Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy:	7.688048037898308
Filename:	CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Filesize:	236896
MD5:	045f22ce9be3d33b07a00780ee66fcfd
SHA1:	91b74e75d55c33d8d82b10bed51ca7d3ad80147c
SHA256:	e05ec32c2edc10b6917a3cbcac9d823cb37db908cc51f3ec459800992e2b8b37
SHA512:	c363c64fe3b52d615601810b577168be5b3339ba6bde011ae0c76bbee76718782f8b737b0c9f6d82d34197045ce1c35389cba26622349bb2c0c77f62ed29d063
SSDEEP:	6144:vT4DtMeWIPR0PVPCespE0s67yIMYxrzWJougaEzEk:vTpeZ00SI18ogC
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...P..`.................h.........

Signature Hits	Behavior Group	Mitre Attack
Tries to detect Any.run	Malware Analysis System Evasion
Executable has a suspicious name (potential lure to open the executable)	System Summary	Masquerading
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)	Malware Analysis System Evasion
Uses 32bit PE files	Compliance, System Summary	Masquerading
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Drops PE files	Persistence and Installation Behavior	Access Token Manipulation
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains functionality to read the PEB	Anti Debugging	Access Token Manipulation
Contains functionality to shutdown / reboot the system	System Summary	Access Token Manipulation System Shutdown/Reboot
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Checks if the current process is being debugged	Anti Debugging	Virtualization/Sandbox Evasion Security Software Discovery
Sleep loop found (likely to delay execution)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Detected potential crypto function	System Summary	Access Token Manipulation Archive Collected Data Encrypted Channel
PE / OLE file has an invalid certificate	System Summary	File and Directory Discovery
Contains functionality to call native functions	System Summary
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Contains functionality for execution timing, often used to detect debuggers	Malware Analysis System Evasion, Anti Debugging
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)	Anti Debugging
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Sample reads its own file content	System Summary	Access Token Manipulation
Queries a list of all running drivers	Malware Analysis System Evasion
PE file has an executable .text section and no other executable section	System Summary	Access Token Manipulation
Reads software policies	System Summary	Access Token Manipulation
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Uses an in-process (OLE) Automation server	System Summary	Access Token Manipulation
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to query windows version	Language, Device and Operating System Detection	System Information Discovery
Program exit points	Malware Analysis System Evasion	Windows Service
URLs found in memory or binary data	Networking
Creates files inside the user directory	System Summary	Masquerading
Enumerates the file system	Spreading, Malware Analysis System Evasion
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Contains functionality to instantiate COM classes	System Summary	Access Token Manipulation
Reads ini files	System Summary
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Contains functionality to check free disk space	System Summary	System Information Discovery
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Creates a software uninstall entry	Compliance, System Summary	Windows Service

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f40a9a4-7ba9-4798-b98b-f18214009bbd.e7219a3a-5edb-4393-8e4b-a78a641e7e36.down_meta
Category:	dropped
Dump:	0f40a9a4-7ba9-4798-b98b-f18214009bbd.e7219a3a-5edb-4393-8e4b-a78a641e7e36.down_meta.7.dr
ID:	dr_37
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.6100919570774668
Encrypted:	false
Ssdeep:	24:LLVR2mRie/km6wrHXpjgWzgxjX+vUVieQBQT1+InEysafxOc2CpX3QAbbW0VB:LLD2mRiOxzXpjPgVX+v8iTBkZ7rfeIXj
Size:	1224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0f40a9a4-7ba9-4798-b98b-f18214009bbd.up_meta_secure
Category:	dropped
Dump:	0f40a9a4-7ba9-4798-b98b-f18214009bbd.up_meta_secure.7.dr
ID:	dr_36
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	7.293651679671136
Encrypted:	false
Ssdeep:	12:QU6NKGS32dZvsN6KbJst2vsU/YbX2JXngFJ3zfBro:QUfpKe6KbJst2R/YbXuXMB8
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3843bffb-4eef-4da1-af04-618c0facc656.down_data
Category:	dropped
Dump:	3843bffb-4eef-4da1-af04-618c0facc656.down_data.7.dr
ID:	dr_25
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, components 3
Entropy:	7.901591558066316
Encrypted:	false
Ssdeep:	6144:NFYwf2vzmMr8881AQEGZ4TduN7vx9M8W5l31cRdZBFTZk9Rb/fnGk1+tG8:MwOvzm08T1AQlqAM8W/31ct/ZmRafL
Size:	456242
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3843bffb-4eef-4da1-af04-618c0facc656.e7219a3a-5edb-4393-8e4b-a78a641e7e36.down_meta
Category:	dropped
Dump:	3843bffb-4eef-4da1-af04-618c0facc656.e7219a3a-5edb-4393-8e4b-a78a641e7e36.down_meta.7.dr
ID:	dr_29
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.6100919570774668
Encrypted:	false
Ssdeep:	24:LLVR2mRie/km6wrHXpjgWzgxjX+vUVieQBQT1+InEysafxOc2CpX3QAbbW0VB:LLD2mRiOxzXpjPgVX+v8iTBkZ7rfeIXj
Size:	1224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3843bffb-4eef-4da1-af04-618c0facc656.up_meta_secure
Category:	dropped
Dump:	3843bffb-4eef-4da1-af04-618c0facc656.up_meta_secure.4.dr
ID:	dr_13
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	data
Entropy:	7.293651679671136
Encrypted:	false
Ssdeep:	12:QU6NKGS32dZvsN6KbJst2vsU/YbX2JXngFJ3zfBro:QUfpKe6KbJst2R/YbXuXMB8
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4aa5b1fb-1301-4194-8203-1cbb67304ae7.down_data
Category:	dropped
Dump:	4aa5b1fb-1301-4194-8203-1cbb67304ae7.down_data.7.dr
ID:	dr_26
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.1 (Windows), datetime=2021:11:11 06:55:38]
Entropy:	6.926504673655095
Encrypted:	false
Ssdeep:	24576:1k44jNiVr4qVhre8lekiZaSEKBcf/prV/RRJGoGaEqKEHisGpp7quKRDR7ripxi6:H4jNiVr4qXlZvKV9pp7qPRDNripY6
Size:	1654488
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4aa5b1fb-1301-4194-8203-1cbb67304ae7.e160842f-d7d2-487c-becb-ff7f735e3216.down_meta
Category:	dropped
Dump:	4aa5b1fb-1301-4194-8203-1cbb67304ae7.e160842f-d7d2-487c-becb-ff7f735e3216.down_meta.7.dr
ID:	dr_31
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.6235419859275795
Encrypted:	false
Ssdeep:	24:LLVR2mRiwhXpjgWzgxjX+vUViwjAw2BKsDB1+euEsafxOc2CpX3KsDmbFJruZVB:LLD2mRicXpjPgVX+v8iZvBKQDbrfeIXp
Size:	1230
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\4aa5b1fb-1301-4194-8203-1cbb67304ae7.up_meta_secure
Category:	dropped
Dump:	4aa5b1fb-1301-4194-8203-1cbb67304ae7.up_meta_secure.4.dr
ID:	dr_11
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	data
Entropy:	7.269805200963284
Encrypted:	false
Ssdeep:	12:QU6N355QkpCJrX5hNwLBB5EwCM3Aa9Tg3gyT+UXT:QUq55e/wLB3E5+9TygpUD
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\585053d0-ba98-49e5-b1a4-c6f5d9974c26.efb8d39c-14d5-4f68-9688-1978db758a90.down_meta
Category:	dropped
Dump:	585053d0-ba98-49e5-b1a4-c6f5d9974c26.efb8d39c-14d5-4f68-9688-1978db758a90.down_meta.7.dr
ID:	dr_41
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.593729487352936
Encrypted:	false
Ssdeep:	24:LLVR2mRiwsXpjgWzgxjX+vUViwiAw2BKO1+0+YsafxOc2CpX3KPbGwaVB:LLD2mRixXpjPgVX+v8iUvBKEN3rfeIXJ
Size:	1230
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\585053d0-ba98-49e5-b1a4-c6f5d9974c26.up_meta_secure
Category:	dropped
Dump:	585053d0-ba98-49e5-b1a4-c6f5d9974c26.up_meta_secure.7.dr
ID:	dr_40
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	7.2558971277972875
Encrypted:	false
Ssdeep:	12:QU6Nk8GuvaljuYNBPw+bWPcbcSegEgEEyzaYRdJn:QUX8Gui9XDdCPcbcrXEy2YRL
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8086b025-ce16-4435-9cc3-d2a0f33fe026.down_data
Category:	dropped
Dump:	8086b025-ce16-4435-9cc3-d2a0f33fe026.down_data.7.dr
ID:	dr_27
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.1 (Windows), datetime=2021:11:11 06:54:34]
Entropy:	7.092403290156545
Encrypted:	false
Ssdeep:	24576:LdC81bzA4GeD+kaZRfEyfcA/ir2/R0JGSUmfyttS6dSTeuErzQP/Lg40bw2Rf02b:LdC81bz/Dq39STvErQ/05d0k
Size:	1829994
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8086b025-ce16-4435-9cc3-d2a0f33fe026.efb8d39c-14d5-4f68-9688-1978db758a90.down_meta
Category:	dropped
Dump:	8086b025-ce16-4435-9cc3-d2a0f33fe026.efb8d39c-14d5-4f68-9688-1978db758a90.down_meta.7.dr
ID:	dr_32
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.593729487352936
Encrypted:	false
Ssdeep:	24:LLVR2mRiwsXpjgWzgxjX+vUViwiAw2BKO1+0+YsafxOc2CpX3KPbGwaVB:LLD2mRixXpjPgVX+v8iUvBKEN3rfeIXJ
Size:	1230
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8086b025-ce16-4435-9cc3-d2a0f33fe026.up_meta_secure
Category:	dropped
Dump:	8086b025-ce16-4435-9cc3-d2a0f33fe026.up_meta_secure.4.dr
ID:	dr_10
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	data
Entropy:	7.2558971277972875
Encrypted:	false
Ssdeep:	12:QU6Nk8GuvaljuYNBPw+bWPcbcSegEgEEyzaYRdJn:QUX8Gui9XDdCPcbcrXEy2YRL
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8d48d2a6-6a56-420d-bb18-5dfe26c1259c.c22ac765-aa10-4c35-8f7c-a01d4239152c.down_meta
Category:	dropped
Dump:	8d48d2a6-6a56-420d-bb18-5dfe26c1259c.c22ac765-aa10-4c35-8f7c-a01d4239152c.down_meta.7.dr
ID:	dr_35
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.615198547271788
Encrypted:	false
Ssdeep:	24:LLVR2mRi5WXpjgWzgxjX+vUVi5u5Bzup1+Zb0IWsafxOc2CpX3zuObB0VB:LLD2mRiEXpjPgVX+v8iM5BqLIb0JrfeR
Size:	1224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8d48d2a6-6a56-420d-bb18-5dfe26c1259c.up_meta_secure
Category:	dropped
Dump:	8d48d2a6-6a56-420d-bb18-5dfe26c1259c.up_meta_secure.7.dr
ID:	dr_34
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	7.2992415773292185
Encrypted:	false
Ssdeep:	12:QU6N7/eJekA9YsweveCA8PPC+0LxaRGrbyaYwpPfU:QUmOek6Pr2CA8LwQwr9Yw2
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aa790838-db48-4eec-9b8a-be8242eb173a.56802ae0-e7ec-49c1-9ab4-e41cf1ffbd66.down_meta
Category:	dropped
Dump:	aa790838-db48-4eec-9b8a-be8242eb173a.56802ae0-e7ec-49c1-9ab4-e41cf1ffbd66.down_meta.7.dr
ID:	dr_47
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.609594899197458
Encrypted:	false
Ssdeep:	24:LLVR2mRiwsL8DWzgx71+gbMVmsafxOc2CpXpjjX+vUViwZBKPX3KUbNbCVB:LLD2mRi18kgvT7rfeIXpjjX+v8iUBKPm
Size:	1232
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aa790838-db48-4eec-9b8a-be8242eb173a.down_data
Category:	dropped
Dump:	aa790838-db48-4eec-9b8a-be8242eb173a.down_data.7.dr
ID:	dr_46
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 23.2 (Windows), datetime=2022:03:03 09:46:40]
Entropy:	6.7587223054274475
Encrypted:	false
Ssdeep:	24576:d4jNiVr4qVKKSPh75tPWCwK6RinQe53HN/R0JyN2e8Fu06VSshmuOZxtELH9GpmO:d4jNiVr4qo9t5+eFSxtEhamzKj
Size:	1652595
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aa790838-db48-4eec-9b8a-be8242eb173a.up_meta_secure
Category:	dropped
Dump:	aa790838-db48-4eec-9b8a-be8242eb173a.up_meta_secure.4.dr
ID:	dr_14
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	data
Entropy:	7.299771858446448
Encrypted:	false
Ssdeep:	12:QU6N7L/A0a05huwq4BTpdY2edfHXmdRoi382teGlWI+:QUx0a0buwqQe2pdRooqOh+
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\b554ff5d-428f-46a5-8fa9-db35cc2cdf59.e160842f-d7d2-487c-becb-ff7f735e3216.down_meta
Category:	dropped
Dump:	b554ff5d-428f-46a5-8fa9-db35cc2cdf59.e160842f-d7d2-487c-becb-ff7f735e3216.down_meta.7.dr
ID:	dr_39
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.6235419859275795
Encrypted:	false
Ssdeep:	24:LLVR2mRiwhXpjgWzgxjX+vUViwjAw2BKsDB1+euEsafxOc2CpX3KsDmbFJruZVB:LLD2mRicXpjPgVX+v8iZvBKQDbrfeIXp
Size:	1230
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\b554ff5d-428f-46a5-8fa9-db35cc2cdf59.up_meta_secure
Category:	dropped
Dump:	b554ff5d-428f-46a5-8fa9-db35cc2cdf59.up_meta_secure.7.dr
ID:	dr_38
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	7.269805200963284
Encrypted:	false
Ssdeep:	12:QU6N355QkpCJrX5hNwLBB5EwCM3Aa9Tg3gyT+UXT:QUq55e/wLB3E5+9TygpUD
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\dd6a1354-220a-435c-9960-7f2e2f731c6f.5e70bb71-9767-4cfd-9295-d09782f797ca.down_meta
Category:	dropped
Dump:	dd6a1354-220a-435c-9960-7f2e2f731c6f.5e70bb71-9767-4cfd-9295-d09782f797ca.down_meta.7.dr
ID:	dr_45
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.612607647376319
Encrypted:	false
Ssdeep:	24:LLVR2mRiw+XpjgWzgxjX+vUViwo4+E1BKt1+CsafxOc2CpX3Ki5bvO/QGyV7j:LLD2mRi/XpjPgVX+v8iOPBKvbrfeIX3t
Size:	1232
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\dd6a1354-220a-435c-9960-7f2e2f731c6f.up_meta_secure
Category:	dropped
Dump:	dd6a1354-220a-435c-9960-7f2e2f731c6f.up_meta_secure.7.dr
ID:	dr_44
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	7.269579834552022
Encrypted:	false
Ssdeep:	12:QU6N0FTddHZsfPtwSuWawd5n41jrGNaKNtp9Rmy:QUXPHS3iSu0kFutNtp9Rmy
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e9594213-9e57-49dd-91fb-0ee2aae6c086.56802ae0-e7ec-49c1-9ab4-e41cf1ffbd66.down_meta
Category:	dropped
Dump:	e9594213-9e57-49dd-91fb-0ee2aae6c086.56802ae0-e7ec-49c1-9ab4-e41cf1ffbd66.down_meta.7.dr
ID:	dr_33
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.609594899197458
Encrypted:	false
Ssdeep:	24:LLVR2mRiwsL8DWzgx71+gbMVmsafxOc2CpXpjjX+vUViwZBKPX3KUbNbCVB:LLD2mRi18kgvT7rfeIXpjjX+v8iUBKPm
Size:	1232
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\e9594213-9e57-49dd-91fb-0ee2aae6c086.up_meta_secure
Category:	dropped
Dump:	e9594213-9e57-49dd-91fb-0ee2aae6c086.up_meta_secure.7.dr
ID:	dr_30
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	7.299771858446448
Encrypted:	false
Ssdeep:	12:QU6N7L/A0a05huwq4BTpdY2edfHXmdRoi382teGlWI+:QUx0a0buwqQe2pdRooqOh+
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f9e08879-735a-4e9f-beea-148234195053.c22ac765-aa10-4c35-8f7c-a01d4239152c.down_meta
Category:	dropped
Dump:	f9e08879-735a-4e9f-beea-148234195053.c22ac765-aa10-4c35-8f7c-a01d4239152c.down_meta.7.dr
ID:	dr_28
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.615198547271788
Encrypted:	false
Ssdeep:	24:LLVR2mRi5WXpjgWzgxjX+vUVi5u5Bzup1+Zb0IWsafxOc2CpX3zuObB0VB:LLD2mRiEXpjPgVX+v8iM5BqLIb0JrfeR
Size:	1224
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f9e08879-735a-4e9f-beea-148234195053.down_data
Category:	dropped
Dump:	f9e08879-735a-4e9f-beea-148234195053.down_data.7.dr
ID:	dr_24
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1080x1920, components 3
Entropy:	7.973540203770047
Encrypted:	false
Ssdeep:	12288:OA4HfjzlA5igAwJiGDW/CXceHRU8755e/2bhC:OA4HfNA0yJs0FU+Te/2bo
Size:	397640
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\f9e08879-735a-4e9f-beea-148234195053.up_meta_secure
Category:	dropped
Dump:	f9e08879-735a-4e9f-beea-148234195053.up_meta_secure.4.dr
ID:	dr_12
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	data
Entropy:	7.2992415773292185
Encrypted:	false
Ssdeep:	12:QU6N7/eJekA9YsweveCA8PPC+0LxaRGrbyaYwpPfU:QUmOek6Pr2CA8LwQwr9Yw2
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\fce64348-a319-4f43-89cb-85a2ff3766b6.5e70bb71-9767-4cfd-9295-d09782f797ca.down_meta
Category:	dropped
Dump:	fce64348-a319-4f43-89cb-85a2ff3766b6.5e70bb71-9767-4cfd-9295-d09782f797ca.down_meta.7.dr
ID:	dr_43
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	data
Entropy:	3.612607647376319
Encrypted:	false
Ssdeep:	24:LLVR2mRiw+XpjgWzgxjX+vUViwo4+E1BKt1+CsafxOc2CpX3Ki5bvO/QGyV7j:LLD2mRi/XpjPgVX+v8iOPBKvbrfeIX3t
Size:	1232
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\fce64348-a319-4f43-89cb-85a2ff3766b6.down_data
Category:	dropped
Dump:	fce64348-a319-4f43-89cb-85a2ff3766b6.down_data.7.dr
ID:	dr_42
Target ID:	7
Process:	C:\Windows\System32\BackgroundTransferHost.exe
Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 23.2 (Windows), datetime=2022:03:03 09:45:32]
Entropy:	6.84484961165673
Encrypted:	false
Ssdeep:	24576:+dC81bz/KLQUBy+kzZJsxKdZC/2HO/R0JybmnI4asdAj/5Vf:+dC81bzuyusJdY7
Size:	1670366
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\fce64348-a319-4f43-89cb-85a2ff3766b6.up_meta_secure
Category:	dropped
Dump:	fce64348-a319-4f43-89cb-85a2ff3766b6.up_meta_secure.4.dr
ID:	dr_15
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	data
Entropy:	7.269579834552022
Encrypted:	false
Ssdeep:	12:QU6N0FTddHZsfPtwSuWawd5n41jrGNaKNtp9Rmy:QUXPHS3iSu0kFutNtp9Rmy
Size:	502
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\1667478730 (copy)
Category:	dropped
Dump:	1667478730.~tmp0.4.dr
ID:	dr_23
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	Unicode text, UTF-16, little-endian text, with very long lines (25333), with no line terminators
Entropy:	3.8628690863148045
Encrypted:	false
Ssdeep:	384:LqkpwmyvKwm7t3wmCC6IOaYoCGvgLbuLixSgLldfPOaY3NEoDJjmoKxo9029OaYO:AmQmamCC6mTMes5ldfFOtdz902XX
Size:	50668
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338387\1667478730.~tmp
Category:	dropped
Dump:	1667478730.~tmp0.4.dr
ID:	dr_9
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	Unicode text, UTF-16, little-endian text, with very long lines (25333), with no line terminators
Entropy:	3.8628690863148045
Encrypted:	false
Ssdeep:	384:LqkpwmyvKwm7t3wmCC6IOaYoCGvgLbuLixSgLldfPOaY3NEoDJjmoKxo9029OaYO:AmQmamCC6mTMes5ldfFOtdz902XX
Size:	50668
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat (copy)
Category:	dropped
Dump:	eventbeacons.dat.~tmp.4.dr
ID:	dr_19
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	ASCII text, with very long lines (601), with CRLF line terminators
Entropy:	5.375635149442958
Encrypted:	false
Ssdeep:	24:2AsfLWhHyUwHqbwB6wwTasfjuAsfLWhHyUwHqbwB6wwTasfjf:psTsyTWHa8uAsTsyTWHa8f
Size:	1206
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat.~tmp
Category:	dropped
Dump:	eventbeacons.dat.~tmp.4.dr
ID:	dr_5
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	ASCII text, with very long lines (601), with CRLF line terminators
Entropy:	5.375635149442958
Encrypted:	false
Ssdeep:	24:2AsfLWhHyUwHqbwB6wwTasfjuAsfLWhHyUwHqbwB6wwTasfjf:psTsyTWHa8uAsTsyTWHa8f
Size:	1206
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\eventbeacons.dat~RFf6a9d0.TMP (copy)
Category:	dropped
Dump:	eventbeacons.dat.~tmp.4.dr
ID:	dr_21
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	ASCII text, with very long lines (601), with CRLF line terminators
Entropy:	5.375635149442958
Encrypted:	false
Ssdeep:	24:2AsfLWhHyUwHqbwB6wwTasfjuAsfLWhHyUwHqbwB6wwTasfjf:psTsyTWHa8uAsTsyTWHa8f
Size:	1206
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\imprbeacons.dat (copy)
Category:	dropped
Dump:	imprbeacons.dat.~tmp.4.dr
ID:	dr_20
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	ASCII text, with very long lines (1749), with CRLF line terminators
Entropy:	5.187469039060151
Encrypted:	false
Ssdeep:	24:28/SgQwCqjJNwB6wwTaseehjhcwhwBMDjkoDUfsLNKomN5rrxZT12KfUNiYsiIj:xx/nJ9HagNLfYsBiLTfUwSa
Size:	1751
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\338388\imprbeacons.dat.~tmp
Category:	dropped
Dump:	imprbeacons.dat.~tmp.4.dr
ID:	dr_6
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	ASCII text, with very long lines (1749), with CRLF line terminators
Entropy:	5.187469039060151
Encrypted:	false
Ssdeep:	24:28/SgQwCqjJNwB6wwTaseehjhcwhwBMDjkoDUfsLNKomN5rrxZT12KfUNiYsiIj:xx/nJ9HagNLfYsBiLTfUwSa
Size:	1751
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000045\1667478730 (copy)
Category:	dropped
Dump:	1667478730.~tmp.4.dr
ID:	dr_22
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	Unicode text, UTF-16, little-endian text, with very long lines (3298), with no line terminators
Entropy:	3.8115883227521836
Encrypted:	false
Ssdeep:	192:Lv44wFiEMGyoO4XD3gyeXonj4fjkwRcmtGw:L6yGBRvuNtGw
Size:	6598
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000045\1667478730.~tmp
Category:	dropped
Dump:	1667478730.~tmp.4.dr
ID:	dr_7
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	Unicode text, UTF-16, little-endian text, with very long lines (3298), with no line terminators
Entropy:	3.8115883227521836
Encrypted:	false
Ssdeep:	192:Lv44wFiEMGyoO4XD3gyeXonj4fjkwRcmtGw:L6yGBRvuNtGw
Size:	6598
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\280815\9dbf5cda030a4e60a261641156804856_1 (copy)
Category:	dropped
Dump:	9dbf5cda030a4e60a261641156804856_1.~tmp.4.dr
ID:	dr_17
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	JSON data
Entropy:	5.589251299472814
Encrypted:	false
Ssdeep:	48:YrLtp5jEi8kLsPSVZGcuDieRHFzkwhSgNPUV:Ev5gjshZGDZuGSgNPUV
Size:	1765
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\280815\9dbf5cda030a4e60a261641156804856_1.~tmp
Category:	dropped
Dump:	9dbf5cda030a4e60a261641156804856_1.~tmp.4.dr
ID:	dr_3
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	JSON data
Entropy:	5.589251299472814
Encrypted:	false
Ssdeep:	48:YrLtp5jEi8kLsPSVZGcuDieRHFzkwhSgNPUV:Ev5gjshZGDZuGSgNPUV
Size:	1765
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\96bc58feee9343f4adb4276226731ce3_1 (copy)
Category:	dropped
Dump:	96bc58feee9343f4adb4276226731ce3_1.~tmp.4.dr
ID:	dr_16
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	JSON data
Entropy:	5.649193848711768
Encrypted:	false
Ssdeep:	48:YrfBVUdGEFZ8Ht35cLsRkT+Ha8uDwsKkTJsuDxHaHn4FzkuLsRkT+Ha8uDCo0U/:KVySHt35EnZj88xgHnhunZjmpU/
Size:	3399
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338388\96bc58feee9343f4adb4276226731ce3_1.~tmp
Category:	dropped
Dump:	96bc58feee9343f4adb4276226731ce3_1.~tmp.4.dr
ID:	dr_8
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	JSON data
Entropy:	5.649193848711768
Encrypted:	false
Ssdeep:	48:YrfBVUdGEFZ8Ht35cLsRkT+Ha8uDwsKkTJsuDxHaHn4FzkuLsRkT+Ha8uDCo0U/:KVySHt35EnZj88xgHnhunZjmpU/
Size:	3399
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338389\03d0615dae6b45498e652e3e555b3e3d_1 (copy)
Category:	dropped
Dump:	03d0615dae6b45498e652e3e555b3e3d_1.~tmp.4.dr
ID:	dr_18
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	JSON data
Entropy:	5.577925996504267
Encrypted:	false
Ssdeep:	48:YrLtLku8kLsPSR5NuDiemHFzkwhkKQyUs:ENkPslueuGkuUs
Size:	1767
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\338389\03d0615dae6b45498e652e3e555b3e3d_1.~tmp
Category:	dropped
Dump:	03d0615dae6b45498e652e3e555b3e3d_1.~tmp.4.dr
ID:	dr_4
Target ID:	4
Process:	C:\Windows\System32\backgroundTaskHost.exe
Type:	JSON data
Entropy:	5.577925996504267
Encrypted:	false
Ssdeep:	48:YrLtLku8kLsPSR5NuDiemHFzkwhkKQyUs:ENkPslueuGkuUs
Size:	1767
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Local\Temp\nsdCB34.tmp\System.dll
Category:	dropped
Dump:	System.dll.2.dr
ID:	dr_2
Target ID:	2
Process:	C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	5.737556724687435
Encrypted:	false
Ssdeep:	192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Size:	12288
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Roaming\Shoved\Factorist\dialog-warning-symbolic.symbolic.png
Category:	dropped
Dump:	dialog-warning-symbolic.symbolic.png.2.dr
ID:	dr_1
Target ID:	2
Process:	C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Entropy:	6.880810677512409
Encrypted:	false
Ssdeep:	6:6v/lhPysDQqinrW8/97kGwr/F+Elz3hsKrnLIuYK/SwtNVp:6v/7ZiK817kG3Mz3ZIiSoN7
Size:	286
Whitelisted:	true
Reputation:	timeout

Details

File:	C:\Users\user\AppData\Roaming\Shoved\skrupforelskede.bin
Category:	dropped
Dump:	skrupforelskede.bin.2.dr
ID:	dr_0
Target ID:	2
Process:	C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
Type:	data
Entropy:	7.75553468119485
Encrypted:	false
Ssdeep:	1536:bYpDSzihO1IsnBzEfH5ZR0fha22stcSuYZtL+8VdfWuZTJrBWmlRsMM:mDcgO1IeQfH5ZRXstcgKodfhrBBDM
Size:	106887
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

Files

Processes

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportCONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe

Files

Processes

IOC Report
CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe