|
E-DEKONT.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
| Entropy: |
7.761776865378202
|
| Filename: |
E-DEKONT.exe
|
| Filesize: |
325782
|
| MD5: |
0aa36eb080cf7171cec271b2cd4d2108
|
| SHA1: |
eb7f3bf8e15ae16e765e480510d2260a9e9facb8
|
| SHA256: |
6ca208edbc718f737f74ee0a631ed22cd2bf67a0db679d9d1702575c087550cc
|
| SHA512: |
a350d13a00cfb426c046b370b018309fb614ab597159fc53a07b017143960d68dab186b71e12156bd8966234f49775f70d7bbfafe53ada4d7ded282d2780d489
|
| SSDEEP: |
6144:nQ606xDpoDTOfHQerv776jfhtjdTAhjr6ec5eF4fe8YCsboQ+Ni5JFapbARUTv/4:FpoPOfQqvH6j5PTIr6FZTQ+aJwp8KH4
|
| Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...6.uY.................f.........
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Multi AV Scanner detection for submitted file |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Tries to steal Mail credentials (via file / registry access) |
Stealing of Sensitive Information |
|
| Tries to steal Crypto Currency Wallets |
Stealing of Sensitive Information |
|
| Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) |
Stealing of Sensitive Information |
Access Token Manipulation
|
| Tries to detect Any.run |
Malware Analysis System Evasion |
Virtualization/Sandbox Evasion
Security Software Discovery
|
| Self deletion via cmd or bat file |
Hooking and other Techniques for Hiding and Protection |
Access Token Manipulation
|
| Tries to harvest and steal ftp login credentials |
Stealing of Sensitive Information |
|
| Tries to harvest and steal Bitcoin Wallet information |
Stealing of Sensitive Information |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Tries to steal Instant Messenger accounts or passwords |
Stealing of Sensitive Information |
|
| Tries to harvest and steal browser information (history, passwords, etc) |
Stealing of Sensitive Information |
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Yara signature match |
System Summary |
|
| Contains functionality to shutdown / reboot the system |
System Summary |
Access Token Manipulation
|
| Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
Obfuscated Files or Information
|
| Detected potential crypto function |
System Summary |
Access Token Manipulation
|
| Stores files to the Windows start menu directory |
Boot Survival |
Registry Run Keys / Startup Folder
|
| Contains functionality to call native functions |
System Summary |
|
| Contains functionality to dynamically determine API calls |
Data Obfuscation, Anti Debugging |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
| Contains functionality for execution timing, often used to detect debuggers |
Malware Analysis System Evasion, Anti Debugging |
|
| Queries information about the installed CPU (vendor, model number etc) |
Language, Device and Operating System Detection |
File and Directory Discovery
|
| Sample file is different than original file name gathered from version info |
System Summary |
Access Token Manipulation
|
| Drops PE files |
Persistence and Installation Behavior |
Access Token Manipulation
|
| Tries to load missing DLLs |
System Summary |
|
| Contains functionality to read the PEB |
Anti Debugging |
Access Token Manipulation
|
| Checks if the current process is being debugged |
Anti Debugging |
|
| Contains functionality to enumerate device drivers |
Malware Analysis System Evasion |
Access Token Manipulation
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress) |
Anti Debugging |
|
| Contains functionality for read data from the clipboard |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Queries a list of all running processes |
Malware Analysis System Evasion |
|
| Sample is known by Antivirus |
System Summary |
Access Token Manipulation
|
| Sample reads its own file content |
System Summary |
Access Token Manipulation
|
| PE file has an executable .text section and no other executable section |
System Summary |
Access Token Manipulation
|
| Reads software policies |
System Summary |
Access Token Manipulation
|
| Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
| Queries the cryptographic machine GUID |
Language, Device and Operating System Detection |
Access Token Manipulation
|
| Uses an in-process (OLE) Automation server |
System Summary |
Access Token Manipulation
|
| Contains functionality to adjust token privileges (e.g. debug / backup) |
System Summary |
Access Token Manipulation
|
| Creates files inside the user directory |
System Summary |
|
| Creates temporary files |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| Contains functionality to instantiate COM classes |
System Summary |
Access Token Manipulation
|
| Reads ini files |
System Summary |
|
| Contains functionality to check free disk space |
System Summary |
System Information Discovery
|
| SQL strings found in memory and binary data |
System Summary |
File and Directory Discovery
|
| Queries a list of all running drivers |
Malware Analysis System Evasion |
|
| Contains functionality to query windows version |
Language, Device and Operating System Detection |
System Information Discovery
|
| Program exit points |
Malware Analysis System Evasion |
|
| URLs found in memory or binary data |
Networking |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| Checks if Microsoft Office is installed |
System Summary |
Access Token Manipulation
|
| Creates a software uninstall entry |
Compliance, System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\444685002784711619507383.tmp
|
SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 3, database pages 22, 1st free
page 7, free pages 2, cookie 0x10, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\444685002784711619507383.tmp
|
| Category: |
dropped
|
| Dump: |
444685002784711619507383.tmp.4.dr
|
| ID: |
dr_16
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 3, database pages 22, 1st free
page 7, free pages 2, cookie 0x10, schema 4, UTF-8, version-valid-for 3
|
| Entropy: |
0.7853305971874845
|
| Encrypted: |
false
|
| Ssdeep: |
48:43b/DVIIgyZKLk8s8LKvUf9K4UKTgyJqhtcebVEq8Ma0D0HOlcjlGxdKmtAONu41:Sb+uKLyeym/grcebn8MouOjlGxdKmt3N
|
| Size: |
45056
|
| Whitelisted: |
false
|
| Reputation: |
moderate
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-console-l1-1-0.dll.4.dr
|
| ID: |
dr_6
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.080160932980843
|
| Encrypted: |
false
|
| Ssdeep: |
192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
high
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-datetime-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-datetime-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-datetime-l1-1-0.dll.4.dr
|
| ID: |
dr_8
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.093995452106596
|
| Encrypted: |
false
|
| Ssdeep: |
192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-debug-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-debug-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-debug-l1-1-0.dll.4.dr
|
| ID: |
dr_10
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.1028816880814265
|
| Encrypted: |
false
|
| Ssdeep: |
384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-errorhandling-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-errorhandling-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-errorhandling-l1-1-0.dll.4.dr
|
| ID: |
dr_11
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.126358371711227
|
| Encrypted: |
false
|
| Ssdeep: |
192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-file-l1-1-0.dll.4.dr
|
| ID: |
dr_12
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.014255619395433
|
| Encrypted: |
false
|
| Ssdeep: |
384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
|
| Size: |
21816
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-2-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-file-l1-2-0.dll.4.dr
|
| ID: |
dr_13
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.112057846012794
|
| Encrypted: |
false
|
| Ssdeep: |
192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l2-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l2-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-file-l2-1-0.dll.4.dr
|
| ID: |
dr_17
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.166618249693435
|
| Encrypted: |
false
|
| Ssdeep: |
192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-handle-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-handle-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-handle-l1-1-0.dll.4.dr
|
| ID: |
dr_18
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.1117101479630005
|
| Encrypted: |
false
|
| Ssdeep: |
384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-heap-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-heap-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-heap-l1-1-0.dll.4.dr
|
| ID: |
dr_19
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.174986589968396
|
| Encrypted: |
false
|
| Ssdeep: |
192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-interlocked-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-interlocked-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-interlocked-l1-1-0.dll.4.dr
|
| ID: |
dr_20
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.076803035880586
|
| Encrypted: |
false
|
| Ssdeep: |
192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
|
| Size: |
17856
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-libraryloader-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-libraryloader-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
|
| ID: |
dr_21
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.131154779640255
|
| Encrypted: |
false
|
| Ssdeep: |
384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-localization-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-localization-l1-2-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-localization-l1-2-0.dll.4.dr
|
| ID: |
dr_22
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.089032314841867
|
| Encrypted: |
false
|
| Ssdeep: |
384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
|
| Size: |
20792
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-memory-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-memory-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-memory-l1-1-0.dll.4.dr
|
| ID: |
dr_23
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.101895292899441
|
| Encrypted: |
false
|
| Ssdeep: |
384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-namedpipe-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-namedpipe-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
|
| ID: |
dr_24
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.16337963516533
|
| Encrypted: |
false
|
| Ssdeep: |
192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processenvironment-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processenvironment-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
|
| ID: |
dr_25
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.073730829887072
|
| Encrypted: |
false
|
| Ssdeep: |
192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
|
| Size: |
19248
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-processthreads-l1-1-0.dll.4.dr
|
| ID: |
dr_26
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.082421046253008
|
| Encrypted: |
false
|
| Ssdeep: |
384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
|
| Size: |
19392
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-1.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-processthreads-l1-1-1.dll.4.dr
|
| ID: |
dr_27
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.1156948849491055
|
| Encrypted: |
false
|
| Ssdeep: |
384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-profile-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-profile-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-profile-l1-1-0.dll.4.dr
|
| ID: |
dr_28
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.187691342157284
|
| Encrypted: |
false
|
| Ssdeep: |
192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
|
| Size: |
17712
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-rtlsupport-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
|
| ID: |
dr_29
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.19694878324007
|
| Encrypted: |
false
|
| Ssdeep: |
384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
|
| Size: |
17720
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-string-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-string-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-string-l1-1-0.dll.4.dr
|
| ID: |
dr_30
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.137724132900032
|
| Encrypted: |
false
|
| Ssdeep: |
384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-synch-l1-1-0.dll.4.dr
|
| ID: |
dr_31
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.04640581473745
|
| Encrypted: |
false
|
| Ssdeep: |
384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
|
| Size: |
20280
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-2-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-2-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-synch-l1-2-0.dll.4.dr
|
| ID: |
dr_32
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.138910839042951
|
| Encrypted: |
false
|
| Ssdeep: |
384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-sysinfo-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
|
| ID: |
dr_33
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.072555805949365
|
| Encrypted: |
false
|
| Ssdeep: |
384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
|
| Size: |
19248
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-timezone-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-timezone-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-timezone-l1-1-0.dll.4.dr
|
| ID: |
dr_34
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.17450177544266
|
| Encrypted: |
false
|
| Ssdeep: |
384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
|
| Size: |
18224
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-util-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-util-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-core-util-l1-1-0.dll.4.dr
|
| ID: |
dr_35
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.1007227686954275
|
| Encrypted: |
false
|
| Ssdeep: |
192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
|
| Size: |
18232
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-conio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-conio-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-conio-l1-1-0.dll.4.dr
|
| ID: |
dr_36
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.088693688879585
|
| Encrypted: |
false
|
| Ssdeep: |
384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
|
| Size: |
19256
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-convert-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-convert-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-convert-l1-1-0.dll.4.dr
|
| ID: |
dr_37
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.929204936143068
|
| Encrypted: |
false
|
| Ssdeep: |
384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
|
| Size: |
22328
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-environment-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-environment-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-environment-l1-1-0.dll.4.dr
|
| ID: |
dr_38
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.078409479204304
|
| Encrypted: |
false
|
| Ssdeep: |
192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
|
| Size: |
18736
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-filesystem-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
|
| ID: |
dr_39
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.085387497246545
|
| Encrypted: |
false
|
| Ssdeep: |
384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
|
| Size: |
20280
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-heap-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-heap-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-heap-l1-1-0.dll.4.dr
|
| ID: |
dr_40
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.060393359865728
|
| Encrypted: |
false
|
| Ssdeep: |
192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
|
| Size: |
19256
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-locale-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-locale-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-locale-l1-1-0.dll.4.dr
|
| ID: |
dr_41
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.13172731865352
|
| Encrypted: |
false
|
| Ssdeep: |
192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-math-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-math-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-math-l1-1-0.dll.4.dr
|
| ID: |
dr_42
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.6686462438397
|
| Encrypted: |
false
|
| Ssdeep: |
384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
|
| Size: |
28984
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-multibyte-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-multibyte-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
|
| ID: |
dr_43
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.712286643697659
|
| Encrypted: |
false
|
| Ssdeep: |
384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
|
| Size: |
26424
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-private-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-private-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-private-l1-1-0.dll.4.dr
|
| ID: |
dr_44
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
5.838702055399663
|
| Encrypted: |
false
|
| Ssdeep: |
1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
|
| Size: |
73016
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-process-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-process-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-process-l1-1-0.dll.4.dr
|
| ID: |
dr_45
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.076072254895036
|
| Encrypted: |
false
|
| Ssdeep: |
192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
|
| Size: |
19256
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-runtime-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-runtime-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-runtime-l1-1-0.dll.4.dr
|
| ID: |
dr_46
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.942029615075195
|
| Encrypted: |
false
|
| Ssdeep: |
384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
|
| Size: |
22840
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-stdio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-stdio-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-stdio-l1-1-0.dll.4.dr
|
| ID: |
dr_47
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.873960147000383
|
| Encrypted: |
false
|
| Ssdeep: |
384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
|
| Size: |
24368
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-string-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-string-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-string-l1-1-0.dll.4.dr
|
| ID: |
dr_48
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.840671293766487
|
| Encrypted: |
false
|
| Ssdeep: |
384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
|
| Size: |
23488
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-time-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-time-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-time-l1-1-0.dll.4.dr
|
| ID: |
dr_49
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.018061005886957
|
| Encrypted: |
false
|
| Ssdeep: |
384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
|
| Size: |
20792
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-utility-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-utility-l1-1-0.dll
|
| Category: |
dropped
|
| Dump: |
api-ms-win-crt-utility-l1-1-0.dll.4.dr
|
| ID: |
dr_50
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
7.127951145819804
|
| Encrypted: |
false
|
| Ssdeep: |
192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
|
| Size: |
18744
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\freebl3.dll
|
| Category: |
dropped
|
| Dump: |
freebl3.dll.4.dr
|
| ID: |
dr_51
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.8061257098244905
|
| Encrypted: |
false
|
| Ssdeep: |
6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
|
| Size: |
332752
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\mozglue.dll
|
| Category: |
dropped
|
| Dump: |
mozglue.dll.4.dr
|
| ID: |
dr_52
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.841477908153926
|
| Encrypted: |
false
|
| Ssdeep: |
3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
|
| Size: |
139216
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\msvcp140.dll
|
| Category: |
dropped
|
| Dump: |
msvcp140.dll.4.dr
|
| ID: |
dr_53
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.652844702578311
|
| Encrypted: |
false
|
| Ssdeep: |
12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
|
| Size: |
440120
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\nss3.dll
|
| Category: |
dropped
|
| Dump: |
nss3.dll.4.dr
|
| ID: |
dr_54
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.809431682312062
|
| Encrypted: |
false
|
| Ssdeep: |
24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
|
| Size: |
1244112
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\nssdbm3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\nssdbm3.dll
|
| Category: |
dropped
|
| Dump: |
nssdbm3.dll.4.dr
|
| ID: |
dr_7
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.639368309935547
|
| Encrypted: |
false
|
| Ssdeep: |
1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
|
| Size: |
92624
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\softokn3.dll
|
| Category: |
dropped
|
| Dump: |
softokn3.dll.4.dr
|
| ID: |
dr_9
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.5527585854849395
|
| Encrypted: |
false
|
| Ssdeep: |
3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
|
| Size: |
144336
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\ucrtbase.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\ucrtbase.dll
|
| Category: |
dropped
|
| Dump: |
ucrtbase.dll.4.dr
|
| ID: |
dr_14
|
| Target ID: |
4
|
| Process: |
C:\Users\user\Desktop\E-DEKONT.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
| Entropy: |
6.809041027525523
|
| Encrypted: |
false
|
| Ssdeep: |
24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
|
| Size: |
1142072
|
| Whitelisted: |
true
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\75C649CD\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\75C649CD\vcruntime140.dll
|
| Category: |
dropped
|
|
