Source: Yara match |
File source: follinaV1.2.py, type: SAMPLE |
Source: OpenWith.exe, 00000000.00000003.241144359.0000017025086000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000000.00000003.241165426.0000017025096000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000000.00000003.241125214.000001702508A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://en.wi7 |
Source: follinaV1.2.py |
String found in binary or memory: https://stackoverflow.com/questions/1855095/how-to-create-a-zip-archive-of-a-directory |
Source: C:\Windows\System32\OpenWith.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6096:120:WilError_01 |
Source: C:\Windows\System32\OpenWith.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: mal48.expl.winPY@1/0@0/0 |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation |
Jump to behavior |