Automated Malware Analysis IOC Report for

Details

File:	C:\Users\eyup\AppData\Local\Microsoft\Windows\INetCache\IE\R9BYEINB\Payload11_2022_10_42[1].zip
Category:	dropped
Dump:	Payload11_2022_10_42[1].zip.6.dr
ID:	dr_36
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy:	7.998238142178281
Encrypted:	true
Size:	136088419
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\AForge.Video.DirectShow.dll
Category:	dropped
Dump:	AForge.Video.DirectShow.dll.6.dr
ID:	dr_14
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.529928219154391
Encrypted:	false
Size:	72160
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\AForge.Video.dll
Category:	dropped
Dump:	AForge.Video.dll.6.dr
ID:	dr_15
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.375575026807124
Encrypted:	false
Size:	31712
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\AForge.dll
Category:	dropped
Dump:	AForge.dll.6.dr
ID:	dr_12
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.398055190229929
Encrypted:	false
Size:	28640
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\BouncyCastle.dll
Category:	dropped
Dump:	BouncyCastle.dll.6.dr
ID:	dr_16
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.969278031717462
Encrypted:	false
Size:	2058208
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\CRClient.dll
Category:	dropped
Dump:	CRClient.dll.6.dr
ID:	dr_29
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.324023488842526
Encrypted:	false
Size:	1078240
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\CRLogTransport.exe
Category:	dropped
Dump:	CRLogTransport.exe.6.dr
ID:	dr_30
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy:	6.5823538059796
Encrypted:	false
Size:	565216
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\CRWindowsClientService.exe
Category:	dropped
Dump:	CRWindowsClientService.exe.6.dr
ID:	dr_31
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	6.252719655882823
Encrypted:	false
Size:	821728
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\Connect.exe
Category:	dropped
Dump:	Connect.exe.6.dr
ID:	dr_27
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	7.2717345853234185
Encrypted:	false
Size:	37045216
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\ConnectDetector.exe
Category:	dropped
Dump:	ConnectDetector.exe.6.dr
ID:	dr_28
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy:	6.303894150235615
Encrypted:	false
Size:	659936
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\EncoderHelper.exe
Category:	dropped
Dump:	EncoderHelper.exe.6.dr
ID:	dr_35
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy:	6.709169198224255
Encrypted:	false
Size:	480224
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.AForge.dll
Category:	dropped
Dump:	FM.LiveSwitch.AForge.dll.6.dr
ID:	dr_3
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.5694648027398905
Encrypted:	false
Size:	23008
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.AudioProcessing.dll
Category:	dropped
Dump:	FM.LiveSwitch.AudioProcessing.dll.6.dr
ID:	dr_4
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.642084094697324
Encrypted:	false
Size:	21472
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Dmo.dll
Category:	dropped
Dump:	FM.LiveSwitch.Dmo.dll.6.dr
ID:	dr_6
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.281695763074729
Encrypted:	false
Size:	84960
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.JsonNet.dll
Category:	dropped
Dump:	FM.LiveSwitch.JsonNet.dll.6.dr
ID:	dr_7
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.8167359286211875
Encrypted:	false
Size:	16864
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Log4Net.dll
Category:	dropped
Dump:	FM.LiveSwitch.Log4Net.dll.6.dr
ID:	dr_8
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.816697483580518
Encrypted:	false
Size:	16864
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.NAudio.dll
Category:	dropped
Dump:	FM.LiveSwitch.NAudio.dll.6.dr
ID:	dr_9
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.5056521509159335
Encrypted:	false
Size:	29152
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Nvidia.dll
Category:	dropped
Dump:	FM.LiveSwitch.Nvidia.dll.6.dr
ID:	dr_10
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.419430083083177
Encrypted:	false
Size:	28128
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.OpenH264.dll
Category:	dropped
Dump:	FM.LiveSwitch.OpenH264.dll.6.dr
ID:	dr_11
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.1599890245758235
Encrypted:	false
Size:	55264
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Opus.dll
Category:	dropped
Dump:	FM.LiveSwitch.Opus.dll.6.dr
ID:	dr_13
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.2922032052740065
Encrypted:	false
Size:	34272
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.SharpDX.dll
Category:	dropped
Dump:	FM.LiveSwitch.SharpDX.dll.6.dr
ID:	dr_21
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.641546690599725
Encrypted:	false
Size:	23008
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Vpx.dll
Category:	dropped
Dump:	FM.LiveSwitch.Vpx.dll.6.dr
ID:	dr_22
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.226919736548019
Encrypted:	false
Size:	38368
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.WinForms.dll
Category:	dropped
Dump:	FM.LiveSwitch.WinForms.dll.6.dr
ID:	dr_23
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.596707784718348
Encrypted:	false
Size:	26592
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Wpf.dll
Category:	dropped
Dump:	FM.LiveSwitch.Wpf.dll.6.dr
ID:	dr_24
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.511491014558084
Encrypted:	false
Size:	27616
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.XirSys.dll
Category:	modified
Dump:	FM.LiveSwitch.XirSys.dll.6.dr
ID:	dr_25
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.435785332756873
Encrypted:	false
Size:	29664
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.Yuv.dll
Category:	dropped
Dump:	FM.LiveSwitch.Yuv.dll.6.dr
ID:	dr_26
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.455925007527187
Encrypted:	false
Size:	28640
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\FM.LiveSwitch.dll
Category:	dropped
Dump:	FM.LiveSwitch.dll.6.dr
ID:	dr_5
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.041828239201356
Encrypted:	false
Size:	2983392
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\chrome_100_percent.pak
Category:	dropped
Dump:	chrome_100_percent.pak.6.dr
ID:	dr_17
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	data
Entropy:	7.9604966575130005
Encrypted:	false
Size:	639501
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\chrome_200_percent.pak
Category:	dropped
Dump:	chrome_200_percent.pak.6.dr
ID:	dr_18
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	data
Entropy:	7.952005369692832
Encrypted:	false
Size:	960892
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\chrome_elf.dll
Category:	dropped
Dump:	chrome_elf.dll.6.dr
ID:	dr_19
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.174390393464766
Encrypted:	false
Size:	1188832
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\concrt140.dll
Category:	dropped
Dump:	concrt140.dll.6.dr
ID:	dr_20
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.297883466364787
Encrypted:	false
Size:	317408
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\cr_win_client_config.cfg
Category:	dropped
Dump:	cr_win_client_config.cfg.6.dr
ID:	dr_32
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.719325836911548
Encrypted:	false
Size:	210
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Tries to open an application configuration file (.cfg)	System Summary

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\d3dcompiler_47.dll
Category:	dropped
Dump:	d3dcompiler_47.dll.6.dr
ID:	dr_33
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393518957966005
Encrypted:	false
Size:	4893152
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\digest.s
Category:	dropped
Dump:	digest.s.6.dr
ID:	dr_34
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	data
Entropy:	6.397577636054845
Encrypted:	false
Size:	4509
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops certificate files (DER)	E-Banking Fraud

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libEGL.dll
Category:	dropped
Dump:	libEGL.dll.6.dr
ID:	dr_40
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.359145784921531
Encrypted:	false
Size:	428512
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libGLESv2.dll
Category:	dropped
Dump:	libGLESv2.dll.6.dr
ID:	dr_41
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.427171757940237
Encrypted:	false
Size:	6352864
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libaudioprocessingfm.dll
Category:	dropped
Dump:	libaudioprocessingfm.dll.6.dr
ID:	dr_37
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.509829709376193
Encrypted:	false
Size:	935904
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libcef.dll
Category:	dropped
Dump:	libcef.dll.6.dr
ID:	dr_38
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.67714452940272
Encrypted:	false
Size:	170685920
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libcrypto-1_1-x64.dll
Category:	dropped
Dump:	libcrypto-1_1-x64.dll.6.dr
ID:	dr_39
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.111105756924529
Encrypted:	false
Size:	3418080
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libnvidiafm.dll
Category:	dropped
Dump:	libnvidiafm.dll.6.dr
ID:	dr_42
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.054049052784219
Encrypted:	false
Size:	676832
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libopenh264fm.dll
Category:	dropped
Dump:	libopenh264fm.dll.6.dr
ID:	dr_43
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.3917775061081015
Encrypted:	false
Size:	143328
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libopusfm.dll
Category:	dropped
Dump:	libopusfm.dll.6.dr
ID:	dr_44
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.962459026443746
Encrypted:	false
Size:	1036256
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\librnnoise.dll
Category:	dropped
Dump:	librnnoise.dll.6.dr
ID:	dr_45
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	7.399708512360001
Encrypted:	false
Size:	153056
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libssl-1_1-x64.dll
Category:	dropped
Dump:	libssl-1_1-x64.dll.6.dr
ID:	dr_46
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.548016622817644
Encrypted:	false
Size:	692192
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libvpxfm.dll
Category:	dropped
Dump:	libvpxfm.dll.6.dr
ID:	dr_47
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.623935160702264
Encrypted:	false
Size:	2204128
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\AppData\Local\Temp\ConB14B.tmp\libyuvfm.dll
Category:	dropped
Dump:	libyuvfm.dll.6.dr
ID:	dr_48
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.902253584565249
Encrypted:	false
Size:	1316832
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\eyup\Downloads\6bcc8cff-6afa-4c34-b8b1-3a042b0a5bd0.tmp
Category:	dropped
Dump:	6bcc8cff-6afa-4c34-b8b1-3a042b0a5bd0.tmp.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.346891578686829
Encrypted:	false
Size:	134903
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Creates files inside the user directory	System Summary	Masquerading

Details

File:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe (copy)
Category:	dropped
Dump:	Unconfirmed 658627.crdownload.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.896968533209531
Encrypted:	false
Size:	624424
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Abnormal high CPU Usage	System Summary
Drops PE files	Persistence and Installation Behavior
Drops certificate files (DER)	E-Banking Fraud
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Tries to load missing DLLs	System Summary	DLL Side-Loading
Checks the free space of harddrives	Malware Analysis System Evasion	System Information Discovery
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary	System Information Discovery
Reads the hosts file	System Summary	Remote System Discovery
Spawns processes	System Summary	Process Injection
Uses an in-process (OLE) Automation server	System Summary
Creates a software uninstall entry	Compliance, System Summary	Windows Service
Creates install or setup log file	Compliance, Persistence and Installation Behavior
Tries to open an application configuration file (.cfg)	System Summary

Details

File:	C:\Users\eyup\Downloads\Unconfirmed 658627.crdownload
Category:	dropped
Dump:	Unconfirmed 658627.crdownload.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.896968533209531
Encrypted:	false
Size:	624424
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading

Details

File:	unknown (copy)
Category:	dropped
Dump:	AForge.dll.6.dr
ID:	dr_49
Target ID:	6
Process:	C:\Users\eyup\Downloads\ConnectShellSetup11.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.398055190229929
Encrypted:	false
Size:	28640
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Spawns processes	System Summary	Process Injection

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://www.adobe.com/go/ConnectShell11

Files

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://www.adobe.com/go/ConnectShell11

Files

IPs

IOC Report
https://www.adobe.com/go/ConnectShell11