Source: 3.0.DHL DELIVERY.exe.400000.8.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.2.DHL DELIVERY.exe.400000.0.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.DHL DELIVERY.exe.400000.12.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 3.0.DHL DELIVERY.exe.400000.6.unpack | Avira: Label: TR/Spy.Gen8 |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://DynDns.comDynDNSnamejidpasswordPsi/Psi |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://fnqsTS.com |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://smtp.privateemail.com |
Source: DHL DELIVERY.exe | String found in binary or memory: http://www.random.org/sequences/ |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp, DHL DELIVERY.exe, 00000003.00000002.697005706.00000000034A2000.00000004.00000800.00020000.00000000.sdmp, DHL DELIVERY.exe, 00000003.00000002.696995944.000000000349A000.00000004.00000800.00020000.00000000.sdmp, DHL DELIVERY.exe, 00000003.00000002.696902033.0000000003470000.00000004.00000800.00020000.00000000.sdmp, DHL DELIVERY.exe, 00000003.00000002.696858077.0000000003432000.00000004.00000800.00020000.00000000.sdmp, DHL DELIVERY.exe, 00000003.00000002.696885279.000000000346C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x2Ivz0L9UI.com |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org% |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ipify.org%%startupfolder% |
Source: DHL DELIVERY.exe, 00000003.00000002.696918969.0000000003476000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com/CPS0 |
Source: DHL DELIVERY.exe, 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www |
Source: 3.0.DHL DELIVERY.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 3.0.DHL DELIVERY.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.44234f8.5.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.43e34d8.3.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.43098e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.43098e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.43c34b8.4.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 3.0.DHL DELIVERY.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.43e34d8.3.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 3.2.DHL DELIVERY.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 1.2.DHL DELIVERY.exe.44234f8.5.raw.unpack, type: UNPACKEDPE | Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen |
Source: 3.0.DHL DELIVERY.exe.400000.8.unpack, u003cPrivateImplementationDetailsu003eu007b70BF74AAu002d2FA9u002d4ECDu002d9893u002dC24D8DB7A007u007d/u0030A2BE619u002d75E9u002d4F9Fu002d8F5Bu002d67FE7571C6DB.cs | Large array initialization: .cctor: array initializer size 11629 |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007b70BF74AAu002d2FA9u002d4ECDu002d9893u002dC24D8DB7A007u007d/u0030A2BE619u002d75E9u002d4F9Fu002d8F5Bu002d67FE7571C6DB.cs | Large array initialization: .cctor: array initializer size 11629 |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack, u003cPrivateImplementationDetailsu003eu007b70BF74AAu002d2FA9u002d4ECDu002d9893u002dC24D8DB7A007u007d/u0030A2BE619u002d75E9u002d4F9Fu002d8F5Bu002d67FE7571C6DB.cs | Large array initialization: .cctor: array initializer size 11629 |
Source: 3.2.DHL DELIVERY.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b70BF74AAu002d2FA9u002d4ECDu002d9893u002dC24D8DB7A007u007d/u0030A2BE619u002d75E9u002d4F9Fu002d8F5Bu002d67FE7571C6DB.cs | Large array initialization: .cctor: array initializer size 11629 |
Source: 3.0.DHL DELIVERY.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 3.0.DHL DELIVERY.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.DHL DELIVERY.exe.44234f8.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.DHL DELIVERY.exe.43e34d8.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.DHL DELIVERY.exe.43098e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender |
Source: 1.2.DHL DELIVERY.exe.43098e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.DHL DELIVERY.exe.43c34b8.4.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 3.0.DHL DELIVERY.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.DHL DELIVERY.exe.43e34d8.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 3.2.DHL DELIVERY.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: 1.2.DHL DELIVERY.exe.44234f8.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_028176A0 | 1_2_028176A0 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_02810490 | 1_2_02810490 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_0281DA08 | 1_2_0281DA08 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_02819A68 | 1_2_02819A68 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_02812748 | 1_2_02812748 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_0281047F | 1_2_0281047F |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_0281E570 | 1_2_0281E570 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_0281F998 | 1_2_0281F998 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_02819F68 | 1_2_02819F68 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 1_2_00AD6167 | 1_2_00AD6167 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_0159F080 | 3_2_0159F080 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_0159F3C8 | 3_2_0159F3C8 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_01596120 | 3_2_01596120 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_061EBBB0 | 3_2_061EBBB0 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_061EC900 | 3_2_061EC900 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_061E1FF8 | 3_2_061E1FF8 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_061E0040 | 3_2_061E0040 |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Code function: 3_2_00AD6167 | 3_2_00AD6167 |
Source: DHL DELIVERY.exe, 00000001.00000002.468229611.0000000002C09000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameQXOZ VPa.exe2 vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe, 00000001.00000002.466221634.0000000000AEE000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameSystem.Web.Cors.dllL vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe, 00000001.00000002.472974687.00000000043AB000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameQXOZ VPa.exe2 vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe, 00000001.00000002.473251720.0000000004423000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameQXOZ VPa.exe2 vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe, 00000003.00000002.692251401.0000000000402000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameQXOZ VPa.exe2 vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe, 00000003.00000002.693156633.0000000000AEE000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameSystem.Web.Cors.dllL vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe, 00000003.00000002.693211185.00000000010F8000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs DHL DELIVERY.exe |
Source: DHL DELIVERY.exe | Binary or memory string: OriginalFilenameSystem.Web.Cors.dllL vs DHL DELIVERY.exe |
Source: 3.0.DHL DELIVERY.exe.400000.8.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.DHL DELIVERY.exe.400000.8.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack, A/F1.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\EnumNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: WWW /c Microsoft-Hyper-V-Common-Drivers-Package |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmware |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWARE |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: DHL DELIVERY.exe, 00000001.00000002.472421072.00000000042F2000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware SVGA II |
Source: DHL DELIVERY.exe, u0033652008427/u0035457087416.cs | Reference to suspicious API methods: ('7773566935', 'GetProcAddress@kernel32'), ('2945618246', 'LoadLibrary@kernel32') |
Source: 1.0.DHL DELIVERY.exe.a60000.0.unpack, u0033652008427/u0035457087416.cs | Reference to suspicious API methods: ('7773566935', 'GetProcAddress@kernel32'), ('2945618246', 'LoadLibrary@kernel32') |
Source: 1.2.DHL DELIVERY.exe.a60000.0.unpack, u0033652008427/u0035457087416.cs | Reference to suspicious API methods: ('7773566935', 'GetProcAddress@kernel32'), ('2945618246', 'LoadLibrary@kernel32') |
Source: 3.0.DHL DELIVERY.exe.a60000.1.unpack, u0033652008427/u0035457087416.cs | Reference to suspicious API methods: ('7773566935', 'GetProcAddress@kernel32'), ('2945618246', 'LoadLibrary@kernel32') |
Source: 3.0.DHL DELIVERY.exe.a60000.2.unpack, u0033652008427/u0035457087416.cs | Reference to suspicious API methods: ('7773566935', 'GetProcAddress@kernel32'), ('2945618246', 'LoadLibrary@kernel32') |
Source: 3.0.DHL DELIVERY.exe.400000.8.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 3.0.DHL DELIVERY.exe.400000.4.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 3.2.DHL DELIVERY.exe.a60000.1.unpack, u0033652008427/u0035457087416.cs | Reference to suspicious API methods: ('7773566935', 'GetProcAddress@kernel32'), ('2945618246', 'LoadLibrary@kernel32') |
Source: 3.0.DHL DELIVERY.exe.400000.10.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 3.2.DHL DELIVERY.exe.400000.0.unpack, A/E1.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Users\user\Desktop\DHL DELIVERY.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Users\user\Desktop\DHL DELIVERY.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\DHL DELIVERY.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.44234f8.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.43e34d8.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.43c34b8.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.43e34d8.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.DHL DELIVERY.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.44234f8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.692251401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.463670113.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.464161754.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.462833671.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.461699324.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.473923703.000000000452C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.472974687.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.473251720.0000000004423000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: DHL DELIVERY.exe PID: 6860, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: DHL DELIVERY.exe PID: 6984, type: MEMORYSTR |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.44234f8.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.43e34d8.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.43c34b8.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.43e34d8.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.0.DHL DELIVERY.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.DHL DELIVERY.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.DHL DELIVERY.exe.44234f8.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000003.00000002.692251401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.463670113.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.464161754.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.462833671.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000000.461699324.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.473923703.000000000452C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.472974687.00000000043AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.473251720.0000000004423000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.695721560.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: DHL DELIVERY.exe PID: 6860, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: DHL DELIVERY.exe PID: 6984, type: MEMORYSTR |