Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.044268283359809
Filename:	HkObDPju6Z.exe
Filesize:	1489920
MD5:	6441d7260944bcedc5958c5c8a05d16d
SHA1:	46257982840493eca90e051ff1749e7040895584
SHA256:	723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
SHA512:	af88fd3a0a2728c811be524feee575d8d2d9623b7944021c83173e40dbec6b1fbe7bea64dcdd8f1dbebc7d8df76b40e5c9647e2586316ea46ceb191ebcf14d89
SSDEEP:	24576:1p2gwjk6ikYhJ9lvGnYZvy48/V33ck7LnBAyldFu8hod/Qodly:1AgxkmvGnYWccjBAwFadRd
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......W.....................L.......7............@..........................P............@................................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Antivirus / Scanner detection for submitted sample	AV Detection
Detected unpacking (creates a PE file in dynamic memory)	Compliance, Data Obfuscation	Software Packing Security Software Discovery
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content
Found Tor onion address	Networking	Proxy
Machine Learning detection for sample	AV Detection
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Uses 32bit PE files	Compliance, System Summary	Masquerading
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion	Virtualization/Sandbox Evasion File and Directory Discovery
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Found potential string decryption / allocating functions	System Summary	Deobfuscate/Decode Files or Information
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Contains functionality to check if a window is minimized (may be used to check if an application is visible)	Hooking and other Techniques for Hiding and Protection	Masquerading
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Abnormal high CPU Usage	System Summary
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Sample file is different than original file name gathered from version info	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains functionality to read the PEB	Anti Debugging
Found large amount of non-executed APIs	Malware Analysis System Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Sample is known by Antivirus	System Summary
Contains functionality to query system information	Malware Analysis System Evasion
Reads software policies	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Contains functionality to instantiate COM classes	System Summary
Contains functionality for error logging	System Summary
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder File and Directory Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the program directory	System Summary
Might use command line arguments	System Summary	Masquerading
May try to detect the Windows Explorer process (often used for injection)	HIPS / PFW / Operating System Protection Evasion	Process Injection Process Discovery
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of resources often seen in goodware	System Summary
Submission file is bigger than most known malware samples	System Summary
Creates a directory in C:\Program Files	Compliance, System Summary

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab
Category:	modified
Dump:	OWOW64WW.cab.0.dr
ID:	dr_251
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999941422906834
Encrypted:	true
Ssdeep:	786432:8rEtPAhzlsR3KvYQJnbJ+9UwbXgWDRNIWhkXLOC:YEGhzw8PJI1TPIuuLOC
Size:	30592502
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.7878kr5jx (copy)
Category:	dropped
Dump:	OWOW64WW.cab.0.dr
ID:	dr_295
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999941422906834
Encrypted:	true
Ssdeep:	786432:8rEtPAhzlsR3KvYQJnbJ+9UwbXgWDRNIWhkXLOC:YEGhzw8PJI1TPIuuLOC
Size:	30592502
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab
Category:	dropped
Dump:	ProPsWW.cab.0.dr
ID:	dr_156
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.99992937711017
Encrypted:	true
Ssdeep:	6291456:IvTS8/jU9LWir8NG/du4HQLeL7u0IR0KY26cMashYFRX4Mbip4IsW7:IzSLD4cHkRM2PMDhYFRXT7nW7
Size:	323579288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab.7878kr5jx (copy)
Category:	dropped
Dump:	ProPsWW.cab.0.dr
ID:	dr_399
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.99992937711017
Encrypted:	true
Size:	323579288
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab
Category:	dropped
Dump:	ProPsWW2.cab.0.dr
ID:	dr_101
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999931605163267
Encrypted:	true
Size:	249155585
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab.7878kr5jx (copy)
Category:	dropped
Dump:	ProPsWW2.cab.0.dr
ID:	dr_362
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999931605163267
Encrypted:	true
Size:	249155585
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab
Category:	dropped
Dump:	ExcelLR.cab.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999656053069699
Encrypted:	true
Size:	5769880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	ExcelLR.cab.0.dr
ID:	dr_302
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999656053069699
Encrypted:	true
Size:	5769880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab
Category:	dropped
Dump:	PptLR.cab.0.dr
ID:	dr_45
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999677078446772
Encrypted:	true
Size:	6310440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	PptLR.cab.0.dr
ID:	dr_306
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999677078446772
Encrypted:	true
Size:	6310440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab
Category:	dropped
Dump:	PubLR.cab.0.dr
ID:	dr_57
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999436914411064
Encrypted:	true
Size:	3561961
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	PubLR.cab.0.dr
ID:	dr_309
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999436914411064
Encrypted:	true
Size:	3561961
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab
Category:	dropped
Dump:	OutlkLR.cab.0.dr
ID:	dr_75
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999809964829567
Encrypted:	true
Size:	4009499
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	OutlkLR.cab.0.dr
ID:	dr_312
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999809964829567
Encrypted:	true
Size:	4009499
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab
Category:	dropped
Dump:	WordLR.cab.0.dr
ID:	dr_97
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999121789035516
Encrypted:	true
Size:	10080047
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	WordLR.cab.0.dr
ID:	dr_321
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999121789035516
Encrypted:	true
Size:	10080047
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt0.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact

Details

File:	C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt2.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact

Details

File:	C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab
Category:	dropped
Dump:	InfLR.cab.0.dr
ID:	dr_99
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999825451372041
Encrypted:	true
Size:	3911964
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	InfLR.cab.0.dr
ID:	dr_322
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999825451372041
Encrypted:	true
Size:	3911964
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.cab
Category:	dropped
Dump:	DCFMUI.cab.0.dr
ID:	dr_115
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.99920950933189
Encrypted:	true
Size:	641904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.cab.7878kr5jx (copy)
Category:	dropped
Dump:	DCFMUI.cab.0.dr
ID:	dr_326
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.99920950933189
Encrypted:	true
Size:	641904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab
Category:	dropped
Dump:	OnoteLR.cab.0.dr
ID:	dr_134
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999898633172596
Encrypted:	true
Size:	13355086
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	OnoteLR.cab.0.dr
ID:	dr_336
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999898633172596
Encrypted:	true
Size:	13355086
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab
Category:	dropped
Dump:	GrooveLR.cab.0.dr
ID:	dr_123
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.993915292683214
Encrypted:	true
Size:	873276
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	GrooveLR.cab.0.dr
ID:	dr_333
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.993915292683214
Encrypted:	true
Size:	873276
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.cab
Category:	dropped
Dump:	OSMUXMUI.cab.0.dr
ID:	dr_154
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999849996429291
Encrypted:	true
Size:	4231015
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.cab.7878kr5jx (copy)
Category:	dropped
Dump:	OSMUXMUI.cab.0.dr
ID:	dr_344
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999849996429291
Encrypted:	true
Size:	4231015
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab
Category:	dropped
Dump:	OfficeLR.cab.0.dr
ID:	dr_175
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999929160484784
Encrypted:	true
Size:	11707180
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	OfficeLR.cab.0.dr
ID:	dr_352
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999929160484784
Encrypted:	true
Size:	11707180
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab
Category:	dropped
Dump:	OWOW64LR.cab.0.dr
ID:	dr_214
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.998563295265718
Encrypted:	true
Size:	2060771
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.7878kr5jx (copy)
Category:	dropped
Dump:	OWOW64LR.cab.0.dr
ID:	dr_363
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.998563295265718
Encrypted:	true
Size:	2060771
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.cab
Category:	dropped
Dump:	LyncMUI.cab.0.dr
ID:	dr_219
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999820114378865
Encrypted:	true
Size:	2608920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.cab.7878kr5jx (copy)
Category:	dropped
Dump:	LyncMUI.cab.0.dr
ID:	dr_368
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.999820114378865
Encrypted:	true
Size:	2608920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\Program Files (x86)\AutoIt3\Au3Check.exe
Category:	dropped
Dump:	Au3Check.exe.0.dr
ID:	dr_111
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	6.982478601450315
Encrypted:	false
Size:	197618
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\Program Files (x86)\AutoIt3\Au3Info.exe
Category:	dropped
Dump:	Au3Info.exe.0.dr
ID:	dr_109
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.150984936314088
Encrypted:	false
Size:	156650
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
Category:	dropped
Dump:	Au3Info_x64.exe.0.dr
ID:	dr_110
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.0056473512121284
Encrypted:	false
Size:	176618
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\Program Files (x86)\AutoIt3\AutoIt.chm
Category:	dropped
Dump:	AutoIt.chm.0.dr
ID:	dr_241
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.994917471016802
Encrypted:	true
Size:	7005763
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
Category:	dropped
Dump:	AutoIt3Help.exe.0.dr
ID:	dr_113
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	6.790182260164097
Encrypted:	false
Size:	119266
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
Category:	dropped
Dump:	AutoIt3_x64.exe.0.dr
ID:	dr_211
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	OpenPGP Secret Key
Entropy:	7.108156503370207
Encrypted:	false
Size:	1014242
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\Program Files (x86)\AutoIt3\Uninstall.exe
Category:	dropped
Dump:	Uninstall.exe.0.dr
ID:	dr_124
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	COM executable for DOS
Entropy:	7.323786882465793
Encrypted:	false
Size:	67745
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Infects executable files (exe, dll, sys, html)	Spreading, Persistence and Installation Behavior	Taint Shared Content

Details

File:	C:\Program Files (x86)\autoit3\AutoIt.chm.7878kr5jx (copy)
Category:	dropped
Dump:	AutoIt.chm.0.dr
ID:	dr_291
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.994917471016802
Encrypted:	true
Size:	7005763
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes many files with high entropy	Spam, unwanted Advertisements and Ransom Demands

Details

File:	C:\Program Files\Google\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt4.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\MSBuild\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt7.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\Microsoft Office\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt6.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\Reference Assemblies\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt8.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\Windows Defender Advanced Threat Protection\en-US\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt1.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\Windows Defender\Offline\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Found ransom note / readme	Spam, unwanted Advertisements and Ransom Demands
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\Windows Media Player\en-US\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt3.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Program Files\internet explorer\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt5.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Size:	1091
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Writes a notice file (html or txt) to demand a ransom	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\MSOCache\All Users\instructions_read_me.txt
Category:	dropped
Dump:	instructions_read_me.txt29.0.dr
ID:	dr_56
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.804750185554599
Encrypted:	false
Ssdeep:	24:F6SGOzWKJa3XWOCYj1C1PpiyE/xVHpmjxNkX0lOhA5:VGOzW6CwRNsxV0jVOK5
Size:	1091
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi
Category:	dropped
Dump:	Office64WW.msi.0.dr
ID:	dr_239
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.113572129312687
Encrypted:	false
Ssdeep:	49152:sokGeClV9xd/lQwkqMgv1ivQ1J0XcEF1Q+OKKx8mG0C9RDHDtQAZUgyI2jN5XwBD:MWrP/lTNv1TvEF16KKKQC9RxT283uW
Size:	3944762
Whitelisted:	false
Reputation:	timeout

Details

File:	C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.7878kr5jx (copy)
Category:	dropped
Dump:	Office64WW.msi.0.dr
ID:	dr_288
Target ID:	0
Process:	C:\Users\user\Desktop\HkObDPju6Z.exe
Type:	data
Entropy:	7.113572129312687
Encrypted:	false
Ssdeep:	49152:sokGeClV9xd/lQwkqMgv1ivQ1J0XcEF1Q+OKKx8mG0C9RDHDtQAZUgyI2jN5XwBD:MWrP/lTNv1TvEF16KKKQC9RxT283uW
Size:	3944762
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
HkObDPju6Z.exe

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportHkObDPju6Z.exe

Files

IOC Report
HkObDPju6Z.exe