:	false
Ssdeep:	384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll.12.dr
ID:	dr_49
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.174986589968396
Encrypted:	false
Ssdeep:	192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll.12.dr
ID:	dr_50
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.076803035880586
Encrypted:	false
Ssdeep:	192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
Size:	17856
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
ID:	dr_51
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.131154779640255
Encrypted:	false
Ssdeep:	384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
Size:	18744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll.12.dr
ID:	dr_52
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.089032314841867
Encrypted:	false
Ssdeep:	384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
Size:	20792
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll.12.dr
ID:	dr_0
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.101895292899441
Encrypted:	false
Ssdeep:	384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
Size:	18744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll.12.dr
ID:	dr_1
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.16337963516533
Encrypted:	false
Ssdeep:	192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
ID:	dr_9
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.073730829887072
Encrypted:	false
Ssdeep:	192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
Size:	19248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll.12.dr
ID:	dr_11
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.082421046253008
Encrypted:	false
Ssdeep:	384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
Size:	19392
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll.12.dr
ID:	dr_14
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.1156948849491055
Encrypted:	false
Ssdeep:	384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
Size:	18744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll.12.dr
ID:	dr_15
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.187691342157284
Encrypted:	false
Ssdeep:	192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
Size:	17712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr
ID:	dr_16
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.19694878324007
Encrypted:	false
Ssdeep:	384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
Size:	17720
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll.12.dr
ID:	dr_17
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.137724132900032
Encrypted:	false
Ssdeep:	384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll.12.dr
ID:	dr_18
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.04640581473745
Encrypted:	false
Ssdeep:	384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
Size:	20280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll.12.dr
ID:	dr_19
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.138910839042951
Encrypted:	false
Ssdeep:	384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
Size:	18744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
ID:	dr_35
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.072555805949365
Encrypted:	false
Ssdeep:	384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
Size:	19248
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll.12.dr
ID:	dr_36
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.17450177544266
Encrypted:	false
Ssdeep:	384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
Size:	18224
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll.12.dr
ID:	dr_37
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.1007227686954275
Encrypted:	false
Ssdeep:	192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
Size:	18232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll.12.dr
ID:	dr_38
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.088693688879585
Encrypted:	false
Ssdeep:	384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
Size:	19256
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll.12.dr
ID:	dr_39
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.929204936143068
Encrypted:	false
Ssdeep:	384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
Size:	22328
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll.12.dr
ID:	dr_40
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.078394808632259
Encrypted:	false
Ssdeep:	192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4hWEApkqnajPBZ:bWPhWqXYi00GftpBjBemwl1z6h2
Size:	18736
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
ID:	dr_41
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.085387497246545
Encrypted:	false
Ssdeep:	384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
Size:	20280
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll.12.dr
ID:	dr_43
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.060393359865728
Encrypted:	false
Ssdeep:	192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
Size:	19256
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll.12.dr
ID:	dr_45
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.13172731865352
Encrypted:	false
Ssdeep:	192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
Size:	18744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll.12.dr
ID:	dr_47
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.6686462438397
Encrypted:	false
Ssdeep:	384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
Size:	28984
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll.12.dr
ID:	dr_2
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.712286643697659
Encrypted:	false
Ssdeep:	384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
Size:	26424
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll.12.dr
ID:	dr_3
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.838702055399663
Encrypted:	false
Ssdeep:	1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
Size:	73016
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll.12.dr
ID:	dr_4
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.076072254895036
Encrypted:	false
Ssdeep:	192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
Size:	19256
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll.12.dr
ID:	dr_5
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.942029615075195
Encrypted:	false
Ssdeep:	384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
Size:	22840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll.12.dr
ID:	dr_6
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.873960147000383
Encrypted:	false
Ssdeep:	384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
Size:	24368
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll.12.dr
ID:	dr_7
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.840671293766487
Encrypted:	false
Ssdeep:	384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
Size:	23488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll.12.dr
ID:	dr_8
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.018061005886957
Encrypted:	false
Ssdeep:	384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
Size:	20792
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll.12.dr
ID:	dr_10
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	7.127951145819804
Encrypted:	false
Ssdeep:	192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
Size:	18744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\freebl3.dll
Category:	dropped
Dump:	freebl3.dll.12.dr
ID:	dr_12
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.8061257098244905
Encrypted:	false
Ssdeep:	6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
Size:	332752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\2fda\mozglue.dll
Category:	dropped
Dump:	mozglue.dll.12.dr
ID:	dr_13
Target ID:	12
Process:	C:\Users\user\Desktop\1COK25f1vT.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.841477908153926
Encrypted:	false
Ssdeep:	3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
Size:	139216
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Files