Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.462227283357498
Filename:	file.exe
Filesize:	238080
MD5:	526fde9e61b1b4835885973331fa1616
SHA1:	ebbb0c3586b8a0244585eacb44ca125ac933ad8e
SHA256:	093741e4079a8092ba9d94653cb4f11c15fbe1e9ef53690e91628c61f0cc9440
SHA512:	ceff6066cd30ead43c4afcdc1b227ae114d4174fb75ff68c1495cbc6ef7bcb158bf2535669bd9add353e72ed3b97df48a9ad4cf21941db9d702d6f786bbae318
SSDEEP:	6144:oKFyXCCNTdMc9uzUCEJ/z1qWYHR+qvkqs3PZ5E:NFoC+ZUzl+RWR+1qs/s
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}...............N1......N'.................D....N ......N0......N5.....Rich............PE..L.....Mb...........................

Signature Hits	Behavior Group	Mitre Attack
Binary is likely a compiled AutoIt script file	System Summary	Virtualization/Sandbox Evasion Security Software Discovery
Machine Learning detection for sample	AV Detection
Uses 32bit PE files	Compliance, System Summary
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
One or more processes crash	System Summary
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
PE file contains executable resources (Code or Archives)	System Summary
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Sample file is different than original file name gathered from version info	System Summary
Drops PE files	Persistence and Installation Behavior
Checks if the current process is being debugged	Anti Debugging	Virtualization/Sandbox Evasion Security Software Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Uses an in-process (OLE) Automation server	System Summary
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Reads ini files	System Summary	File and Directory Discovery
URLs found in memory or binary data	Networking
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion
PE file contains a debug data directory	System Summary
Uses new MSVCR Dlls	Compliance, System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_05057d34\Report.wer
Category:	dropped
Dump:	Report.wer.5.dr
ID:	dr_15
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8413921404242342
Encrypted:	false
Ssdeep:	192:0+G1Vfav7FH56rrE3jDB/u7swS274It1hBx:a2x56rwjl/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0789c3c3\Report.wer
Category:	dropped
Dump:	Report.wer.15.dr
ID:	dr_38
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8646212963389045
Encrypted:	false
Ssdeep:	192:QkG1VfavFFH56rrE3jDm/u7swS274It1hBx:C2P56rwjC/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0fa97499\Report.wer
Category:	dropped
Dump:	Report.wer.3.dr
ID:	dr_14
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8276699661029949
Encrypted:	false
Ssdeep:	192:tG1VfavUFH56rrE3jDk/u7swS274It1hBx:W2c56rwjg/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0fb9b83a\Report.wer
Category:	dropped
Dump:	Report.wer.13.dr
ID:	dr_34
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8645912092877456
Encrypted:	false
Ssdeep:	192:OG1VfavMFH56rrE3jDm/u7swS274It1hBx:V2E56rwjC/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_14062c50\Report.wer
Category:	dropped
Dump:	Report.wer.19.dr
ID:	dr_46
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.9178695391219902
Encrypted:	false
Ssdeep:	192:+ZG1Vfav7FH56rrE3jDy8/u7swS274It1hBx:+62x56rwjD/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_1431a86b\Report.wer
Category:	dropped
Dump:	Report.wer.11.dr
ID:	dr_30
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8419314888891837
Encrypted:	false
Ssdeep:	192:86bG1VfavFFH56rrE3jDB/u7swS274It1hBx:8682P56rwjl/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17918727\Report.wer
Category:	dropped
Dump:	Report.wer.7.dr
ID:	dr_22
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8419290418748682
Encrypted:	false
Ssdeep:	192:3G1Vfav7FH56rrE3jDB/u7swS274It1hBx:g2x56rwjl/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17c5cdc5\Report.wer
Category:	dropped
Dump:	Report.wer.17.dr
ID:	dr_40
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8844034957297929
Encrypted:	false
Ssdeep:	192:QfG1VfavBFH56rrE3jDyG/u7swS274It1hBx:QI2D56rwjJ/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17e1912a\Report.wer
Category:	dropped
Dump:	Report.wer.9.dr
ID:	dr_26
Target ID:	9
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.8413309258427019
Encrypted:	false
Ssdeep:	192:mG1VfavIFH56rrE3jDB/u7swS274It1hBx:t2456rwjl/u7swX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_83ec7e94952b3dcbb61bd30e98682b9f65d64_440dec59_0e4aaad7\Report.wer
Category:	dropped
Dump:	Report.wer.26.dr
ID:	dr_50
Target ID:	26
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	0.9867845917103395
Encrypted:	false
Ssdeep:	192:3NG1VfavF8Hox3uSE3jDyL+/u7sLS274It1hBx:322uox3uFjd/u7sLX4ItN
Size:	65536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Machine Learning detection for sample	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
PE file contains a debug data directory	System Summary

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\soft[1]
Category:	dropped
Dump:	soft[1].0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.275018147968825
Encrypted:	false
Ssdeep:	49152:+/PD/DL/D9CuZrr2h60qPPB+lJJkF9IC966eB+lJJkF9IC966eB+lJJkF9IC966h:+3D///UUrP43m8C/3m8C/3m8C5
Size:	3947920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\dll[1]
Category:	dropped
Dump:	dll[1].0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.47050397947197
Encrypted:	false
Ssdeep:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Size:	242176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Bunifu_UI_v1.5.3.dll
Category:	dropped
Dump:	Bunifu_UI_v1.5.3.dll.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.47050397947197
Encrypted:	false
Ssdeep:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Size:	242176
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Cleaner.exe
Category:	dropped
Dump:	Cleaner.exe.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.275018147968825
Encrypted:	false
Ssdeep:	49152:+/PD/DL/D9CuZrr2h60qPPB+lJJkF9IC966eB+lJJkF9IC966eB+lJJkF9IC966h:+3D///UUrP43m8C/3m8C/3m8C5
Size:	3947920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Checks the free space of harddrives	Malware Analysis System Evasion	System Information Discovery
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads the hosts file	System Summary	Remote System Discovery
Spawns processes	System Summary	Process Injection
Uses Microsoft Silverlight	System Summary

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER276E.tmp.dmp
Category:	dropped
Dump:	WER276E.tmp.dmp.19.dr
ID:	dr_43
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:30:19 2022, 0x1205a4 type
Entropy:	2.1634369641325306
Encrypted:	false
Ssdeep:	768:gjTPXz8b284K1UZYDPz90272rZROEsmvP5tK+T8:6z8jH+ZYrz976tRvsmvP5tKm8
Size:	117066
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A00.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER2A00.tmp.WERInternalMetadata.xml.19.dr
ID:	dr_44
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6938148571549747
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CQ6I7Des6YBSPSUqgmf6TS4CpBA89bMysfFEm:RrlsNil6Id6YBaSUqgmf+SfMxfz
Size:	8408
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER2ACC.tmp.xml
Category:	dropped
Dump:	WER2ACC.tmp.xml.19.dr
ID:	dr_45
Target ID:	19
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.456695882315008
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjB8fm8M4JblMFj+q8vclCr8MjTzd:uITfh/zgrsqYKJpiKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER70B1.tmp.dmp
Category:	dropped
Dump:	WER70B1.tmp.dmp.3.dr
ID:	dr_11
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:32 2022, 0x1205a4 type
Entropy:	2.2720533470558357
Encrypted:	false
Ssdeep:	192:VRMNjxGyBCRvQQtOPocbIO6INLc2M7gGntUScAN+axFiG/CBZHPLl4zJBIfiY4+4:QgvQHPThPiRtUSLNT4jHPGzJZsq
Size:	50922
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER72A6.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER72A6.tmp.WERInternalMetadata.xml.3.dr
ID:	dr_12
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.695359762107911
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CXb6qS6YBSQSUyPGgmf6TS4CpBo89b2ysfrSm:RrlsNiCb6qS6YBVSUTgmf+SX2xff
Size:	8372
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER7334.tmp.xml
Category:	dropped
Dump:	WER7334.tmp.xml.3.dr
ID:	dr_13
Target ID:	3
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.458550279556071
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjTM8fm8M4JblMFXSh+q8vclCr8MjTzd:uITfh/zgrsqYvxJpZhKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER790E.tmp.dmp
Category:	dropped
Dump:	WER790E.tmp.dmp.5.dr
ID:	dr_16
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:35 2022, 0x1205a4 type
Entropy:	2.33484711100618
Encrypted:	false
Ssdeep:	192:uEAP/xVcp7udtOPoBBxpziMG0OjI2ib7r0bAwQW1qAzjcAN+8xFiG/kBZHbLnSz/:LP7JPQjdbNp00hWEkLNpOjHb+zGqOKb
Size:	63998
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B03.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER7B03.tmp.WERInternalMetadata.xml.5.dr
ID:	dr_17
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.697825310691746
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/Cm6LY6YBSnSUZ8Jgmf6TS4CpBHz89bgysfBgm:RrlsNiL6U6YBySUZ8Jgmf+SmgxfT
Size:	8388
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BA0.tmp.xml
Category:	dropped
Dump:	WER7BA0.tmp.xml.5.dr
ID:	dr_18
Target ID:	5
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.459046662323008
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjl8fm8M4JblMFR4+q8vclCr8MjTzd:uITfh/zgrsqY+JpO4KoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8245.tmp.dmp
Category:	dropped
Dump:	WER8245.tmp.dmp.7.dr
ID:	dr_19
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:37 2022, 0x1205a4 type
Entropy:	2.034889738534872
Encrypted:	false
Ssdeep:	384:g53AVzuNP/aMX79WveBYXRiOUAkLNpOjHbPz4eMIp:8A6PiMX/ZpOHL
Size:	79772
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER84A8.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER84A8.tmp.WERInternalMetadata.xml.7.dr
ID:	dr_20
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6978331467436165
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CY6HE6YBSISU1mDgmf6TS4CpB/89bSysfnGm:RrlsNi16k6YBtSU1mDgmf+SiSxfv
Size:	8388
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8545.tmp.xml
Category:	dropped
Dump:	WER8545.tmp.xml.7.dr
ID:	dr_21
Target ID:	7
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.456177032053052
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjF+8fm8M4JblMFq+q8vclCr8MjTzd:uITfh/zgrsqY9JpPKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C48.tmp.dmp
Category:	dropped
Dump:	WER8C48.tmp.dmp.9.dr
ID:	dr_23
Target ID:	9
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:40 2022, 0x1205a4 type
Entropy:	2.047001762531174
Encrypted:	false
Ssdeep:	384:/oAVzNP/VYdpQ/7YXlROUAkLNpOjHbVzUsWR7OY:gAjPR/QZpOHBWR7
Size:	79232
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8E7B.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER8E7B.tmp.WERInternalMetadata.xml.9.dr
ID:	dr_24
Target ID:	9
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.696365507955807
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CU6h6YBSMSUwZsgmf6TS4CpB489b6ysfiem:RrlsNiB6h6YB5SUwZsgmf+Sn6xfS
Size:	8390
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F09.tmp.xml
Category:	dropped
Dump:	WER8F09.tmp.xml.9.dr
ID:	dr_25
Target ID:	9
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.455930032015156
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjw8fm8M4JblMFip+q8vclCr8MjTzd:uITfh/zgrsqYRJpvpKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER957F.tmp.dmp
Category:	dropped
Dump:	WER957F.tmp.dmp.11.dr
ID:	dr_27
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:43 2022, 0x1205a4 type
Entropy:	2.0831035534929656
Encrypted:	false
Ssdeep:	384:sJ9AVzihPHGUgmYXcYO6f69K+aAkLNpOjHbyHzkH08nP1:sfAghPmUgv9dZpOHyEb1
Size:	79244
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D7F.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WER9D7F.tmp.WERInternalMetadata.xml.11.dr
ID:	dr_28
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.69655114069675
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CX6D6YBSLSUg/ygmf6TS4CpB789beysf46Wqm:RrlsNiC6D6YBeSU1gmf+S+exf46y
Size:	8390
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4CC.tmp.dmp
Category:	dropped
Dump:	WERA4CC.tmp.dmp.26.dr
ID:	dr_47
Target ID:	26
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:30:52 2022, 0x1205a4 type
Entropy:	2.072510660517891
Encrypted:	false
Ssdeep:	384:acmvCLbPD7bV444RLH54twYXmxOYc1vrNLNROjHwUeKs4zZHQLzbeOjuMiloD:hbPDHV54v4tz1vhZROMHn65g
Size:	115316
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA550.tmp.xml
Category:	dropped
Dump:	WERA550.tmp.xml.11.dr
ID:	dr_29
Target ID:	11
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.458779439734889
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjb8fm8M4JblMF9w+q8vclCr8MjTzd:uITfh/zgrsqYMJpOwKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA77D.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERA77D.tmp.WERInternalMetadata.xml.26.dr
ID:	dr_48
Target ID:	26
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.694330330368768
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/Cj6Xj6YBSPSUqgmf6oSR1sCpBm89bpysfbDm:RrlsNiW6Xj6YB6SUqgmf5ST5pxfO
Size:	8404
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERA849.tmp.xml
Category:	dropped
Dump:	WERA849.tmp.xml.26.dr
ID:	dr_49
Target ID:	26
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.45654686969491
Encrypted:	false
Ssdeep:	48:cvIwSD8zsoJgtWI9cSWgc8sqYj48fm8M4JbIMF/d+q8vcICr8MjTzd:uITfu/zgrsqYJJM4KxCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERB28D.tmp.dmp
Category:	dropped
Dump:	WERB28D.tmp.dmp.13.dr
ID:	dr_31
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:50 2022, 0x1205a4 type
Entropy:	2.042682057237551
Encrypted:	false
Ssdeep:	384:1sP67P0bSdGWxubKYXcPOH5T4LNpOjHY0zdSqmK+d:1b7PGFW0b/MZpOUBqmKU
Size:	85922
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERB608.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERB608.tmp.WERInternalMetadata.xml.13.dr
ID:	dr_32
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.694487454395994
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CF6I7WQ6YBS3SUAgmf6TS4CpBO89brysfwZm:RrlsNiw6I7h6YBySUAgmf+SFrxfT
Size:	8394
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6A5.tmp.xml
Category:	dropped
Dump:	WERB6A5.tmp.xml.13.dr
ID:	dr_33
Target ID:	13
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.458664894658237
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjV8fm8M4JblMFB+q8vclCr8MjTzd:uITfh/zgrsqYeJpYKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE54.tmp.dmp
Category:	dropped
Dump:	WERBE54.tmp.dmp.15.dr
ID:	dr_35
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:53 2022, 0x1205a4 type
Entropy:	2.03619832732963
Encrypted:	false
Ssdeep:	384:BPwyPhVnUbsJ9PuiYXcPObDUT4LNpOjHYIzADGBqEX7LtMRYB4bkyP:+yPzxJ9PuxUMZpOUAMP
Size:	94676
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1DF.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERC1DF.tmp.WERInternalMetadata.xml.15.dr
ID:	dr_36
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6958151770219105
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CK6Izp+6YBShSUpbkSgmf6TS4CpBk89bwysffkwm:RrlsNiP6IzQ6YB0SUDgmf+SDwxfa
Size:	8394
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERC26D.tmp.xml
Category:	dropped
Dump:	WERC26D.tmp.xml.15.dr
ID:	dr_37
Target ID:	15
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.458457061278479
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYj+8fm8M4JblMFF+q8vclCr8MjTzd:uITfh/zgrsqY3JpwKoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERC980.tmp.dmp
Category:	dropped
Dump:	WERC980.tmp.dmp.17.dr
ID:	dr_41
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:55 2022, 0x1205a4 type
Entropy:	2.0851608891850866
Encrypted:	false
Ssdeep:	384:EpwjGizPDGYjUdeztRtFZYXmPOFncZarT4LNpOjHwveXzoYZfvr0ZWP:kHiPy+UdeztRtFUlMZpOM2fD0
Size:	103386
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC01.tmp.WERInternalMetadata.xml
Category:	dropped
Dump:	WERCC01.tmp.WERInternalMetadata.xml.17.dr
ID:	dr_42
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Entropy:	3.6955265060547693
Encrypted:	false
Ssdeep:	192:Rrl7r3GLNi/CR6Iaxt6YBStSUHpgmf6TS4CpBY89bdysfw/m:RrlsNiE6Iaxt6YB4SUJgmf+SHdxfV
Size:	8394
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC9E.tmp.xml
Category:	dropped
Dump:	WERCC9E.tmp.xml.17.dr
ID:	dr_39
Target ID:	17
Process:	C:\Windows\SysWOW64\WerFault.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	4.459801496716276
Encrypted:	false
Ssdeep:	48:cvIwSD8zs/JgtWI9cSWgc8sqYjh8fm8M4JblMFO+q8vclCr8MjTzd:uITfh/zgrsqYaJp/KoCr8MXzd
Size:	4674
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\library[1].htm
Category:	dropped
Dump:	library[1].htm0.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\fuckingdllENCR[1].dll
Category:	dropped
Dump:	fuckingdllENCR[1].dll.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	data
Entropy:	7.998072640845361
Encrypted:	true
Ssdeep:	1536:NsbI9W6dHdtnEXOxZpPzIUcETzNtXofjmgGTeJduLLt+YBPoJTMRmNXg30:KWW6TZVz9PNtXo8M5OR0
Size:	94224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ping[1].htm
Category:	dropped
Dump:	ping[1].htm.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ping[1].htm
Category:	dropped
Dump:	ping[1].htm1.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	ASCII text, with no line terminators
Entropy:	3.1751231351134614
Encrypted:	false
Ssdeep:	3:nCmxEl:Cmc
Size:	17
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\library[1].htm
Category:	dropped
Dump:	library[1].htm.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ping[1].htm
Category:	dropped
Dump:	ping[1].htm0.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	very short file (no magic)
Entropy:	0.0
Encrypted:	false
Ssdeep:	3:V:V
Size:	1
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\Desktop\Cleaner.lnk
Category:	dropped
Dump:	Cleaner.lnk.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Oct 3 23:30:18 2022, mtime=Mon Oct 3 23:30:18 2022, atime=Mon Oct 3 23:30:18 2022, length=3947920, window=hide
Entropy:	3.9313193863453852
Encrypted:	false
Ssdeep:	48:81utFiwiLRwztCGqObJilZGqOnqV1oB6:8mMFFSvbhK1o
Size:	2214
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.exe

Files

Processes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.exe

Files

Processes

IOC Report
file.exe