Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.469320228864725
Filename:	file.exe
Filesize:	238080
MD5:	a3b774ed5023f56970eea0668ae65703
SHA1:	3aebfec7980d1db1edbeccbb29044ea677be304b
SHA256:	f4f6bcce8531ffa055776e57b0f650b7f87049808e3b29d65fab79ec841ed81c
SHA512:	98a9ec33206f8074104b2ecb19026cdbbe1a313e8f2be6ab088611c9c2dda1b7aaaf10a610376acbc9c5448076becc4685ef364d78dfbbb2eabfb3ddcf0117f6
SSDEEP:	6144:iV8tR1u52up3sfkVXJYS1Ne/1z0BvEQTEOMEd:iV8trKM87YS1Ne9zY8MEtEd
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}...............N1......N'.................D....N ......N0......N5.....Rich............PE..L.....8a...........................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Binary is likely a compiled AutoIt script file	System Summary
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
One or more processes crash	System Summary
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
PE file contains executable resources (Code or Archives)	System Summary
Creates a DirectInput object (often for capturing keystrokes)	Key, Mouse, Clipboard, Microphone and Screen Capturing	Input Capture
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Sample file is different than original file name gathered from version info	System Summary
Drops PE files	Persistence and Installation Behavior
Checks if the current process is being debugged	Anti Debugging
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Sample is known by Antivirus	System Summary
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Uses an in-process (OLE) Automation server	System Summary
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Reads ini files	System Summary	File and Directory Discovery
URLs found in memory or binary data	Networking
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file contains a debug data directory	System Summary
Uses new MSVCR Dlls	Compliance, System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_445db5b1e911895cef210568c60f7d906ed046_440dec59_126996c2\Report.wer
Category:	dropped
Dump:	Report.wer.28.dr
ID:	dr_51
Target ID:	28
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.9823734558168841
Encrypted:	false
Ssdeep:	192:cStzCfavo7Hox3uNP3jDyr+/u7sKS274ItmOBxJ:cSZ+ox3uVjd/u7sKX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_0b008542\Report.wer
Category:	dropped
Dump:	Report.wer.11.dr
ID:	dr_26
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8370796279502537
Encrypted:	false
Ssdeep:	192:/Dd5zCfavNqH56rIP3jDB/u7slS274ItmOBx:JlA56rQjl/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_0d406b90\Report.wer
Category:	dropped
Dump:	Report.wer.7.dr
ID:	dr_22
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8371767119643627
Encrypted:	false
Ssdeep:	192:9zCfavyqH56rIP3jDB/u7slS274ItmOBxi:JZ56rQjl/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_0ee88fc2\Report.wer
Category:	dropped
Dump:	Report.wer.13.dr
ID:	dr_30
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8371606978605497
Encrypted:	false
Ssdeep:	192:Q6zCfavuqH56rIP3jDB/u7slS274ItmOBx:QQ156rQjl/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_146c4ac9\Report.wer
Category:	dropped
Dump:	Report.wer.3.dr
ID:	dr_14
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8229995583664064
Encrypted:	false
Ssdeep:	192:bGzCfavgqH56rIP3jDk/u7slS274ItmOBx:b8/56rQjg/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_147c56fe\Report.wer
Category:	dropped
Dump:	Report.wer.5.dr
ID:	dr_15
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8372423344232678
Encrypted:	false
Ssdeep:	192:59zCfavbqH56rIP3jDB/u7slS274ItmOBx:3G56rQjl/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_14851770\Report.wer
Category:	dropped
Dump:	Report.wer.21.dr
ID:	dr_47
Target ID:	21
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.9136302872278061
Encrypted:	false
Ssdeep:	192:2zCfavGqH56rIP3jDyc/u7sKS274ItmOBxl:M956rQjD/u7sKX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_160c9d5e\Report.wer
Category:	dropped
Dump:	Report.wer.15.dr
ID:	dr_34
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8601420861951884
Encrypted:	false
Ssdeep:	192:75czCfavjqH56rIP3jDm/u7slS274ItmOBx:756e56rQjC/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_1688a9a3\Report.wer
Category:	dropped
Dump:	Report.wer.17.dr
ID:	dr_38
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.879641008331665
Encrypted:	false
Ssdeep:	192:C6gzCfavbqH56rIP3jDym/u7slS274ItmOBx:ClG56rQjJ/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_aa89147a1632e1dc9dc974cd4d3dc4b44506e_440dec59_1774bb65\Report.wer
Category:	dropped
Dump:	Report.wer.19.dr
ID:	dr_41
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8934864854284043
Encrypted:	false
Ssdeep:	192:ia5zCfavNqH56rIP3jDyH/u7slS274ItmOBx:vlA56rQj4/u7slX4ItR
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\soft[1]
Category:	dropped
Dump:	soft[1].0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.275018147968825
Encrypted:	false
Ssdeep:	49152:+/PD/DL/D9CuZrr2h60qPPB+lJJkF9IC966eB+lJJkF9IC966eB+lJJkF9IC966h:+3D///UUrP43m8C/3m8C/3m8C5
Size:	3947920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\dll[1]
Category:	dropped
Dump:	dll[1].0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.47050397947197
Encrypted:	false
Ssdeep:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Size:	242176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\du2kVBqiTxfv\Bunifu_UI_v1.5.3.dll
Category:	dropped
Dump:	Bunifu_UI_v1.5.3.dll.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.47050397947197
Encrypted:	false
Ssdeep:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Size:	242176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\du2kVBqiTxfv\Cleaner.exe
Category:	dropped
Dump:	Cleaner.exe.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.275018147968825
Encrypted:	false
Ssdeep:	49152:+/PD/DL/D9CuZrr2h60qPPB+lJJkF9IC966eB+lJJkF9IC966eB+lJJkF9IC966h:+3D///UUrP43m8C/3m8C/3m8C5
Size:	3947920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Checks if the current process is being debugged	Anti Debugging	Security Software Discovery Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads the hosts file	System Summary	Remote System Discovery
Spawns processes	System Summary	Process Injection
Uses Microsoft Silverlight	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER125F.tmp.dmp
Category:	dropped
Dump:	WER125F.tmp.dmp.21.dr
ID:	dr_44
Target ID:	21
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:20:36 2022, 0x1205a4 type
Entropy:	2.1225713297905444
Encrypted:	false
Ssdeep:	384:neDv1SLD8PL+oem37nqtj39YqjZ4FZOm2JtoqSl/1lr2iyhQOB2qVpL:K19PLPO5VCZOm2XSlNPyyYhVp
Size:	122304
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER14F0.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER14F0.tmp.WERInternalMetadata.xml.21.dr
ID:	dr_45
Target ID:	21
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6992341015383485
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5CQ6I6YAcSUBjzGgmfB/SUCpBB89byNsfWmm:RrlsNij6I6YrSUB2gmf5SQyGf+
Size:	8342
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER158E.tmp.xml
Category:	dropped
Dump:	WER158E.tmp.xml.21.dr
ID:	dr_46
Target ID:	21
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.471603162291742
Encrypted:	false
Ssdeep:	48:cvIwSD8zs7JgtWI9AuWgc8sqYjd8fm8M4JbFZFDD+q86f1urZMjTCd:uITfV7PgrsqYWJxbT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER44BE.tmp.dmp
Category:	dropped
Dump:	WER44BE.tmp.dmp.3.dr
ID:	dr_11
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:19:43 2022, 0x1205a4 type
Entropy:	2.182319360691112
Encrypted:	false
Ssdeep:	192:g8oeAakOUlXbtOPoV6pLGkIIfnbNJAJgfn+oqGyQTaY/MEPhx+M9OswPx:AeZUlXsPrVJJnnxqkj/FJxax
Size:	56454
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER477F.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER477F.tmp.WERInternalMetadata.xml.3.dr
ID:	dr_12
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6977526531042657
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Cf6db6YA9/SUHBgmfB/SUCpBg89bVNsf+gnm:RrlsNik6x6YCSUHBgmf5SjVGf+d
Size:	8308
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER484B.tmp.xml
Category:	dropped
Dump:	WER484B.tmp.xml.3.dr
ID:	dr_13
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.469873205149838
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjs8fm8M4JbFZFFx+q86f1urZMjTCd:uITfaH7PgrsqY1JxBxT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER5190.tmp.dmp
Category:	dropped
Dump:	WER5190.tmp.dmp.5.dr
ID:	dr_16
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:19:47 2022, 0x1205a4 type
Entropy:	2.259219992382273
Encrypted:	false
Ssdeep:	384:0ATIjWPYZRPo1pGtSBQlttbaqKl/5zFCig:1dPYnQpH4tp5KlBZg
Size:	69530
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER54AE.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER54AE.tmp.WERInternalMetadata.xml.5.dr
ID:	dr_17
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6991087145639527
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Cj16mL6YALSUoegmfB/SUCpBQ89b+NsfHKm:RrlsNi216S6YcSUoegmf5Sz+Gfb
Size:	8326
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER554B.tmp.xml
Category:	dropped
Dump:	WER554B.tmp.xml.5.dr
ID:	dr_18
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.471028777924174
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjG8fm8M4JbFZF+Ni+q86f1urZMjTCd:uITfaH7PgrsqYXJxSMT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D48.tmp.dmp
Category:	dropped
Dump:	WER5D48.tmp.dmp.7.dr
ID:	dr_19
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:19:50 2022, 0x1205a4 type
Entropy:	1.9912019045374547
Encrypted:	false
Ssdeep:	192:zhFUUKV6djzjXtOPoAshqN+ZMi6RApkzUypb8ioqGQQTa6/oEPwrGUQ7PaNDQdbo:zbj/jnwPxRoZIHbbaqKl/5IrL+AD
Size:	85304
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FD9.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER5FD9.tmp.WERInternalMetadata.xml.7.dr
ID:	dr_20
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.700678655856191
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Ca6IMZU6YAGSUoegmfB/SUCpBU89bANsfigm:RrlsNiZ6IMZU6YhSUoegmf5S/AGfU
Size:	8330
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER6067.tmp.xml
Category:	dropped
Dump:	WER6067.tmp.xml.7.dr
ID:	dr_21
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.464969653058695
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjW8fm8M4JbFZFKP+q86f1urZMjTCd:uITfaH7PgrsqYHJxuPT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8050.tmp.dmp
Category:	dropped
Dump:	WER8050.tmp.dmp.11.dr
ID:	dr_23
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:19:59 2022, 0x1205a4 type
Entropy:	1.9995885291711986
Encrypted:	false
Ssdeep:	192:wFKqKV6djLtOPoQl+qOzLS6RApDcZkB3+wypb8ioqGQQTa6/oEPibmuMSMOjK:Qn/j8PBlZo1LOM3baqKl/5qbm3uK
Size:	84744
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8311.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER8311.tmp.WERInternalMetadata.xml.11.dr
ID:	dr_24
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.700346427387162
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Ct6IMZzT6YAFSUlnnegmfB/SUCpBcf89bBNsfADSLm:RrlsNiu6IMZn6YSSU9egmf5SCgBGfU
Size:	8330
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER83DD.tmp.xml
Category:	dropped
Dump:	WER83DD.tmp.xml.11.dr
ID:	dr_25
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.469003753104554
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYj28fm8M4JbFZFy+q86f1urZMjTCd:uITfaH7PgrsqY3JxeT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B0E.tmp.dmp
Category:	dropped
Dump:	WER8B0E.tmp.dmp.13.dr
ID:	dr_27
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:20:01 2022, 0x1205a4 type
Entropy:	2.038490417036477
Encrypted:	false
Ssdeep:	192:uFKJKV6djYtOPogXqOSYl+5LS6RApVcHFU5ypb8ioqGQQTa6/oEPlfL9RcQKFIso:CI/j/PRaX51d1baqKl/5NfC
Size:	84776
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D32.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER8D32.tmp.WERInternalMetadata.xml.13.dr
ID:	dr_28
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.697908602409422
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Cw6IMZrX66YA2SUW7kgmfB/SUCpB189buNsfuam:RrlsNiD6IMZL66YBSUgkgmf5SsuGfq
Size:	8330
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DA1.tmp.xml
Category:	dropped
Dump:	WER8DA1.tmp.xml.13.dr
ID:	dr_29
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.471518242701876
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjiM8fm8M4JbFZF3TB+q86f1urZMjTCd:uITfaH7PgrsqYuxJxL9T1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER90A7.tmp.dmp
Category:	dropped
Dump:	WER90A7.tmp.dmp.28.dr
ID:	dr_48
Target ID:	28
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:21:09 2022, 0x1205a4 type
Entropy:	2.0456757856627403
Encrypted:	false
Ssdeep:	384:ry9rz3hPzrQqJl+chBi+2qSl/1S6Rh1ac4/vMCv50d9Hr6Y:ryrPznFtSlNBZ4n/er7
Size:	120862
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER9490.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER9490.tmp.WERInternalMetadata.xml.28.dr
ID:	dr_49
Target ID:	28
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6988252114556937
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Cs6hG6YANSUuvgmfB8SR1ACpBP89bHNsfhNm:RrlsNif6A6Y6SUuvgmf2STaHGfi
Size:	8338
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER94FF.tmp.xml
Category:	dropped
Dump:	WER94FF.tmp.xml.28.dr
ID:	dr_50
Target ID:	28
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.469443217482524
Encrypted:	false
Ssdeep:	48:cvIwSD8zs7JgtWI9AuWgc8sqYjZ8fm8M4JbgZFX+q8Jf1urZMjTCd:uITfV7PgrsqYqJc7G1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER97E0.tmp.dmp
Category:	dropped
Dump:	WER97E0.tmp.dmp.15.dr
ID:	dr_31
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:20:05 2022, 0x1205a4 type
Entropy:	1.998929385230397
Encrypted:	false
Ssdeep:	384:4dlbKPxf4hmKzg3A6PODfqKl/pfRWm2MBOXz/RJKifK11qVeat:4doPxfiv0w7uKlxoH
Size:	91454
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AFE.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER9AFE.tmp.WERInternalMetadata.xml.15.dr
ID:	dr_32
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.697537999305797
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Cy6I1Y6YAvSUKPgmfB/SUCpBZ89bKNsf00Om:RrlsNiR6I1Y6YYSUKPgmf5SoKGft
Size:	8330
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B9B.tmp.xml
Category:	dropped
Dump:	WER9B9B.tmp.xml.15.dr
ID:	dr_33
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.469322293158411
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjN8fm8M4JbFZFvL+q86f1urZMjTCd:uITfaH7PgrsqY+JxzLT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA51E.tmp.dmp
Category:	dropped
Dump:	WERA51E.tmp.dmp.17.dr
ID:	dr_35
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:20:08 2022, 0x1205a4 type
Entropy:	2.0860910131609742
Encrypted:	false
Ssdeep:	384:wQGjO9fPC+uBMHnFDgHoo46WOaBDfqKl/pG27HQct8femn:wQtlPduBMHSGHBuKlxfwL
Size:	103340
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA781.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERA781.tmp.WERInternalMetadata.xml.17.dr
ID:	dr_36
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6964781586218396
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5CH6Iqwv6YAFSUhogmfB/SUCpBkx89b/Nsfd6X1m:RrlsNi06IqQ6YSSUhogmf5Sp/GfdR
Size:	8330
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA80E.tmp.xml
Category:	dropped
Dump:	WERA80E.tmp.xml.17.dr
ID:	dr_37
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.471858838671925
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjX8fm8M4JbFZFS+q86f1urZMjTCd:uITfaH7PgrsqY4Jx+T1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0A7.tmp.dmp
Category:	dropped
Dump:	WERB0A7.tmp.dmp.19.dr
ID:	dr_43
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:20:11 2022, 0x1205a4 type
Entropy:	1.981513717445772
Encrypted:	false
Ssdeep:	384:2UDzGsPrrC4Sr7gHi9QxWHDfqKl/x5WwJY8rGs:2UFPrrC4SwbouKlpy8a
Size:	107076
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERB55C.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERB55C.tmp.WERInternalMetadata.xml.19.dr
ID:	dr_39
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.698489742726526
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi5Cr6IKP6YA4SU1ujgmfB/SUCpBs89bUNsfM8m:RrlsNio6IKP6Y/SU4jgmf5SnUGfO
Size:	8330
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERB685.tmp.xml
Category:	dropped
Dump:	WERB685.tmp.xml.19.dr
ID:	dr_40
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.470884040803658
Encrypted:	false
Ssdeep:	48:cvIwSD8zsatJgtWI9AuWgc8sqYjd8fm8M4JbFZFR+q86f1urZMjTCd:uITfaH7PgrsqYOJxlT1urZMXCd
Size:	4573
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD48.tmp.dmp
Category:	dropped
Dump:	WERBD48.tmp.dmp.32.dr
ID:	dr_52
Target ID:	32
Process:	C:\Windows\System32\WerFault.exe
Type:	Mini DuMP crash report, 16 streams, Tue Oct 4 00:21:28 2022, 0x1205a4 type
Entropy:	3.536415012678232
Encrypted:	false
Ssdeep:	6144:C79mDgOYKYTPZJkSl8ALgcxPi8v7u4dl/epTX/:rDKTP7kqti8v
Size:	518260
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8A1.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERD8A1.tmp.WERInternalMetadata.xml.32.dr
ID:	dr_53
Target ID:	32
Process:	C:\Windows\System32\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.7142131549542157
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNiS9JJiYZCmSnCprt89bVnpKfzHm:RrlsNiIniY7StVnkf6
Size:	6772
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB03.tmp.xml
Category:	dropped
Dump:	WERDB03.tmp.xml.32.dr
ID:	dr_54
Target ID:	32
Process:	C:\Windows\System32\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.427733075060363
Encrypted:	false
Ssdeep:	48:cvIwSD8zsmJgtBI9AuWgc8sqYj28fm8M4JcuCFdTf5yq8vcuOcAyTd:uITf8OPgrsqY3JxG5WxVAyTd
Size:	4755
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ping[1].htm
Category:	dropped
Dump:	ping[1].htm1.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	ASCII text, with no line terminators
Entropy:	3.1751231351134614
Encrypted:	false
Ssdeep:	3:nCmxEl:Cmc
Size:	17
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\fuckingdllENCR[1].dll
Category:	dropped
Dump:	fuckingdllENCR[1].dll.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	data
Entropy:	7.998072640845361
Encrypted:	true
Ssdeep:	1536:NsbI9W6dHdtnEXOxZpPzIUcETzNtXofjmgGTeJduLLt+YBPoJTMRmNXg30:KWW6TZVz9PNtXo8M5OR0
Size:	94224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\ping[1].htm
Category:	dropped
Dump:	ping[1].htm.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\library[1].htm
Category:	modified
Dump:	library[1].htm0.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\library[1].htm
Category:	dropped
Dump:	library[1].htm.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\ping[1].htm
Category:	dropped
Dump:	ping[1].htm0.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\Desktop\Cleaner.lnk
Category:	dropped
Dump:	Cleaner.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Oct 3 23:20:31 2022, mtime=Mon Oct 3 23:20:31 2022, atime=Mon Oct 3 23:20:31 2022, length=3947920, window=hide
Entropy:	3.8983736018000514
Encrypted:	false
Ssdeep:	24:8FLGLN5EkRcgKYgSActP4595cbucpZtP4MLucTXZw7aB6m:8FLE5EkRoxctP4z5wuCZtP4OuGB6
Size:	2109

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

IOC Report
file.exe