Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.888125542049799
Filename:	SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Filesize:	4292990
MD5:	7b6367bed5eec5b308c4e468d598a309
SHA1:	b3ef7a2fc5bc3082128459110b0e3719a463ff68
SHA256:	70fabd1c3212443b320877e6c9e5672d063ad38532f781c570f50ed81fae1404
SHA512:	2498192058af71cc65af99c77ac53ab4815a4fb11ca7b3ef796f0716b887f8c3c624456c3f473e121241fbeae862b7f9c270ffe163dedbcbb75239d1b40d8914
SSDEEP:	98304:nEt/ESGLZQHtniwQz6GdruNzbcq2dgJ0ZgXxx9h:IsSG9EiwYXV7Oxrh
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary	Security Software Discovery
Reads software policies	System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter Security Software Discovery
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\Setup Log 2024-05-23 #001.txt
Category:	dropped
Dump:	Setup Log 2024-05-23 #001.txt.2.dr
ID:	dr_52
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.230010144026439
Encrypted:	false
Ssdeep:	384:PCjpfqi7NvZjm6r+D452T29b4T3X/QEQErzxg2Y4+L8eTR/w4C1I:PO0zxg2Y4A8eTR/w4C1I
Size:	57958
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Creates install or setup log file	Compliance, Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\bucket.inno.log
Category:	dropped
Dump:	bucket.inno.log.2.dr
ID:	dr_266
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	ASCII text, with CRLF line terminators
Entropy:	5.525712141032755
Encrypted:	false
Ssdeep:	24:41ccDbtQy3UMQ12I36IEyJhAOF3o3hlO3JyJhAOF3zmjuRMCL1b3hlg+36Q3K3xo:41ccDbtQykM5IqIEEhJF4i5EhJFajMXH
Size:	1418
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Temp\bucket.log
Category:	dropped
Dump:	bucket.log.2.dr
ID:	dr_263
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	ISO-8859 text, with very long lines (1251), with CRLF, CR line terminators
Entropy:	5.599589548836788
Encrypted:	false
Ssdeep:	192:466dsn2s/cDJGz2O+v8wB121r1yuyeZCGxZQMZQ5ZQlZQLZQYFZQydM6oroR6k6P:oR1/+hGI5EPl75eNezsXeN92HT6G
Size:	10374
Whitelisted:	false
Reputation:	low

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\_isetup\_setup64.tmp
Category:	dropped
Dump:	_setup64.tmp.2.dr
ID:	dr_1
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	4.720366600008286
Encrypted:	false
Ssdeep:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
Size:	6144
Whitelisted:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll3.2.dr
ID:	dr_231
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.593400064300514
Encrypted:	false
Ssdeep:	192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx
Size:	12232
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll3.2.dr
ID:	dr_245
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.651991089723867
Encrypted:	false
Ssdeep:	192:FjMWphW+WSawTyihVWQ4WW4lJXKqnajH2oWb5lP0kC:FwWphWjwGyBbKlNqb0h
Size:	12440
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll3.2.dr
ID:	dr_247
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.616418214858396
Encrypted:	false
Ssdeep:	192:Pn3WphWPWSawTyihVWQ4WWomRd7T0q11qnajVtPxu:vWphWAwGy6Rd7Tplxbu
Size:	11928
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll4.2.dr
ID:	dr_250
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.606191850818759
Encrypted:	false
Ssdeep:	192:tWphWCcWSawTyihVWQ4eWapfkwqnaj0hFoHg:tWphWGwGyv7lIna
Size:	11720
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll4.2.dr
ID:	dr_253
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6809296260677185
Encrypted:	false
Ssdeep:	192:imxD3TzWphWWWSawTyihVWQ4WWXpaED2D8KN3qnajV2MVornuFaw:iczWphWLwGy/EDt2lxnorn8
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll4.2.dr
ID:	dr_256
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.568348091811147
Encrypted:	false
Ssdeep:	192:YIAuVYPvVX8rFTsRWphWiWSawTyihVWQ4WWYIStJqnajjqP6G8rgUr:cBPvVX7WphW/wGyxtJlvCz8rgC
Size:	15512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll4.2.dr
ID:	dr_259
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6392158841399125
Encrypted:	false
Ssdeep:	192:B+WphWN8WSawTyihVWQ4SWxQz52D8KN3qnajV2MVorWHLm:sWphWNFwGyD5t2lxnorWHLm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll4.2.dr
ID:	dr_262
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7335547816165295
Encrypted:	false
Ssdeep:	192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll4.2.dr
ID:	dr_265
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.641210440202195
Encrypted:	false
Ssdeep:	192:UWphWZmWSawTyihVWQ4WWYg7T0q11qnajVtPx/e:UWphWZ7wGy87Tplxbm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll4.2.dr
ID:	dr_268
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6020677191345625
Encrypted:	false
Ssdeep:	192:1ZlBVWphW2WSawTyihVWQ4WWa+jrc2D8KN3qnajV2MVornxu:HljWphWrwGygct2lxnorxu
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll4.2.dr
ID:	dr_271
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.688798103865209
Encrypted:	false
Ssdeep:	192:gWphWOWSawTyihVWQ4WWE3SUAOT2XNfqnajVAilG835FH:gWphWTwGy/k9flx6S
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll5.2.dr
ID:	dr_285
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607919598680885
Encrypted:	false
Ssdeep:	192:nvuBL3B5LGWphWLWSawTyihVWQ4WW1VB7T0q11qnajVtPxm:nvuBL3BsWphWEwGy67Tplxbm
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll5.2.dr
ID:	dr_287
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680202388702566
Encrypted:	false
Ssdeep:	384:FOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1rhKtklxtW:FOMwBprwjGfue9/0jCRrndbUV3W
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll5.2.dr
ID:	dr_290
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.652287122511192
Encrypted:	false
Ssdeep:	192:itfZa/GG3m3WphWBWSawTyihVWQ4eWvEcuXqnajZK:z3qWphWWwGyFPlN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll5.2.dr
ID:	dr_293
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.746045829861457
Encrypted:	false
Ssdeep:	192:KWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9ISv:KWphWvwGyu1uQlxze+
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll5.2.dr
ID:	dr_296
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.610758515135146
Encrypted:	false
Ssdeep:	192:VVqWphWbcWSawTyihVWQ4WWhBWz9blDJ5iqnajVss1xos:VVqWphWblwGydz95DKlxT1xos
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll5.2.dr
ID:	dr_299
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.533005363293854
Encrypted:	false
Ssdeep:	384:MmGJC8k1JzBcKcIvVWphW+wGy+95DKlxT1xg/Q:vcKc1h15Dmg/Q
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll5.2.dr
ID:	dr_302
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.65874861166986
Encrypted:	false
Ssdeep:	192:QvtxDfIeSHWphW/WSawTyihVWQ4eWuAdVNCNxXeRqnajR:itxDfIeSHWphWQwGyGDN4JeRlF
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll5.2.dr
ID:	dr_305
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.785349571526316
Encrypted:	false
Ssdeep:	192:jG+WphWkWSawTyihVWQ4WW8EHAOT2XNfqnajVAilG83lrl:j/WphW9wGycHk9flx6Erl
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll5.2.dr
ID:	dr_308
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607179155749351
Encrypted:	false
Ssdeep:	192:dGeV6WphWeWSawTyihVWQ4WWcsa9blDJ5iqnajVss1xPyo:dGeV6WphWDwGyJ95DKlxT1xPyo
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll5.2.dr
ID:	dr_311
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680987524368224
Encrypted:	false
Ssdeep:	192:jyMvqWphWkWSawTyihVWQ4eWjfykwqnaj0ZNF:jyMvqWphW9wGyxlIZn
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll.2.dr
ID:	dr_10
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.57490566503125
Encrypted:	false
Ssdeep:	384:0dv3V0dfpkXc0vVaTWphWXpwGyF4JeRlF:0dv3VqpkXc0vVaCG1
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll.2.dr
ID:	dr_11
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.722419738952607
Encrypted:	false
Ssdeep:	192:ontZ39hcWphWD5WSawTyihVWQ4SWEZK1usUDR0qnajVXj92:utZ39hcWphWSwGyY1uQlxz4
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll.2.dr
ID:	dr_12
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.608967943815084
Encrypted:	false
Ssdeep:	192:/KIMFUXWphW1WSawTyihVWQ4WWeeFhPv7T0q11qnajVtPxY2:/BXWphWywGye37TplxbY2
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll.2.dr
ID:	dr_13
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7165053983195415
Encrypted:	false
Ssdeep:	192:tSWphWCWSawTyihVWQ4WWKzUeghKEwkqnajVkL23:tSWphWfwGyP1ghKtklxt3
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll.2.dr
ID:	dr_14
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.628780928175106
Encrypted:	false
Ssdeep:	192:qoIeWphWnWSawTyihVWQ4WWuB9blDJ5iqnajVss1xHDFi5:qo9WphWowGyT95DKlxT1xHRi5
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll.2.dr
ID:	dr_15
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.635659329072802
Encrypted:	false
Ssdeep:	192:aEWphWbWSawTyihVWQ4WWiHJqnajjqP6G8rg50Lp:aEWphW0wGyRJlvCz8rgcp
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll.2.dr
ID:	dr_16
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.4300870012171805
Encrypted:	false
Ssdeep:	192:089M0wd8dc9cy1WphWGWSawTyihVWQ4eWMAkwqnaj0:0t0wd8xy1WphWbwGyKlI
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll.2.dr
ID:	dr_17
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.589979077155519
Encrypted:	false
Ssdeep:	192:9KNcWphW6WSawTyihVWQ4eW19NuXqnajZMVw:9KNcWphWnwGyU0lN9
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll.2.dr
ID:	dr_18
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.644112079500101
Encrypted:	false
Ssdeep:	192:zt/PGnWlC0i5C9WphW6WSawTyihVWQ4eWEsbtkwqnaj0nOa:VunWm5C9WphWnwGyy5lInOa
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll.2.dr
ID:	dr_19
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.584779333540128
Encrypted:	false
Ssdeep:	192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll.2.dr
ID:	dr_20
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.705059986408883
Encrypted:	false
Ssdeep:	192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n
Size:	12464
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll.2.dr
ID:	dr_21
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.218550846690576
Encrypted:	false
Ssdeep:	384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE
Size:	21144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll.2.dr
ID:	dr_22
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.205799780176162
Encrypted:	false
Ssdeep:	384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7
Size:	20120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll.2.dr
ID:	dr_23
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.545458165119229
Encrypted:	false
Ssdeep:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM
Size:	64664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll.2.dr
ID:	dr_24
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6076799883738735
Encrypted:	false
Ssdeep:	192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej
Size:	12976
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll.2.dr
ID:	dr_25
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.456296069225527
Encrypted:	false
Ssdeep:	192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3
Size:	16536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll.2.dr
ID:	dr_26
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393264759906024
Encrypted:	false
Ssdeep:	192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP
Size:	17864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll.2.dr
ID:	dr_27
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.271794979288617
Encrypted:	false
Ssdeep:	384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7
Size:	18376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll.2.dr
ID:	dr_28
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.535643188678725
Encrypted:	false
Ssdeep:	192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA
Size:	14280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll.2.dr
ID:	dr_29
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.678177184128737
Encrypted:	false
Ssdeep:	192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\cfghost.dll
Category:	dropped
Dump:	cfghost.dll.2.dr
ID:	dr_341
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.388577387755355
Encrypted:	false
Ssdeep:	6144:MeZIjPyQNucHMi5YtK+hmugZ46h6FHZkPZhlJCaz:JZAyQNLHM6YtK+hmuYhm2Zxl
Size:	220160
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\cfghost.inno.dll
Category:	dropped
Dump:	cfghost.inno.dll.2.dr
ID:	dr_339
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	6.40903510919674
Encrypted:	false
Ssdeep:	12288:m0u0WZ4pOl2HDRSD5d6lj+4rrP5/OJT8wqkN1C:VWjlaNSD5d6ljN/OJT8wqk3C
Size:	407040
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll0.2.dr
ID:	dr_30
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.438447839844645
Encrypted:	false
Ssdeep:	12288:H7KwoYg6YeHSKKwTwda73ZHFOHSduCKN22tN90mQEKZm+jWodEEVQ:bXD7uCKx3QEKZm+jWodEEa
Size:	583048
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll.2.dr
ID:	dr_32
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627207870602929
Encrypted:	false
Ssdeep:	24576:2QqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:fqGuFyMJgTV3JA/dEOa
Size:	1035720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll.2.dr
ID:	dr_34
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.42681250101216
Encrypted:	false
Ssdeep:	1536:Ly6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXeixecbSQ2sYMl:LlXfRXqQw+PHLrCZOixecbSmp
Size:	94072
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll.2.dr
ID:	dr_36
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.340326946859471
Encrypted:	false
Ssdeep:	384:7Hb1+iuauREnUUWU55vZvS05fJjPg2h1RWmbzA+Xf+gxy85xH0f91WrrKW7dHRNy:lzJnUUV7xPg4RdPvv3DHkw9mJXhd
Size:	36744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll.2.dr
ID:	dr_83
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.593400064300514
Encrypted:	false
Ssdeep:	192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll.2.dr
ID:	dr_85
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.651991089723867
Encrypted:	false
Ssdeep:	192:FjMWphW+WSawTyihVWQ4WW4lJXKqnajH2oWb5lP0kC:FwWphWjwGyBbKlNqb0h
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll.2.dr
ID:	dr_87
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.616418214858396
Encrypted:	false
Ssdeep:	192:Pn3WphWPWSawTyihVWQ4WWomRd7T0q11qnajVtPxu:vWphWAwGy6Rd7Tplxbu
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll0.2.dr
ID:	dr_89
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.606191850818759
Encrypted:	false
Ssdeep:	192:tWphWCcWSawTyihVWQ4eWapfkwqnaj0hFoHg:tWphWGwGyv7lIna
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll0.2.dr
ID:	dr_91
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6809296260677185
Encrypted:	false
Ssdeep:	192:imxD3TzWphWWWSawTyihVWQ4WWXpaED2D8KN3qnajV2MVornuFaw:iczWphWLwGy/EDt2lxnorn8
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll0.2.dr
ID:	dr_93
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.568348091811147
Encrypted:	false
Ssdeep:	192:YIAuVYPvVX8rFTsRWphWiWSawTyihVWQ4WWYIStJqnajjqP6G8rgUr:cBPvVX7WphW/wGyxtJlvCz8rgC
Size:	15512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll0.2.dr
ID:	dr_95
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6392158841399125
Encrypted:	false
Ssdeep:	192:B+WphWN8WSawTyihVWQ4SWxQz52D8KN3qnajV2MVorWHLm:sWphWNFwGyD5t2lxnorWHLm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll0.2.dr
ID:	dr_97
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7335547816165295
Encrypted:	false
Ssdeep:	192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll0.2.dr
ID:	dr_100
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.641210440202195
Encrypted:	false
Ssdeep:	192:UWphWZmWSawTyihVWQ4WWYg7T0q11qnajVtPx/e:UWphWZ7wGy87Tplxbm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll0.2.dr
ID:	dr_103
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6020677191345625
Encrypted:	false
Ssdeep:	192:1ZlBVWphW2WSawTyihVWQ4WWa+jrc2D8KN3qnajV2MVornxu:HljWphWrwGygct2lxnorxu
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll0.2.dr
ID:	dr_106
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.688798103865209
Encrypted:	false
Ssdeep:	192:gWphWOWSawTyihVWQ4WWE3SUAOT2XNfqnajVAilG835FH:gWphWTwGy/k9flx6S
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll1.2.dr
ID:	dr_109
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607919598680885
Encrypted:	false
Ssdeep:	192:nvuBL3B5LGWphWLWSawTyihVWQ4WW1VB7T0q11qnajVtPxm:nvuBL3BsWphWEwGy67Tplxbm
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll1.2.dr
ID:	dr_112
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680202388702566
Encrypted:	false
Ssdeep:	384:FOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1rhKtklxtW:FOMwBprwjGfue9/0jCRrndbUV3W
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll1.2.dr
ID:	dr_115
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.652287122511192
Encrypted:	false
Ssdeep:	192:itfZa/GG3m3WphWBWSawTyihVWQ4eWvEcuXqnajZK:z3qWphWWwGyFPlN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll1.2.dr
ID:	dr_118
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.746045829861457
Encrypted:	false
Ssdeep:	192:KWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9ISv:KWphWvwGyu1uQlxze+
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll1.2.dr
ID:	dr_121
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.610758515135146
Encrypted:	false
Ssdeep:	192:VVqWphWbcWSawTyihVWQ4WWhBWz9blDJ5iqnajVss1xos:VVqWphWblwGydz95DKlxT1xos
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll1.2.dr
ID:	dr_125
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.533005363293854
Encrypted:	false
Ssdeep:	384:MmGJC8k1JzBcKcIvVWphW+wGy+95DKlxT1xg/Q:vcKc1h15Dmg/Q
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll1.2.dr
ID:	dr_127
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.65874861166986
Encrypted:	false
Ssdeep:	192:QvtxDfIeSHWphW/WSawTyihVWQ4eWuAdVNCNxXeRqnajR:itxDfIeSHWphWQwGyGDN4JeRlF
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll1.2.dr
ID:	dr_130
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.785349571526316
Encrypted:	false
Ssdeep:	192:jG+WphWkWSawTyihVWQ4WW8EHAOT2XNfqnajVAilG83lrl:j/WphW9wGycHk9flx6Erl
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll1.2.dr
ID:	dr_133
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607179155749351
Encrypted:	false
Ssdeep:	192:dGeV6WphWeWSawTyihVWQ4WWcsa9blDJ5iqnajVss1xPyo:dGeV6WphWDwGyJ95DKlxT1xPyo
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll1.2.dr
ID:	dr_136
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680987524368224
Encrypted:	false
Ssdeep:	192:jyMvqWphWkWSawTyihVWQ4eWjfykwqnaj0ZNF:jyMvqWphW9wGyxlIZn
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll2.2.dr
ID:	dr_139
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.57490566503125
Encrypted:	false
Ssdeep:	384:0dv3V0dfpkXc0vVaTWphWXpwGyF4JeRlF:0dv3VqpkXc0vVaCG1
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll2.2.dr
ID:	dr_142
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.722419738952607
Encrypted:	false
Ssdeep:	192:ontZ39hcWphWD5WSawTyihVWQ4SWEZK1usUDR0qnajVXj92:utZ39hcWphWSwGyY1uQlxz4
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll2.2.dr
ID:	dr_145
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.608967943815084
Encrypted:	false
Ssdeep:	192:/KIMFUXWphW1WSawTyihVWQ4WWeeFhPv7T0q11qnajVtPxY2:/BXWphWywGye37TplxbY2
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll2.2.dr
ID:	dr_148
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7165053983195415
Encrypted:	false
Ssdeep:	192:tSWphWCWSawTyihVWQ4WWKzUeghKEwkqnajVkL23:tSWphWfwGyP1ghKtklxt3
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll2.2.dr
ID:	dr_151
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.628780928175106
Encrypted:	false
Ssdeep:	192:qoIeWphWnWSawTyihVWQ4WWuB9blDJ5iqnajVss1xHDFi5:qo9WphWowGyT95DKlxT1xHRi5
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll2.2.dr
ID:	dr_165
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.635659329072802
Encrypted:	false
Ssdeep:	192:aEWphWbWSawTyihVWQ4WWiHJqnajjqP6G8rg50Lp:aEWphW0wGyRJlvCz8rgcp
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll2.2.dr
ID:	dr_167
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.4300870012171805
Encrypted:	false
Ssdeep:	192:089M0wd8dc9cy1WphWGWSawTyihVWQ4eWMAkwqnaj0:0t0wd8xy1WphWbwGyKlI
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll2.2.dr
ID:	dr_170
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.589979077155519
Encrypted:	false
Ssdeep:	192:9KNcWphW6WSawTyihVWQ4eW19NuXqnajZMVw:9KNcWphWnwGyU0lN9
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll2.2.dr
ID:	dr_173
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.644112079500101
Encrypted:	false
Ssdeep:	192:zt/PGnWlC0i5C9WphW6WSawTyihVWQ4eWEsbtkwqnaj0nOa:VunWm5C9WphWnwGyy5lInOa
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll2.2.dr
ID:	dr_176
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.584779333540128
Encrypted:	false
Ssdeep:	192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll2.2.dr
ID:	dr_179
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.705059986408883
Encrypted:	false
Ssdeep:	192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n
Size:	12464
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll2.2.dr
ID:	dr_182
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.218550846690576
Encrypted:	false
Ssdeep:	384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE
Size:	21144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll2.2.dr
ID:	dr_185
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.205799780176162
Encrypted:	false
Ssdeep:	384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7
Size:	20120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll2.2.dr
ID:	dr_188
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.545458165119229
Encrypted:	false
Ssdeep:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM
Size:	64664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll2.2.dr
ID:	dr_191
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6076799883738735
Encrypted:	false
Ssdeep:	192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej
Size:	12976
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll2.2.dr
ID:	dr_205
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.456296069225527
Encrypted:	false
Ssdeep:	192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3
Size:	16536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll2.2.dr
ID:	dr_207
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393264759906024
Encrypted:	false
Ssdeep:	192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP
Size:	17864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll2.2.dr
ID:	dr_210
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.271794979288617
Encrypted:	false
Ssdeep:	384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7
Size:	18376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll2.2.dr
ID:	dr_213
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.535643188678725
Encrypted:	false
Ssdeep:	192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA
Size:	14280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll2.2.dr
ID:	dr_216
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.678177184128737
Encrypted:	false
Ssdeep:	192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll3.2.dr
ID:	dr_219
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.438447839844645
Encrypted:	false
Ssdeep:	12288:H7KwoYg6YeHSKKwTwda73ZHFOHSduCKN22tN90mQEKZm+jWodEEVQ:bXD7uCKx3QEKZm+jWodEEa
Size:	583048
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll2.2.dr
ID:	dr_222
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627207870602929
Encrypted:	false
Ssdeep:	24576:2QqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:fqGuFyMJgTV3JA/dEOa
Size:	1035720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll4.2.dr
ID:	dr_225
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.42681250101216
Encrypted:	false
Ssdeep:	1536:Ly6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXeixecbSQ2sYMl:LlXfRXqQw+PHLrCZOixecbSmp
Size:	94072
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x64\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll2.2.dr
ID:	dr_228
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.340326946859471
Encrypted:	false
Ssdeep:	384:7Hb1+iuauREnUUWU55vZvS05fJjPg2h1RWmbzA+Xf+gxy85xH0f91WrrKW7dHRNy:lzJnUUV7xPg4RdPvv3DHkw9mJXhd
Size:	36744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\API-MS-Win-core-xstate-l2-1-0.dll
Category:	dropped
Dump:	API-MS-Win-core-xstate-l2-1-0.dll.2.dr
ID:	dr_49
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.844575905787734
Encrypted:	false
Ssdeep:	192:uf5baWphWiWSawTyihVWQ4eWua8d90884LfqnajJNv8:uf5baWphW/wGyXJJllNv8
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll6.2.dr
ID:	dr_343
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.788244658637563
Encrypted:	false
Ssdeep:	192:5sWphW9WSawTyihVWQ4WW5MAOT2XNfqnajVAilG834EN:SWphWqwGy1k9flx6Y
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll6.2.dr
ID:	dr_355
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.81065742032065
Encrypted:	false
Ssdeep:	192:it8WphWXWSawTyihVWQ4eW8Phk3pPqs7IwdY+kqnajHaqxgm:iOWphW4wGyngzIwS+klTx
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll6.2.dr
ID:	dr_357
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.793555786221558
Encrypted:	false
Ssdeep:	192:P0WphWfWSawTyihVWQ4eWBURahpeLirKqnaj/:P0WphWwwGyTRnLIKlz
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll7.2.dr
ID:	dr_359
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7892989431355995
Encrypted:	false
Ssdeep:	192:xWphWiWSawTyihVWQ4eWJgcX5qAAqnaj/IeSx:xWphW/wGy/lDAx
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll7.2.dr
ID:	dr_361
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.847987811252071
Encrypted:	false
Ssdeep:	192:8amxD3PWphWSWSawTyihVWQ4yW98DcMpVwyqnajlAww3u:8aUWphWPwGyimvlmww3u
Size:	11200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll7.2.dr
ID:	dr_363
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.696234999723925
Encrypted:	false
Ssdeep:	192:1CYYPvVX8rFTsFWphWFWSawTyihVWQ4WWlGM2XSoaqnajVMSLadjbwf:1C7PvVXXWphWiwGyvZalxbhf
Size:	15000
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll7.2.dr
ID:	dr_365
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8126504873749765
Encrypted:	false
Ssdeep:	192:laH1WphWGWSawTyihVWQ4eWh3S4kOqnaj2NLPm:U1WphWbwGyelg7
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll7.2.dr
ID:	dr_367
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.915487652995372
Encrypted:	false
Ssdeep:	192:hWphWtWSawTyihVWQ4eW88jDgpeLirKqnaj/dn:hWphW6wGyY1LIKlz
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll7.2.dr
ID:	dr_369
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.831839386552592
Encrypted:	false
Ssdeep:	192:tWphWxWSawTyihVWQ4veWixEdiqnajVCyS:tWphWmwGyEwnlx/S
Size:	11440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll7.2.dr
ID:	dr_371
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.763115670912453
Encrypted:	false
Ssdeep:	192:vcl6WphW8WSawTyihVWQ4eWImCt+6ArNc4qnajr7vg:kl6WphWFwGy5V4lrv
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll7.2.dr
ID:	dr_373
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.798656780730637
Encrypted:	false
Ssdeep:	192:qXxDYsFYWphW3aWSawTyihVWQ4eWrBC5uE7Mqnajcf:qXxDYsFYWphWXwGymeuOMlA
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll.2.dr
ID:	dr_31
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.761813565849536
Encrypted:	false
Ssdeep:	192:JSvuBL3B5LgWphWMWSawTyihVWQ4eWBg2Pi43pPqs7IwdY+kqnajHaqxgm+2:UvuBL3BSWphW1wGy2fPbzIwS+klTx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll.2.dr
ID:	dr_33
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.804389735698839
Encrypted:	false
Ssdeep:	384:+HOMw3zdp3bwjGfue9/0jCRrndb9WphWwwGyg4lrv:QOMwBprwjGfue9/0jCRrndb4X
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll.2.dr
ID:	dr_35
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.826471702163863
Encrypted:	false
Ssdeep:	192:VDKhWphW6WSawTyihVWQ4eW6Bam06ArNc4qnajr7vLOs:0hWphWnwGyVV4lrvi
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
ID:	dr_37
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.906347501077361
Encrypted:	false
Ssdeep:	192:iWphWEWSawTyihVWQ4eWYBc5M8xOSqnaj3yfU:iWphWdwGyZNCTlufU
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll.2.dr
ID:	dr_38
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.77511206242731
Encrypted:	false
Ssdeep:	192:AZ7WphWD0WSawTyihVWQ4SW64q1usUDR0qnajVXj9GOC:AZ7WphW5wGyKq1uQlxzbC
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll.2.dr
ID:	dr_39
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.669167982349583
Encrypted:	false
Ssdeep:	384:1Hk1JzBcKcIpWphW8wGyaGECifl/zdbQD:1+cKc1/tzO
Size:	13760
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll.2.dr
ID:	dr_40
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.826298522089573
Encrypted:	false
Ssdeep:	192:o/DiDfIeBWphW7WSawTyihVWQ4eW9zGBQRW52fqnaj7zdKT:1DfIeBWphWUwGyXifl/zdK
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll.2.dr
ID:	dr_41
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.959708399553805
Encrypted:	false
Ssdeep:	192:cnaYWphWXWSawTyihVWQ4yWropVwyqnajlAU/j:caYWphW4wGylvlmU/j
Size:	10688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll.2.dr
ID:	dr_42
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.774218151425283
Encrypted:	false
Ssdeep:	192:2G9WphWgWSawTyihVWQ4eWHaZGEpeLirKqnaj/H:2G9WphWhwGyR+LIKlzH
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll.2.dr
ID:	dr_43
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.874431183729956
Encrypted:	false
Ssdeep:	192:xGyMvBWphW5WSawTyihVWQ4SWbPquJqnajjqP6G8rgk:xGyMvBWphW+wGyIJlvCz8rgk
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll0.2.dr
ID:	dr_44
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.740747425770286
Encrypted:	false
Ssdeep:	384:2dv3V0dfpkXc0vVaXWphWnwGyE0e3nlx/s:2dv3VqpkXc0vVaWgeb
Size:	13488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll0.2.dr
ID:	dr_45
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.883126121612803
Encrypted:	false
Ssdeep:	192:BY3ZDQtZ3IWphWDKWSawTyihVWQ4SWnr11usUDR0qnajVXj9y:BY3ZDQtZ3IWphWbwGyW11uQlxzc
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll0.2.dr
ID:	dr_46
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.782553149861649
Encrypted:	false
Ssdeep:	192:Q7QzKIMFMWphWUWSawTyihVWQ4WWLABOhKEwkqnajVkL2yEHAE:Q8zZWphWNwGy/BOhKtklxtbgE
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll0.2.dr
ID:	dr_47
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.87441983548633
Encrypted:	false
Ssdeep:	192:ePWphWOWSawTyihVWQ4uWSkDA0884LfqnajJNyb2n9A:ePWphWTwGy5JllNo29A
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll0.2.dr
ID:	dr_48
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7952185678003545
Encrypted:	false
Ssdeep:	192:ZKWphWGmWSawTyihVWQ4eWEVc67lqnajX8QKX8Q:ZKWphWG7wGymolz8D
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll0.2.dr
ID:	dr_50
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.796320133064848
Encrypted:	false
Ssdeep:	192:aEWphWsWSawTyihVWQ4eWRG6c67lqnajX8QJsCdy:aEWphWVwGyLolz83k
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll0.2.dr
ID:	dr_51
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.562367453011828
Encrypted:	false
Ssdeep:	192:JM0wd8dc9cy1WphWLWSawTyihVWQ4eWSJ6615uE7MqnajcPQ:G0wd8xy1WphWEwGyyyuOMlA
Size:	15304
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll0.2.dr
ID:	dr_53
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.77118912343302
Encrypted:	false
Ssdeep:	192:a9KNcWphW7WSawTyihVWQ4eW+gS4kOqnaj2NLFmPV:YKNcWphWUwGyilgpw
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll0.2.dr
ID:	dr_54
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.793455396893645
Encrypted:	false
Ssdeep:	192:yGnWlC0i5C9WphWZWSawTyihVWQ4uWXduQRW52fqnaj7zdCTyRk:tnWm5C9WphWewGy8Qifl/zdCeRk
Size:	13248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll0.2.dr
ID:	dr_55
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.729597024670557
Encrypted:	false
Ssdeep:	192:raY17aFBRQWphWoWSawTyihVWQ4eWMBjX6ArNc4qnajr7vgq49N:zVWphWZwGyt84lrv3wN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll0.2.dr
ID:	dr_57
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.855315201507517
Encrypted:	false
Ssdeep:	192:G9vbhWphWqWSawTyihVWQ4yWhPC67lpVwyqnajlAdmh:G9vbhWphW3wGyCC6Xvlm8h
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll0.2.dr
ID:	dr_59
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.275912021557885
Encrypted:	false
Ssdeep:	384:wt1MCbM4Oe5grykfIgTmLSWphWMwGy2VlgEBlD:k6gMq5grxfIndDHT5
Size:	21960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll0.2.dr
ID:	dr_61
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.28724886598146
Encrypted:	false
Ssdeep:	384:iSrxLPmIHJI6/CpG3t2G3t4odXLZWphWNwGyfpLIKlz3:iiPmIHJI6iGopL
Size:	19400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll0.2.dr
ID:	dr_63
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.555058128213375
Encrypted:	false
Ssdeep:	1536:yfolDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPTP1:SolDe5c4bFE2Jy2cvxXWpD9d3334BkZS
Size:	66200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll0.2.dr
ID:	dr_65
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7508394455859655
Encrypted:	false
Ssdeep:	192:Fonqjd71WphWjWSawTyihVWQ4eW7e5qAAqnaj/I4R:Fon8WphWMwGyOlDd
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll0.2.dr
ID:	dr_67
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.595033028538626
Encrypted:	false
Ssdeep:	192:0JB0fhrpIhhf4AN5/ji7WphWb1WSawTyihVWQ4eWDRSDN3pPqs7IwdY+kqnajHa4:00hrKYWphWbywGymozIwS+klTx
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll0.2.dr
ID:	dr_69
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.5066651039706205
Encrypted:	false
Ssdeep:	192:rpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWlSws0884LfqnajJNRE:r19OFVh7WphWuwGyE0JllNRE
Size:	17352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll0.2.dr
ID:	dr_71
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.396902203036038
Encrypted:	false
Ssdeep:	384:PFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphWwFwGyOnk9flx6BGM:55yguNvZ5VQgx3SbwA71IkFxFFMyGM
Size:	18072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll0.2.dr
ID:	dr_73
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.684953706674831
Encrypted:	false
Ssdeep:	192:gy5NDSWphWXWSawTyihVWQ4eWD8jo5M8xOSqnaj3yo:gUEWphW4wGyTBCTluo
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll0.2.dr
ID:	dr_75
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.856640823154055
Encrypted:	false
Ssdeep:	192:/mXI6fHQduHWphW0WSawTyihVWQ4uWS+GB5M8xOSqnaj3yUvB:/+fxWphWtwGy10CTluU5
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll1.2.dr
ID:	dr_77
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.641867059831725
Encrypted:	false
Ssdeep:	12288:9822+H2EIqZ14mVYh8vN4xyoZPeKjuYMc+MQQQjhUgiW6QR7t5s03Ooc8dHkC2eF:9822+H2Y4mVYh44xyoZPHaw03Ooc8dHd
Size:	448384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll0.2.dr
ID:	dr_79
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8060128370628075
Encrypted:	false
Ssdeep:	24576:HWidEhqcKIqMOKgf4GokSnxqZbCU3lYU+6ozo+mSY+mcvIZPoy4PmcLloi:2idEhqFBMiExqZiY4o+mSpmcZT
Size:	1170880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\cfghost\x86\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll0.2.dr
ID:	dr_81
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.777357741796387
Encrypted:	false
Ssdeep:	1536:JhQmqDRK9IfURwL67cuhH6poqPpep4yW3UecbiT18ozr:Jh+DRGI86L6gshupXUecbiTB
Size:	76168
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll2.2.dr
ID:	dr_172
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.593400064300514
Encrypted:	false
Ssdeep:	192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll2.2.dr
ID:	dr_175
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.651991089723867
Encrypted:	false
Ssdeep:	192:FjMWphW+WSawTyihVWQ4WW4lJXKqnajH2oWb5lP0kC:FwWphWjwGyBbKlNqb0h
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll2.2.dr
ID:	dr_178
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.616418214858396
Encrypted:	false
Ssdeep:	192:Pn3WphWPWSawTyihVWQ4WWomRd7T0q11qnajVtPxu:vWphWAwGy6Rd7Tplxbu
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll3.2.dr
ID:	dr_181
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.606191850818759
Encrypted:	false
Ssdeep:	192:tWphWCcWSawTyihVWQ4eWapfkwqnaj0hFoHg:tWphWGwGyv7lIna
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll3.2.dr
ID:	dr_184
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6809296260677185
Encrypted:	false
Ssdeep:	192:imxD3TzWphWWWSawTyihVWQ4WWXpaED2D8KN3qnajV2MVornuFaw:iczWphWLwGy/EDt2lxnorn8
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll3.2.dr
ID:	dr_187
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.568348091811147
Encrypted:	false
Ssdeep:	192:YIAuVYPvVX8rFTsRWphWiWSawTyihVWQ4WWYIStJqnajjqP6G8rgUr:cBPvVX7WphW/wGyxtJlvCz8rgC
Size:	15512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll3.2.dr
ID:	dr_190
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6392158841399125
Encrypted:	false
Ssdeep:	192:B+WphWN8WSawTyihVWQ4SWxQz52D8KN3qnajV2MVorWHLm:sWphWNFwGyD5t2lxnorWHLm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll3.2.dr
ID:	dr_193
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7335547816165295
Encrypted:	false
Ssdeep:	192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll3.2.dr
ID:	dr_206
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.641210440202195
Encrypted:	false
Ssdeep:	192:UWphWZmWSawTyihVWQ4WWYg7T0q11qnajVtPx/e:UWphWZ7wGy87Tplxbm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll3.2.dr
ID:	dr_209
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6020677191345625
Encrypted:	false
Ssdeep:	192:1ZlBVWphW2WSawTyihVWQ4WWa+jrc2D8KN3qnajV2MVornxu:HljWphWrwGygct2lxnorxu
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll3.2.dr
ID:	dr_212
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.688798103865209
Encrypted:	false
Ssdeep:	192:gWphWOWSawTyihVWQ4WWE3SUAOT2XNfqnajVAilG835FH:gWphWTwGy/k9flx6S
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll4.2.dr
ID:	dr_215
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607919598680885
Encrypted:	false
Ssdeep:	192:nvuBL3B5LGWphWLWSawTyihVWQ4WW1VB7T0q11qnajVtPxm:nvuBL3BsWphWEwGy67Tplxbm
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll4.2.dr
ID:	dr_218
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680202388702566
Encrypted:	false
Ssdeep:	384:FOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1rhKtklxtW:FOMwBprwjGfue9/0jCRrndbUV3W
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll4.2.dr
ID:	dr_221
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.652287122511192
Encrypted:	false
Ssdeep:	192:itfZa/GG3m3WphWBWSawTyihVWQ4eWvEcuXqnajZK:z3qWphWWwGyFPlN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll4.2.dr
ID:	dr_224
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.746045829861457
Encrypted:	false
Ssdeep:	192:KWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9ISv:KWphWvwGyu1uQlxze+
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll4.2.dr
ID:	dr_227
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.610758515135146
Encrypted:	false
Ssdeep:	192:VVqWphWbcWSawTyihVWQ4WWhBWz9blDJ5iqnajVss1xos:VVqWphWblwGydz95DKlxT1xos
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll4.2.dr
ID:	dr_230
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.533005363293854
Encrypted:	false
Ssdeep:	384:MmGJC8k1JzBcKcIvVWphW+wGy+95DKlxT1xg/Q:vcKc1h15Dmg/Q
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll4.2.dr
ID:	dr_233
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.65874861166986
Encrypted:	false
Ssdeep:	192:QvtxDfIeSHWphW/WSawTyihVWQ4eWuAdVNCNxXeRqnajR:itxDfIeSHWphWQwGyGDN4JeRlF
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll4.2.dr
ID:	dr_246
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.785349571526316
Encrypted:	false
Ssdeep:	192:jG+WphWkWSawTyihVWQ4WW8EHAOT2XNfqnajVAilG83lrl:j/WphW9wGycHk9flx6Erl
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll4.2.dr
ID:	dr_249
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607179155749351
Encrypted:	false
Ssdeep:	192:dGeV6WphWeWSawTyihVWQ4WWcsa9blDJ5iqnajVss1xPyo:dGeV6WphWDwGyJ95DKlxT1xPyo
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll4.2.dr
ID:	dr_252
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680987524368224
Encrypted:	false
Ssdeep:	192:jyMvqWphWkWSawTyihVWQ4eWjfykwqnaj0ZNF:jyMvqWphW9wGyxlIZn
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll5.2.dr
ID:	dr_255
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.57490566503125
Encrypted:	false
Ssdeep:	384:0dv3V0dfpkXc0vVaTWphWXpwGyF4JeRlF:0dv3VqpkXc0vVaCG1
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll5.2.dr
ID:	dr_258
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.722419738952607
Encrypted:	false
Ssdeep:	192:ontZ39hcWphWD5WSawTyihVWQ4SWEZK1usUDR0qnajVXj92:utZ39hcWphWSwGyY1uQlxz4
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll5.2.dr
ID:	dr_261
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.608967943815084
Encrypted:	false
Ssdeep:	192:/KIMFUXWphW1WSawTyihVWQ4WWeeFhPv7T0q11qnajVtPxY2:/BXWphWywGye37TplxbY2
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll5.2.dr
ID:	dr_264
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7165053983195415
Encrypted:	false
Ssdeep:	192:tSWphWCWSawTyihVWQ4WWKzUeghKEwkqnajVkL23:tSWphWfwGyP1ghKtklxt3
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll5.2.dr
ID:	dr_267
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.628780928175106
Encrypted:	false
Ssdeep:	192:qoIeWphWnWSawTyihVWQ4WWuB9blDJ5iqnajVss1xHDFi5:qo9WphWowGyT95DKlxT1xHRi5
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll5.2.dr
ID:	dr_270
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.635659329072802
Encrypted:	false
Ssdeep:	192:aEWphWbWSawTyihVWQ4WWiHJqnajjqP6G8rg50Lp:aEWphW0wGyRJlvCz8rgcp
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll4.2.dr
ID:	dr_273
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.4300870012171805
Encrypted:	false
Ssdeep:	192:089M0wd8dc9cy1WphWGWSawTyihVWQ4eWMAkwqnaj0:0t0wd8xy1WphWbwGyKlI
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll5.2.dr
ID:	dr_286
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.589979077155519
Encrypted:	false
Ssdeep:	192:9KNcWphW6WSawTyihVWQ4eW19NuXqnajZMVw:9KNcWphWnwGyU0lN9
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll5.2.dr
ID:	dr_289
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.644112079500101
Encrypted:	false
Ssdeep:	192:zt/PGnWlC0i5C9WphW6WSawTyihVWQ4eWEsbtkwqnaj0nOa:VunWm5C9WphWnwGyy5lInOa
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll5.2.dr
ID:	dr_292
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.584779333540128
Encrypted:	false
Ssdeep:	192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll5.2.dr
ID:	dr_295
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.705059986408883
Encrypted:	false
Ssdeep:	192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n
Size:	12464
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll5.2.dr
ID:	dr_298
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.218550846690576
Encrypted:	false
Ssdeep:	384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE
Size:	21144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll5.2.dr
ID:	dr_301
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.205799780176162
Encrypted:	false
Ssdeep:	384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7
Size:	20120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll5.2.dr
ID:	dr_304
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.545458165119229
Encrypted:	false
Ssdeep:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM
Size:	64664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll5.2.dr
ID:	dr_307
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6076799883738735
Encrypted:	false
Ssdeep:	192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej
Size:	12976
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll5.2.dr
ID:	dr_310
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.456296069225527
Encrypted:	false
Ssdeep:	192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3
Size:	16536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll4.2.dr
ID:	dr_313
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393264759906024
Encrypted:	false
Ssdeep:	192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP
Size:	17864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll5.2.dr
ID:	dr_325
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.271794979288617
Encrypted:	false
Ssdeep:	384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7
Size:	18376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll5.2.dr
ID:	dr_327
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.535643188678725
Encrypted:	false
Ssdeep:	192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA
Size:	14280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll5.2.dr
ID:	dr_329
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.678177184128737
Encrypted:	false
Ssdeep:	192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\devcon32.exe
Category:	dropped
Dump:	devcon32.exe.2.dr
ID:	dr_288
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy:	6.225760499207696
Encrypted:	false
Ssdeep:	3072:1B19lyLDrEephwuDjThZXLKXEsyqu8xBCj+mJJEt9tGGa+OfTsVM2mHp/X1XWf:zFeYur56PaEt9tGGajsVMJf18
Size:	212480
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\devcon64.exe
Category:	dropped
Dump:	devcon64.exe.2.dr
ID:	dr_411
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	6.062972005793344
Encrypted:	false
Ssdeep:	3072:R0mpoywa2F+ztJaVllj2o4cHI7eOmum+lpwxVQD4Twr2jtC6GpX1XW:R0oJwa2F2tJaVln3WeOmS36/M6GF1
Size:	269824
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\device.dll
Category:	dropped
Dump:	device.dll.2.dr
ID:	dr_274
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.257677215064431
Encrypted:	false
Ssdeep:	1536:DOkl9HMm+HEmfh7uNVhVX3E4WJwtwhmxn56f3J7jS38c4tP:Kkl9HAEmpqNxWhmxn5mJvg8
Size:	74752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\device.inno.dll
Category:	dropped
Dump:	device.inno.dll.2.dr
ID:	dr_272
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	6.417461710478309
Encrypted:	false
Ssdeep:	12288:OkM0siUul523BbDEYcnaWa/3DXBv8mCSmDJ5y8R9Bg1QRSsQ:7sAlcRbDEYcna1DBv8mCSmDJ5y8R9BgA
Size:	456704
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll5.2.dr
ID:	dr_331
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.438447839844645
Encrypted:	false
Ssdeep:	12288:H7KwoYg6YeHSKKwTwda73ZHFOHSduCKN22tN90mQEKZm+jWodEEVQ:bXD7uCKx3QEKZm+jWodEEa
Size:	583048
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll5.2.dr
ID:	dr_333
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627207870602929
Encrypted:	false
Ssdeep:	24576:2QqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:fqGuFyMJgTV3JA/dEOa
Size:	1035720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll6.2.dr
ID:	dr_335
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.42681250101216
Encrypted:	false
Ssdeep:	1536:Ly6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXeixecbSQ2sYMl:LlXfRXqQw+PHLrCZOixecbSmp
Size:	94072
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll4.2.dr
ID:	dr_337
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.340326946859471
Encrypted:	false
Ssdeep:	384:7Hb1+iuauREnUUWU55vZvS05fJjPg2h1RWmbzA+Xf+gxy85xH0f91WrrKW7dHRNy:lzJnUUV7xPg4RdPvv3DHkw9mJXhd
Size:	36744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll7.2.dr
ID:	dr_412
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.593400064300514
Encrypted:	false
Ssdeep:	192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll7.2.dr
ID:	dr_413
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.651991089723867
Encrypted:	false
Ssdeep:	192:FjMWphW+WSawTyihVWQ4WW4lJXKqnajH2oWb5lP0kC:FwWphWjwGyBbKlNqb0h
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll7.2.dr
ID:	dr_414
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.616418214858396
Encrypted:	false
Ssdeep:	192:Pn3WphWPWSawTyihVWQ4WWomRd7T0q11qnajVtPxu:vWphWAwGy6Rd7Tplxbu
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll.2.dr
ID:	dr_56
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.606191850818759
Encrypted:	false
Ssdeep:	192:tWphWCcWSawTyihVWQ4eWapfkwqnaj0hFoHg:tWphWGwGyv7lIna
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll.2.dr
ID:	dr_58
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6809296260677185
Encrypted:	false
Ssdeep:	192:imxD3TzWphWWWSawTyihVWQ4WWXpaED2D8KN3qnajV2MVornuFaw:iczWphWLwGy/EDt2lxnorn8
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll.2.dr
ID:	dr_60
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.568348091811147
Encrypted:	false
Ssdeep:	192:YIAuVYPvVX8rFTsRWphWiWSawTyihVWQ4WWYIStJqnajjqP6G8rgUr:cBPvVX7WphW/wGyxtJlvCz8rgC
Size:	15512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll.2.dr
ID:	dr_62
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6392158841399125
Encrypted:	false
Ssdeep:	192:B+WphWN8WSawTyihVWQ4SWxQz52D8KN3qnajV2MVorWHLm:sWphWNFwGyD5t2lxnorWHLm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll.2.dr
ID:	dr_64
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7335547816165295
Encrypted:	false
Ssdeep:	192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll.2.dr
ID:	dr_66
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.641210440202195
Encrypted:	false
Ssdeep:	192:UWphWZmWSawTyihVWQ4WWYg7T0q11qnajVtPx/e:UWphWZ7wGy87Tplxbm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll.2.dr
ID:	dr_68
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6020677191345625
Encrypted:	false
Ssdeep:	192:1ZlBVWphW2WSawTyihVWQ4WWa+jrc2D8KN3qnajV2MVornxu:HljWphWrwGygct2lxnorxu
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll.2.dr
ID:	dr_70
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.688798103865209
Encrypted:	false
Ssdeep:	192:gWphWOWSawTyihVWQ4WWE3SUAOT2XNfqnajVAilG835FH:gWphWTwGy/k9flx6S
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll0.2.dr
ID:	dr_72
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607919598680885
Encrypted:	false
Ssdeep:	192:nvuBL3B5LGWphWLWSawTyihVWQ4WW1VB7T0q11qnajVtPxm:nvuBL3BsWphWEwGy67Tplxbm
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll0.2.dr
ID:	dr_74
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680202388702566
Encrypted:	false
Ssdeep:	384:FOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1rhKtklxtW:FOMwBprwjGfue9/0jCRrndbUV3W
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll0.2.dr
ID:	dr_76
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.652287122511192
Encrypted:	false
Ssdeep:	192:itfZa/GG3m3WphWBWSawTyihVWQ4eWvEcuXqnajZK:z3qWphWWwGyFPlN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll0.2.dr
ID:	dr_78
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.746045829861457
Encrypted:	false
Ssdeep:	192:KWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9ISv:KWphWvwGyu1uQlxze+
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll0.2.dr
ID:	dr_80
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.610758515135146
Encrypted:	false
Ssdeep:	192:VVqWphWbcWSawTyihVWQ4WWhBWz9blDJ5iqnajVss1xos:VVqWphWblwGydz95DKlxT1xos
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll0.2.dr
ID:	dr_82
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.533005363293854
Encrypted:	false
Ssdeep:	384:MmGJC8k1JzBcKcIvVWphW+wGy+95DKlxT1xg/Q:vcKc1h15Dmg/Q
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll0.2.dr
ID:	dr_84
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.65874861166986
Encrypted:	false
Ssdeep:	192:QvtxDfIeSHWphW/WSawTyihVWQ4eWuAdVNCNxXeRqnajR:itxDfIeSHWphWQwGyGDN4JeRlF
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll0.2.dr
ID:	dr_86
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.785349571526316
Encrypted:	false
Ssdeep:	192:jG+WphWkWSawTyihVWQ4WW8EHAOT2XNfqnajVAilG83lrl:j/WphW9wGycHk9flx6Erl
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll0.2.dr
ID:	dr_88
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607179155749351
Encrypted:	false
Ssdeep:	192:dGeV6WphWeWSawTyihVWQ4WWcsa9blDJ5iqnajVss1xPyo:dGeV6WphWDwGyJ95DKlxT1xPyo
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll0.2.dr
ID:	dr_90
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680987524368224
Encrypted:	false
Ssdeep:	192:jyMvqWphWkWSawTyihVWQ4eWjfykwqnaj0ZNF:jyMvqWphW9wGyxlIZn
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll1.2.dr
ID:	dr_92
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.57490566503125
Encrypted:	false
Ssdeep:	384:0dv3V0dfpkXc0vVaTWphWXpwGyF4JeRlF:0dv3VqpkXc0vVaCG1
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll1.2.dr
ID:	dr_94
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.722419738952607
Encrypted:	false
Ssdeep:	192:ontZ39hcWphWD5WSawTyihVWQ4SWEZK1usUDR0qnajVXj92:utZ39hcWphWSwGyY1uQlxz4
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll1.2.dr
ID:	dr_96
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.608967943815084
Encrypted:	false
Ssdeep:	192:/KIMFUXWphW1WSawTyihVWQ4WWeeFhPv7T0q11qnajVtPxY2:/BXWphWywGye37TplxbY2
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll1.2.dr
ID:	dr_99
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7165053983195415
Encrypted:	false
Ssdeep:	192:tSWphWCWSawTyihVWQ4WWKzUeghKEwkqnajVkL23:tSWphWfwGyP1ghKtklxt3
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll1.2.dr
ID:	dr_102
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.628780928175106
Encrypted:	false
Ssdeep:	192:qoIeWphWnWSawTyihVWQ4WWuB9blDJ5iqnajVss1xHDFi5:qo9WphWowGyT95DKlxT1xHRi5
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll1.2.dr
ID:	dr_105
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.635659329072802
Encrypted:	false
Ssdeep:	192:aEWphWbWSawTyihVWQ4WWiHJqnajjqP6G8rg50Lp:aEWphW0wGyRJlvCz8rgcp
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll1.2.dr
ID:	dr_108
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.4300870012171805
Encrypted:	false
Ssdeep:	192:089M0wd8dc9cy1WphWGWSawTyihVWQ4eWMAkwqnaj0:0t0wd8xy1WphWbwGyKlI
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll1.2.dr
ID:	dr_111
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.589979077155519
Encrypted:	false
Ssdeep:	192:9KNcWphW6WSawTyihVWQ4eW19NuXqnajZMVw:9KNcWphWnwGyU0lN9
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll1.2.dr
ID:	dr_114
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.644112079500101
Encrypted:	false
Ssdeep:	192:zt/PGnWlC0i5C9WphW6WSawTyihVWQ4eWEsbtkwqnaj0nOa:VunWm5C9WphWnwGyy5lInOa
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll1.2.dr
ID:	dr_117
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.584779333540128
Encrypted:	false
Ssdeep:	192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll1.2.dr
ID:	dr_120
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.705059986408883
Encrypted:	false
Ssdeep:	192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n
Size:	12464
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll1.2.dr
ID:	dr_123
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.218550846690576
Encrypted:	false
Ssdeep:	384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE
Size:	21144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll1.2.dr
ID:	dr_126
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.205799780176162
Encrypted:	false
Ssdeep:	384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7
Size:	20120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll1.2.dr
ID:	dr_129
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.545458165119229
Encrypted:	false
Ssdeep:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM
Size:	64664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll1.2.dr
ID:	dr_132
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6076799883738735
Encrypted:	false
Ssdeep:	192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej
Size:	12976
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll1.2.dr
ID:	dr_135
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.456296069225527
Encrypted:	false
Ssdeep:	192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3
Size:	16536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll1.2.dr
ID:	dr_138
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393264759906024
Encrypted:	false
Ssdeep:	192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP
Size:	17864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll1.2.dr
ID:	dr_141
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.271794979288617
Encrypted:	false
Ssdeep:	384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7
Size:	18376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll1.2.dr
ID:	dr_144
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.535643188678725
Encrypted:	false
Ssdeep:	192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA
Size:	14280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll1.2.dr
ID:	dr_147
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.678177184128737
Encrypted:	false
Ssdeep:	192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll2.2.dr
ID:	dr_150
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.438447839844645
Encrypted:	false
Ssdeep:	12288:H7KwoYg6YeHSKKwTwda73ZHFOHSduCKN22tN90mQEKZm+jWodEEVQ:bXD7uCKx3QEKZm+jWodEEa
Size:	583048
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll1.2.dr
ID:	dr_153
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627207870602929
Encrypted:	false
Ssdeep:	24576:2QqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:fqGuFyMJgTV3JA/dEOa
Size:	1035720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll3.2.dr
ID:	dr_166
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.42681250101216
Encrypted:	false
Ssdeep:	1536:Ly6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXeixecbSQ2sYMl:LlXfRXqQw+PHLrCZOixecbSmp
Size:	94072
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x64\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll1.2.dr
ID:	dr_169
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.340326946859471
Encrypted:	false
Ssdeep:	384:7Hb1+iuauREnUUWU55vZvS05fJjPg2h1RWmbzA+Xf+gxy85xH0f91WrrKW7dHRNy:lzJnUUV7xPg4RdPvv3DHkw9mJXhd
Size:	36744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\API-MS-Win-core-xstate-l2-1-0.dll
Category:	dropped
Dump:	API-MS-Win-core-xstate-l2-1-0.dll1.2.dr
ID:	dr_370
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.844575905787734
Encrypted:	false
Ssdeep:	192:uf5baWphWiWSawTyihVWQ4eWua8d90884LfqnajJNv8:uf5baWphW/wGyXJJllNv8
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll4.2.dr
ID:	dr_291
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.788244658637563
Encrypted:	false
Ssdeep:	192:5sWphW9WSawTyihVWQ4WW5MAOT2XNfqnajVAilG834EN:SWphWqwGy1k9flx6Y
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll4.2.dr
ID:	dr_294
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.81065742032065
Encrypted:	false
Ssdeep:	192:it8WphWXWSawTyihVWQ4eW8Phk3pPqs7IwdY+kqnajHaqxgm:iOWphW4wGyngzIwS+klTx
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll4.2.dr
ID:	dr_297
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.793555786221558
Encrypted:	false
Ssdeep:	192:P0WphWfWSawTyihVWQ4eWBURahpeLirKqnaj/:P0WphWwwGyTRnLIKlz
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll5.2.dr
ID:	dr_300
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7892989431355995
Encrypted:	false
Ssdeep:	192:xWphWiWSawTyihVWQ4eWJgcX5qAAqnaj/IeSx:xWphW/wGy/lDAx
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll5.2.dr
ID:	dr_303
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.847987811252071
Encrypted:	false
Ssdeep:	192:8amxD3PWphWSWSawTyihVWQ4yW98DcMpVwyqnajlAww3u:8aUWphWPwGyimvlmww3u
Size:	11200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll5.2.dr
ID:	dr_306
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.696234999723925
Encrypted:	false
Ssdeep:	192:1CYYPvVX8rFTsFWphWFWSawTyihVWQ4WWlGM2XSoaqnajVMSLadjbwf:1C7PvVXXWphWiwGyvZalxbhf
Size:	15000
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll5.2.dr
ID:	dr_309
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8126504873749765
Encrypted:	false
Ssdeep:	192:laH1WphWGWSawTyihVWQ4eWh3S4kOqnaj2NLPm:U1WphWbwGyelg7
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll5.2.dr
ID:	dr_312
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.915487652995372
Encrypted:	false
Ssdeep:	192:hWphWtWSawTyihVWQ4eW88jDgpeLirKqnaj/dn:hWphW6wGyY1LIKlz
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll5.2.dr
ID:	dr_314
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.831839386552592
Encrypted:	false
Ssdeep:	192:tWphWxWSawTyihVWQ4veWixEdiqnajVCyS:tWphWmwGyEwnlx/S
Size:	11440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll5.2.dr
ID:	dr_326
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.763115670912453
Encrypted:	false
Ssdeep:	192:vcl6WphW8WSawTyihVWQ4eWImCt+6ArNc4qnajr7vg:kl6WphWFwGy5V4lrv
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll5.2.dr
ID:	dr_328
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.798656780730637
Encrypted:	false
Ssdeep:	192:qXxDYsFYWphW3aWSawTyihVWQ4eWrBC5uE7Mqnajcf:qXxDYsFYWphWXwGymeuOMlA
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll6.2.dr
ID:	dr_330
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.761813565849536
Encrypted:	false
Ssdeep:	192:JSvuBL3B5LgWphWMWSawTyihVWQ4eWBg2Pi43pPqs7IwdY+kqnajHaqxgm+2:UvuBL3BSWphW1wGy2fPbzIwS+klTx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll6.2.dr
ID:	dr_332
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.804389735698839
Encrypted:	false
Ssdeep:	384:+HOMw3zdp3bwjGfue9/0jCRrndb9WphWwwGyg4lrv:QOMwBprwjGfue9/0jCRrndb4X
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll6.2.dr
ID:	dr_334
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.826471702163863
Encrypted:	false
Ssdeep:	192:VDKhWphW6WSawTyihVWQ4eW6Bam06ArNc4qnajr7vLOs:0hWphWnwGyVV4lrvi
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll6.2.dr
ID:	dr_336
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.906347501077361
Encrypted:	false
Ssdeep:	192:iWphWEWSawTyihVWQ4eWYBc5M8xOSqnaj3yfU:iWphWdwGyZNCTlufU
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll6.2.dr
ID:	dr_338
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.77511206242731
Encrypted:	false
Ssdeep:	192:AZ7WphWD0WSawTyihVWQ4SW64q1usUDR0qnajVXj9GOC:AZ7WphW5wGyKq1uQlxzbC
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll6.2.dr
ID:	dr_340
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.669167982349583
Encrypted:	false
Ssdeep:	384:1Hk1JzBcKcIpWphW8wGyaGECifl/zdbQD:1+cKc1/tzO
Size:	13760
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll6.2.dr
ID:	dr_342
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.826298522089573
Encrypted:	false
Ssdeep:	192:o/DiDfIeBWphW7WSawTyihVWQ4eW9zGBQRW52fqnaj7zdKT:1DfIeBWphWUwGyXifl/zdK
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll6.2.dr
ID:	dr_344
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.959708399553805
Encrypted:	false
Ssdeep:	192:cnaYWphWXWSawTyihVWQ4yWropVwyqnajlAU/j:caYWphW4wGylvlmU/j
Size:	10688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll6.2.dr
ID:	dr_356
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.774218151425283
Encrypted:	false
Ssdeep:	192:2G9WphWgWSawTyihVWQ4eWHaZGEpeLirKqnaj/H:2G9WphWhwGyR+LIKlzH
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll6.2.dr
ID:	dr_358
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.874431183729956
Encrypted:	false
Ssdeep:	192:xGyMvBWphW5WSawTyihVWQ4SWbPquJqnajjqP6G8rgk:xGyMvBWphW+wGyIJlvCz8rgk
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll6.2.dr
ID:	dr_360
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.740747425770286
Encrypted:	false
Ssdeep:	384:2dv3V0dfpkXc0vVaXWphWnwGyE0e3nlx/s:2dv3VqpkXc0vVaWgeb
Size:	13488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll6.2.dr
ID:	dr_362
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.883126121612803
Encrypted:	false
Ssdeep:	192:BY3ZDQtZ3IWphWDKWSawTyihVWQ4SWnr11usUDR0qnajVXj9y:BY3ZDQtZ3IWphWbwGyW11uQlxzc
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll6.2.dr
ID:	dr_364
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.782553149861649
Encrypted:	false
Ssdeep:	192:Q7QzKIMFMWphWUWSawTyihVWQ4WWLABOhKEwkqnajVkL2yEHAE:Q8zZWphWNwGy/BOhKtklxtbgE
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll6.2.dr
ID:	dr_366
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.87441983548633
Encrypted:	false
Ssdeep:	192:ePWphWOWSawTyihVWQ4uWSkDA0884LfqnajJNyb2n9A:ePWphWTwGy5JllNo29A
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll6.2.dr
ID:	dr_368
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7952185678003545
Encrypted:	false
Ssdeep:	192:ZKWphWGmWSawTyihVWQ4eWEVc67lqnajX8QKX8Q:ZKWphWG7wGymolz8D
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll6.2.dr
ID:	dr_372
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.796320133064848
Encrypted:	false
Ssdeep:	192:aEWphWsWSawTyihVWQ4eWRG6c67lqnajX8QJsCdy:aEWphWVwGyLolz83k
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll6.2.dr
ID:	dr_374
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.562367453011828
Encrypted:	false
Ssdeep:	192:JM0wd8dc9cy1WphWLWSawTyihVWQ4eWSJ6615uE7MqnajcPQ:G0wd8xy1WphWEwGyyyuOMlA
Size:	15304
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll6.2.dr
ID:	dr_385
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.77118912343302
Encrypted:	false
Ssdeep:	192:a9KNcWphW7WSawTyihVWQ4eW+gS4kOqnaj2NLFmPV:YKNcWphWUwGyilgpw
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll6.2.dr
ID:	dr_386
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.793455396893645
Encrypted:	false
Ssdeep:	192:yGnWlC0i5C9WphWZWSawTyihVWQ4uWXduQRW52fqnaj7zdCTyRk:tnWm5C9WphWewGy8Qifl/zdCeRk
Size:	13248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll6.2.dr
ID:	dr_387
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.729597024670557
Encrypted:	false
Ssdeep:	192:raY17aFBRQWphWoWSawTyihVWQ4eWMBjX6ArNc4qnajr7vgq49N:zVWphWZwGyt84lrv3wN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll6.2.dr
ID:	dr_388
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.855315201507517
Encrypted:	false
Ssdeep:	192:G9vbhWphWqWSawTyihVWQ4yWhPC67lpVwyqnajlAdmh:G9vbhWphW3wGyCC6Xvlm8h
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll6.2.dr
ID:	dr_389
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.275912021557885
Encrypted:	false
Ssdeep:	384:wt1MCbM4Oe5grykfIgTmLSWphWMwGy2VlgEBlD:k6gMq5grxfIndDHT5
Size:	21960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll6.2.dr
ID:	dr_390
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.28724886598146
Encrypted:	false
Ssdeep:	384:iSrxLPmIHJI6/CpG3t2G3t4odXLZWphWNwGyfpLIKlz3:iiPmIHJI6iGopL
Size:	19400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll6.2.dr
ID:	dr_391
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.555058128213375
Encrypted:	false
Ssdeep:	1536:yfolDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPTP1:SolDe5c4bFE2Jy2cvxXWpD9d3334BkZS
Size:	66200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll6.2.dr
ID:	dr_392
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7508394455859655
Encrypted:	false
Ssdeep:	192:Fonqjd71WphWjWSawTyihVWQ4eW7e5qAAqnaj/I4R:Fon8WphWMwGyOlDd
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll6.2.dr
ID:	dr_393
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.595033028538626
Encrypted:	false
Ssdeep:	192:0JB0fhrpIhhf4AN5/ji7WphWb1WSawTyihVWQ4eWDRSDN3pPqs7IwdY+kqnajHa4:00hrKYWphWbywGymozIwS+klTx
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll6.2.dr
ID:	dr_394
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.5066651039706205
Encrypted:	false
Ssdeep:	192:rpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWlSws0884LfqnajJNRE:r19OFVh7WphWuwGyE0JllNRE
Size:	17352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll6.2.dr
ID:	dr_405
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.396902203036038
Encrypted:	false
Ssdeep:	384:PFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphWwFwGyOnk9flx6BGM:55yguNvZ5VQgx3SbwA71IkFxFFMyGM
Size:	18072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll6.2.dr
ID:	dr_406
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.684953706674831
Encrypted:	false
Ssdeep:	192:gy5NDSWphWXWSawTyihVWQ4eWD8jo5M8xOSqnaj3yo:gUEWphW4wGyTBCTluo
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll6.2.dr
ID:	dr_407
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.856640823154055
Encrypted:	false
Ssdeep:	192:/mXI6fHQduHWphW0WSawTyihVWQ4uWS+GB5M8xOSqnaj3yUvB:/+fxWphWtwGy10CTluU5
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll6.2.dr
ID:	dr_408
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.641867059831725
Encrypted:	false
Ssdeep:	12288:9822+H2EIqZ14mVYh8vN4xyoZPeKjuYMc+MQQQjhUgiW6QR7t5s03Ooc8dHkC2eF:9822+H2Y4mVYh44xyoZPHaw03Ooc8dHd
Size:	448384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll6.2.dr
ID:	dr_409
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8060128370628075
Encrypted:	false
Ssdeep:	24576:HWidEhqcKIqMOKgf4GokSnxqZbCU3lYU+6ozo+mSY+mcvIZPoy4PmcLloi:2idEhqFBMiExqZiY4o+mSpmcZT
Size:	1170880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\device\x86\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll7.2.dr
ID:	dr_410
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.777357741796387
Encrypted:	false
Ssdeep:	1536:JhQmqDRK9IfURwL67cuhH6poqPpep4yW3UecbiT18ozr:Jh+DRGI86L6gshupXUecbiTB
Size:	76168
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll0.2.dr
ID:	dr_104
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.593400064300514
Encrypted:	false
Ssdeep:	192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll0.2.dr
ID:	dr_107
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.651991089723867
Encrypted:	false
Ssdeep:	192:FjMWphW+WSawTyihVWQ4WW4lJXKqnajH2oWb5lP0kC:FwWphWjwGyBbKlNqb0h
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll0.2.dr
ID:	dr_110
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.616418214858396
Encrypted:	false
Ssdeep:	192:Pn3WphWPWSawTyihVWQ4WWomRd7T0q11qnajVtPxu:vWphWAwGy6Rd7Tplxbu
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll1.2.dr
ID:	dr_113
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.606191850818759
Encrypted:	false
Ssdeep:	192:tWphWCcWSawTyihVWQ4eWapfkwqnaj0hFoHg:tWphWGwGyv7lIna
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll1.2.dr
ID:	dr_116
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6809296260677185
Encrypted:	false
Ssdeep:	192:imxD3TzWphWWWSawTyihVWQ4WWXpaED2D8KN3qnajV2MVornuFaw:iczWphWLwGy/EDt2lxnorn8
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll1.2.dr
ID:	dr_119
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.568348091811147
Encrypted:	false
Ssdeep:	192:YIAuVYPvVX8rFTsRWphWiWSawTyihVWQ4WWYIStJqnajjqP6G8rgUr:cBPvVX7WphW/wGyxtJlvCz8rgC
Size:	15512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll1.2.dr
ID:	dr_122
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6392158841399125
Encrypted:	false
Ssdeep:	192:B+WphWN8WSawTyihVWQ4SWxQz52D8KN3qnajV2MVorWHLm:sWphWNFwGyD5t2lxnorWHLm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll1.2.dr
ID:	dr_124
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7335547816165295
Encrypted:	false
Ssdeep:	192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll1.2.dr
ID:	dr_128
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.641210440202195
Encrypted:	false
Ssdeep:	192:UWphWZmWSawTyihVWQ4WWYg7T0q11qnajVtPx/e:UWphWZ7wGy87Tplxbm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll1.2.dr
ID:	dr_131
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6020677191345625
Encrypted:	false
Ssdeep:	192:1ZlBVWphW2WSawTyihVWQ4WWa+jrc2D8KN3qnajV2MVornxu:HljWphWrwGygct2lxnorxu
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll1.2.dr
ID:	dr_134
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.688798103865209
Encrypted:	false
Ssdeep:	192:gWphWOWSawTyihVWQ4WWE3SUAOT2XNfqnajVAilG835FH:gWphWTwGy/k9flx6S
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll2.2.dr
ID:	dr_137
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607919598680885
Encrypted:	false
Ssdeep:	192:nvuBL3B5LGWphWLWSawTyihVWQ4WW1VB7T0q11qnajVtPxm:nvuBL3BsWphWEwGy67Tplxbm
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll2.2.dr
ID:	dr_140
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680202388702566
Encrypted:	false
Ssdeep:	384:FOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1rhKtklxtW:FOMwBprwjGfue9/0jCRrndbUV3W
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll2.2.dr
ID:	dr_143
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.652287122511192
Encrypted:	false
Ssdeep:	192:itfZa/GG3m3WphWBWSawTyihVWQ4eWvEcuXqnajZK:z3qWphWWwGyFPlN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll2.2.dr
ID:	dr_146
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.746045829861457
Encrypted:	false
Ssdeep:	192:KWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9ISv:KWphWvwGyu1uQlxze+
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll2.2.dr
ID:	dr_149
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.610758515135146
Encrypted:	false
Ssdeep:	192:VVqWphWbcWSawTyihVWQ4WWhBWz9blDJ5iqnajVss1xos:VVqWphWblwGydz95DKlxT1xos
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll2.2.dr
ID:	dr_152
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.533005363293854
Encrypted:	false
Ssdeep:	384:MmGJC8k1JzBcKcIvVWphW+wGy+95DKlxT1xg/Q:vcKc1h15Dmg/Q
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll2.2.dr
ID:	dr_154
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.65874861166986
Encrypted:	false
Ssdeep:	192:QvtxDfIeSHWphW/WSawTyihVWQ4eWuAdVNCNxXeRqnajR:itxDfIeSHWphWQwGyGDN4JeRlF
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll2.2.dr
ID:	dr_168
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.785349571526316
Encrypted:	false
Ssdeep:	192:jG+WphWkWSawTyihVWQ4WW8EHAOT2XNfqnajVAilG83lrl:j/WphW9wGycHk9flx6Erl
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll2.2.dr
ID:	dr_171
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607179155749351
Encrypted:	false
Ssdeep:	192:dGeV6WphWeWSawTyihVWQ4WWcsa9blDJ5iqnajVss1xPyo:dGeV6WphWDwGyJ95DKlxT1xPyo
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll2.2.dr
ID:	dr_174
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680987524368224
Encrypted:	false
Ssdeep:	192:jyMvqWphWkWSawTyihVWQ4eWjfykwqnaj0ZNF:jyMvqWphW9wGyxlIZn
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll3.2.dr
ID:	dr_177
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.57490566503125
Encrypted:	false
Ssdeep:	384:0dv3V0dfpkXc0vVaTWphWXpwGyF4JeRlF:0dv3VqpkXc0vVaCG1
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll3.2.dr
ID:	dr_180
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.722419738952607
Encrypted:	false
Ssdeep:	192:ontZ39hcWphWD5WSawTyihVWQ4SWEZK1usUDR0qnajVXj92:utZ39hcWphWSwGyY1uQlxz4
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll3.2.dr
ID:	dr_183
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.608967943815084
Encrypted:	false
Ssdeep:	192:/KIMFUXWphW1WSawTyihVWQ4WWeeFhPv7T0q11qnajVtPxY2:/BXWphWywGye37TplxbY2
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll3.2.dr
ID:	dr_186
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7165053983195415
Encrypted:	false
Ssdeep:	192:tSWphWCWSawTyihVWQ4WWKzUeghKEwkqnajVkL23:tSWphWfwGyP1ghKtklxt3
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll3.2.dr
ID:	dr_189
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.628780928175106
Encrypted:	false
Ssdeep:	192:qoIeWphWnWSawTyihVWQ4WWuB9blDJ5iqnajVss1xHDFi5:qo9WphWowGyT95DKlxT1xHRi5
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll3.2.dr
ID:	dr_192
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.635659329072802
Encrypted:	false
Ssdeep:	192:aEWphWbWSawTyihVWQ4WWiHJqnajjqP6G8rg50Lp:aEWphW0wGyRJlvCz8rgcp
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll3.2.dr
ID:	dr_194
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.4300870012171805
Encrypted:	false
Ssdeep:	192:089M0wd8dc9cy1WphWGWSawTyihVWQ4eWMAkwqnaj0:0t0wd8xy1WphWbwGyKlI
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll3.2.dr
ID:	dr_208
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.589979077155519
Encrypted:	false
Ssdeep:	192:9KNcWphW6WSawTyihVWQ4eW19NuXqnajZMVw:9KNcWphWnwGyU0lN9
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll3.2.dr
ID:	dr_211
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.644112079500101
Encrypted:	false
Ssdeep:	192:zt/PGnWlC0i5C9WphW6WSawTyihVWQ4eWEsbtkwqnaj0nOa:VunWm5C9WphWnwGyy5lInOa
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll3.2.dr
ID:	dr_214
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.584779333540128
Encrypted:	false
Ssdeep:	192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll3.2.dr
ID:	dr_217
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.705059986408883
Encrypted:	false
Ssdeep:	192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n
Size:	12464
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll3.2.dr
ID:	dr_220
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.218550846690576
Encrypted:	false
Ssdeep:	384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE
Size:	21144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll3.2.dr
ID:	dr_223
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.205799780176162
Encrypted:	false
Ssdeep:	384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7
Size:	20120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll3.2.dr
ID:	dr_226
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.545458165119229
Encrypted:	false
Ssdeep:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM
Size:	64664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll3.2.dr
ID:	dr_229
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6076799883738735
Encrypted:	false
Ssdeep:	192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej
Size:	12976
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll3.2.dr
ID:	dr_232
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.456296069225527
Encrypted:	false
Ssdeep:	192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3
Size:	16536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll3.2.dr
ID:	dr_234
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393264759906024
Encrypted:	false
Ssdeep:	192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP
Size:	17864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll3.2.dr
ID:	dr_248
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.271794979288617
Encrypted:	false
Ssdeep:	384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7
Size:	18376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll3.2.dr
ID:	dr_251
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.535643188678725
Encrypted:	false
Ssdeep:	192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA
Size:	14280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll3.2.dr
ID:	dr_254
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.678177184128737
Encrypted:	false
Ssdeep:	192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\bucket.dll
Category:	dropped
Dump:	bucket.dll.2.dr
ID:	dr_8
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.471630154523374
Encrypted:	false
Ssdeep:	12288:fZnnIKfjMoH9wWJ5TRJOjR6ExQnEatFQTEYCde/T+QyGA:ZIKfjMoHOPUExcEatWTyde/T+CA
Size:	507904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\bucket.inno.dll
Category:	dropped
Dump:	bucket.inno.dll.2.dr
ID:	dr_2
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.419848728160198
Encrypted:	false
Ssdeep:	12288:dnG60/HEJ7QUizOZ4VLJCo6TJ7JR3cdAN9ONgqu8hJBg8:dC/IQlUqLJCo6TJ7JR3cdANH8hJBg8
Size:	545299
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\libcurl.dll
Category:	dropped
Dump:	libcurl.dll.2.dr
ID:	dr_4
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.620514402649026
Encrypted:	false
Ssdeep:	6144:SMjHMNz1MhnlApc2wSYCItOiEHFba+Nd27HjIMinEo5T8q3:SzPMZ2SCIIfba+NdM+nxB3
Size:	333312
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\libeay32.dll
Category:	dropped
Dump:	libeay32.dll.2.dr
ID:	dr_5
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.803305396153442
Encrypted:	false
Ssdeep:	24576:iPD+KpPpmuLM3F2f0LXBrkdfbnaJepHm3E7xL/pN1ecj6UtP9RqbNGhqdy:AguLM3XiGSHt/jBj6UtP9Rqkhqdy
Size:	1269248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll.2.dr
ID:	dr_9
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.641867059831725
Encrypted:	false
Ssdeep:	12288:9822+H2EIqZ14mVYh8vN4xyoZPeKjuYMc+MQQQjhUgiW6QR7t5s03Ooc8dHkC2eF:9822+H2Y4mVYh44xyoZPHaw03Ooc8dHd
Size:	448384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\msvcr120.dll
Category:	dropped
Dump:	msvcr120.dll.2.dr
ID:	dr_156
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.965251723279498
Encrypted:	false
Ssdeep:	24576:UmFyjHVMxBuwQLYucGp4iiqgNb3HopbiKJ:iMy2yRgFopbh
Size:	971072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\osssdk.dll
Category:	dropped
Dump:	osssdk.dll.2.dr
ID:	dr_3
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.442724041485623
Encrypted:	false
Ssdeep:	12288:RgvZ0SxYSLIzCijlUo/UUQnJ3Oc9FFgICaT5+hqNt:6x0SxYII5R8xxCa9+hq
Size:	531456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\ssleay32.dll
Category:	dropped
Dump:	ssleay32.dll.2.dr
ID:	dr_6
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.364317702412273
Encrypted:	false
Ssdeep:	6144:KLFThsrlPqhXPXpwiKQQg9L8YMcoIyHJPNlK9//ualAcQYLUIaGdY7Y1XiRdQMJv:kFThsrlPqhXPXpwiHQg9L8xcoIyHJfKG
Size:	275968
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll3.2.dr
ID:	dr_257
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627207870602929
Encrypted:	false
Ssdeep:	24576:2QqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:fqGuFyMJgTV3JA/dEOa
Size:	1035720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll2.2.dr
ID:	dr_155
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.777357741796387
Encrypted:	false
Ssdeep:	1536:JhQmqDRK9IfURwL67cuhH6poqPpep4yW3UecbiT18ozr:Jh+DRGI86L6gshupXUecbiTB
Size:	76168
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll3.2.dr
ID:	dr_260
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.340326946859471
Encrypted:	false
Ssdeep:	384:7Hb1+iuauREnUUWU55vZvS05fJjPg2h1RWmbzA+Xf+gxy85xH0f91WrrKW7dHRNy:lzJnUUV7xPg4RdPvv3DHkw9mJXhd
Size:	36744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll5.2.dr
ID:	dr_322
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.593400064300514
Encrypted:	false
Ssdeep:	192:gYtWphWvWSawTyihVWQ4eWwueSquXqnajZasdyI:gkWphWgwGyVS1lNNx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll5.2.dr
ID:	dr_323
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.651991089723867
Encrypted:	false
Ssdeep:	192:FjMWphW+WSawTyihVWQ4WW4lJXKqnajH2oWb5lP0kC:FwWphWjwGyBbKlNqb0h
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll5.2.dr
ID:	dr_324
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.616418214858396
Encrypted:	false
Ssdeep:	192:Pn3WphWPWSawTyihVWQ4WWomRd7T0q11qnajVtPxu:vWphWAwGy6Rd7Tplxbu
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll6.2.dr
ID:	dr_345
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.606191850818759
Encrypted:	false
Ssdeep:	192:tWphWCcWSawTyihVWQ4eWapfkwqnaj0hFoHg:tWphWGwGyv7lIna
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll6.2.dr
ID:	dr_346
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6809296260677185
Encrypted:	false
Ssdeep:	192:imxD3TzWphWWWSawTyihVWQ4WWXpaED2D8KN3qnajV2MVornuFaw:iczWphWLwGy/EDt2lxnorn8
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll6.2.dr
ID:	dr_347
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.568348091811147
Encrypted:	false
Ssdeep:	192:YIAuVYPvVX8rFTsRWphWiWSawTyihVWQ4WWYIStJqnajjqP6G8rgUr:cBPvVX7WphW/wGyxtJlvCz8rgC
Size:	15512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll6.2.dr
ID:	dr_348
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6392158841399125
Encrypted:	false
Ssdeep:	192:B+WphWN8WSawTyihVWQ4SWxQz52D8KN3qnajV2MVorWHLm:sWphWNFwGyD5t2lxnorWHLm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll6.2.dr
ID:	dr_349
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7335547816165295
Encrypted:	false
Ssdeep:	192:QVPlWphWYWSawTyihVWQ4eWINt9tCNxXeRqnajRWBs:QVdWphWpwGyZ3t4JeRlF
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll6.2.dr
ID:	dr_350
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.641210440202195
Encrypted:	false
Ssdeep:	192:UWphWZmWSawTyihVWQ4WWYg7T0q11qnajVtPx/e:UWphWZ7wGy87Tplxbm
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll6.2.dr
ID:	dr_351
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6020677191345625
Encrypted:	false
Ssdeep:	192:1ZlBVWphW2WSawTyihVWQ4WWa+jrc2D8KN3qnajV2MVornxu:HljWphWrwGygct2lxnorxu
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll6.2.dr
ID:	dr_352
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.688798103865209
Encrypted:	false
Ssdeep:	192:gWphWOWSawTyihVWQ4WWE3SUAOT2XNfqnajVAilG835FH:gWphWTwGy/k9flx6S
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll7.2.dr
ID:	dr_353
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607919598680885
Encrypted:	false
Ssdeep:	192:nvuBL3B5LGWphWLWSawTyihVWQ4WW1VB7T0q11qnajVtPxm:nvuBL3BsWphWEwGy67Tplxbm
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll7.2.dr
ID:	dr_354
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680202388702566
Encrypted:	false
Ssdeep:	384:FOMw3zdp3bwjGfue9/0jCRrndbpWphWywGyc1rhKtklxtW:FOMwBprwjGfue9/0jCRrndbUV3W
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll7.2.dr
ID:	dr_375
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.652287122511192
Encrypted:	false
Ssdeep:	192:itfZa/GG3m3WphWBWSawTyihVWQ4eWvEcuXqnajZK:z3qWphWWwGyFPlN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll7.2.dr
ID:	dr_376
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.746045829861457
Encrypted:	false
Ssdeep:	192:KWphWD2WSawTyihVWQ4SWm01usUDR0qnajVXj9ISv:KWphWvwGyu1uQlxze+
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll7.2.dr
ID:	dr_377
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.610758515135146
Encrypted:	false
Ssdeep:	192:VVqWphWbcWSawTyihVWQ4WWhBWz9blDJ5iqnajVss1xos:VVqWphWblwGydz95DKlxT1xos
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll7.2.dr
ID:	dr_378
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.533005363293854
Encrypted:	false
Ssdeep:	384:MmGJC8k1JzBcKcIvVWphW+wGy+95DKlxT1xg/Q:vcKc1h15Dmg/Q
Size:	14488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll7.2.dr
ID:	dr_379
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.65874861166986
Encrypted:	false
Ssdeep:	192:QvtxDfIeSHWphW/WSawTyihVWQ4eWuAdVNCNxXeRqnajR:itxDfIeSHWphWQwGyGDN4JeRlF
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll7.2.dr
ID:	dr_380
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.785349571526316
Encrypted:	false
Ssdeep:	192:jG+WphWkWSawTyihVWQ4WW8EHAOT2XNfqnajVAilG83lrl:j/WphW9wGycHk9flx6Erl
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll7.2.dr
ID:	dr_381
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.607179155749351
Encrypted:	false
Ssdeep:	192:dGeV6WphWeWSawTyihVWQ4WWcsa9blDJ5iqnajVss1xPyo:dGeV6WphWDwGyJ95DKlxT1xPyo
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll7.2.dr
ID:	dr_382
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.680987524368224
Encrypted:	false
Ssdeep:	192:jyMvqWphWkWSawTyihVWQ4eWjfykwqnaj0ZNF:jyMvqWphW9wGyxlIZn
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll7.2.dr
ID:	dr_383
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.57490566503125
Encrypted:	false
Ssdeep:	384:0dv3V0dfpkXc0vVaTWphWXpwGyF4JeRlF:0dv3VqpkXc0vVaCG1
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll7.2.dr
ID:	dr_384
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.722419738952607
Encrypted:	false
Ssdeep:	192:ontZ39hcWphWD5WSawTyihVWQ4SWEZK1usUDR0qnajVXj92:utZ39hcWphWSwGyY1uQlxz4
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll7.2.dr
ID:	dr_395
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.608967943815084
Encrypted:	false
Ssdeep:	192:/KIMFUXWphW1WSawTyihVWQ4WWeeFhPv7T0q11qnajVtPxY2:/BXWphWywGye37TplxbY2
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll7.2.dr
ID:	dr_396
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.7165053983195415
Encrypted:	false
Ssdeep:	192:tSWphWCWSawTyihVWQ4WWKzUeghKEwkqnajVkL23:tSWphWfwGyP1ghKtklxt3
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll7.2.dr
ID:	dr_397
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.628780928175106
Encrypted:	false
Ssdeep:	192:qoIeWphWnWSawTyihVWQ4WWuB9blDJ5iqnajVss1xHDFi5:qo9WphWowGyT95DKlxT1xHRi5
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll7.2.dr
ID:	dr_398
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.635659329072802
Encrypted:	false
Ssdeep:	192:aEWphWbWSawTyihVWQ4WWiHJqnajjqP6G8rg50Lp:aEWphW0wGyRJlvCz8rgcp
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll7.2.dr
ID:	dr_399
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.4300870012171805
Encrypted:	false
Ssdeep:	192:089M0wd8dc9cy1WphWGWSawTyihVWQ4eWMAkwqnaj0:0t0wd8xy1WphWbwGyKlI
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll7.2.dr
ID:	dr_400
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.589979077155519
Encrypted:	false
Ssdeep:	192:9KNcWphW6WSawTyihVWQ4eW19NuXqnajZMVw:9KNcWphWnwGyU0lN9
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll7.2.dr
ID:	dr_401
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.644112079500101
Encrypted:	false
Ssdeep:	192:zt/PGnWlC0i5C9WphW6WSawTyihVWQ4eWEsbtkwqnaj0nOa:VunWm5C9WphWnwGyy5lInOa
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll7.2.dr
ID:	dr_402
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.584779333540128
Encrypted:	false
Ssdeep:	192:LaY17aFBRQWphWr+uWSawTyihVWQ4WWR2Gw4ZLqnajVxo+twGdi:TVWphWmwGyHGw6lx2+tLdi
Size:	12952
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll7.2.dr
ID:	dr_403
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.705059986408883
Encrypted:	false
Ssdeep:	192:NWphWfpWSawTyihVWQ4PGWcQV0hbdiqnajBCI:NWphWmwGyrphsl9n
Size:	12464
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll7.2.dr
ID:	dr_404
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.218550846690576
Encrypted:	false
Ssdeep:	384:gJI2M4Oe59Ckb1hgmLZWphWdwGyKXeGw6lx2+tE:gi2Mq59Bb1jE+F/ptE
Size:	21144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll7.2.dr
ID:	dr_415
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.205799780176162
Encrypted:	false
Ssdeep:	384:qUSrxLPmIHJI6/CpG3t2G3t4odXLZWphWpwGycGw6lx2+t7:riPmIHJI6iiwpt7
Size:	20120
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll7.2.dr
ID:	dr_416
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.545458165119229
Encrypted:	false
Ssdeep:	1536:JTs8iYDe5c4bFe2JyhcvxXWpD7d3334BkZn+P9GC:/iYDe5c4bFe2JyhcvxXWpD7d3334BkZM
Size:	64664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll7.2.dr
ID:	dr_417
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.6076799883738735
Encrypted:	false
Ssdeep:	192:wnqjd71WphW5WSawTyihVWQ4CW8CnbdiqnajBCIej:wn8WphW+wGyEsl9nej
Size:	12976
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll7.2.dr
ID:	dr_418
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.456296069225527
Encrypted:	false
Ssdeep:	192:zaajPrpJhhf4AN5/KipWphW6WSawTyihVWQ4SW1tJqnajjqP6G8rgvM3:zlbr7fWphWnwGyCJlvCz8rgU3
Size:	16536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll7.2.dr
ID:	dr_419
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.393264759906024
Encrypted:	false
Ssdeep:	192:GpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWyellCNxXeRqnajRyGdFP:G19OFVh7WphWuwGyg34JeRlFyGPP
Size:	17864
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll7.2.dr
ID:	dr_420
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.271794979288617
Encrypted:	false
Ssdeep:	384:JFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW/wGyxOilNH:35yguNvZ5VQgx3SbwA71IkFxc7
Size:	18376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll7.2.dr
ID:	dr_421
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.535643188678725
Encrypted:	false
Ssdeep:	192:iy5NDSWphWuWSawTyihVWQ4eWfguCNxXeRqnajRAQN:iUEWphWzwGyHu4JeRlFA
Size:	14280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll7.2.dr
ID:	dr_422
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.678177184128737
Encrypted:	false
Ssdeep:	192:DI6fHQduHWphWm4WSawTyihVWQ4eWtEyRpqCNxXeRqnajRMqXMxbh:xfxWphWuwGydy/q4JeRlF2xbh
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll7.2.dr
ID:	dr_423
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.438447839844645
Encrypted:	false
Ssdeep:	12288:H7KwoYg6YeHSKKwTwda73ZHFOHSduCKN22tN90mQEKZm+jWodEEVQ:bXD7uCKx3QEKZm+jWodEEa
Size:	583048
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll7.2.dr
ID:	dr_424
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.627207870602929
Encrypted:	false
Ssdeep:	24576:2QqGcVofavjyMI0gTV3FHJ9oPbDcnEdEtmxvSZX0ypea7C:fqGuFyMJgTV3JA/dEOa
Size:	1035720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll1.2.dr
ID:	dr_98
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.42681250101216
Encrypted:	false
Ssdeep:	1536:Ly6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXeixecbSQ2sYMl:LlXfRXqQw+PHLrCZOixecbSmp
Size:	94072
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x64\vcruntime140_1.dll
Category:	dropped
Dump:	vcruntime140_1.dll0.2.dr
ID:	dr_101
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.340326946859471
Encrypted:	false
Ssdeep:	384:7Hb1+iuauREnUUWU55vZvS05fJjPg2h1RWmbzA+Xf+gxy85xH0f91WrrKW7dHRNy:lzJnUUV7xPg4RdPvv3DHkw9mJXhd
Size:	36744
Whitelisted:	true
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\API-MS-Win-core-xstate-l2-1-0.dll
Category:	dropped
Dump:	API-MS-Win-core-xstate-l2-1-0.dll0.2.dr
ID:	dr_243
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.844575905787734
Encrypted:	false
Ssdeep:	192:uf5baWphWiWSawTyihVWQ4eWua8d90884LfqnajJNv8:uf5baWphW/wGyXJJllNv8
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll1.2.dr
ID:	dr_157
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.788244658637563
Encrypted:	false
Ssdeep:	192:5sWphW9WSawTyihVWQ4WW5MAOT2XNfqnajVAilG834EN:SWphWqwGy1k9flx6Y
Size:	11928
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-console-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-2-0.dll1.2.dr
ID:	dr_158
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.81065742032065
Encrypted:	false
Ssdeep:	192:it8WphWXWSawTyihVWQ4eW8Phk3pPqs7IwdY+kqnajHaqxgm:iOWphW4wGyngzIwS+klTx
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll1.2.dr
ID:	dr_159
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.793555786221558
Encrypted:	false
Ssdeep:	192:P0WphWfWSawTyihVWQ4eWBURahpeLirKqnaj/:P0WphWwwGyTRnLIKlz
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll2.2.dr
ID:	dr_160
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7892989431355995
Encrypted:	false
Ssdeep:	192:xWphWiWSawTyihVWQ4eWJgcX5qAAqnaj/IeSx:xWphW/wGy/lDAx
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll2.2.dr
ID:	dr_161
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.847987811252071
Encrypted:	false
Ssdeep:	192:8amxD3PWphWSWSawTyihVWQ4yW98DcMpVwyqnajlAww3u:8aUWphWPwGyimvlmww3u
Size:	11200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll2.2.dr
ID:	dr_162
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.696234999723925
Encrypted:	false
Ssdeep:	192:1CYYPvVX8rFTsFWphWFWSawTyihVWQ4WWlGM2XSoaqnajVMSLadjbwf:1C7PvVXXWphWiwGyvZalxbhf
Size:	15000
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll2.2.dr
ID:	dr_163
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8126504873749765
Encrypted:	false
Ssdeep:	192:laH1WphWGWSawTyihVWQ4eWh3S4kOqnaj2NLPm:U1WphWbwGyelg7
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll2.2.dr
ID:	dr_164
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.915487652995372
Encrypted:	false
Ssdeep:	192:hWphWtWSawTyihVWQ4eW88jDgpeLirKqnaj/dn:hWphW6wGyY1LIKlz
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll2.2.dr
ID:	dr_195
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.831839386552592
Encrypted:	false
Ssdeep:	192:tWphWxWSawTyihVWQ4veWixEdiqnajVCyS:tWphWmwGyEwnlx/S
Size:	11440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll2.2.dr
ID:	dr_196
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.763115670912453
Encrypted:	false
Ssdeep:	192:vcl6WphW8WSawTyihVWQ4eWImCt+6ArNc4qnajr7vg:kl6WphWFwGy5V4lrv
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll2.2.dr
ID:	dr_197
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.798656780730637
Encrypted:	false
Ssdeep:	192:qXxDYsFYWphW3aWSawTyihVWQ4eWrBC5uE7Mqnajcf:qXxDYsFYWphWXwGymeuOMlA
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll3.2.dr
ID:	dr_198
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.761813565849536
Encrypted:	false
Ssdeep:	192:JSvuBL3B5LgWphWMWSawTyihVWQ4eWBg2Pi43pPqs7IwdY+kqnajHaqxgm+2:UvuBL3BSWphW1wGy2fPbzIwS+klTx
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-localization-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-localization-l1-2-0.dll3.2.dr
ID:	dr_199
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.804389735698839
Encrypted:	false
Ssdeep:	384:+HOMw3zdp3bwjGfue9/0jCRrndb9WphWwwGyg4lrv:QOMwBprwjGfue9/0jCRrndb4X
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll3.2.dr
ID:	dr_200
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.826471702163863
Encrypted:	false
Ssdeep:	192:VDKhWphW6WSawTyihVWQ4eW6Bam06ArNc4qnajr7vLOs:0hWphWnwGyVV4lrvi
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll3.2.dr
ID:	dr_201
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.906347501077361
Encrypted:	false
Ssdeep:	192:iWphWEWSawTyihVWQ4eWYBc5M8xOSqnaj3yfU:iWphWdwGyZNCTlufU
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll3.2.dr
ID:	dr_202
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.77511206242731
Encrypted:	false
Ssdeep:	192:AZ7WphWD0WSawTyihVWQ4SW64q1usUDR0qnajVXj9GOC:AZ7WphW5wGyKq1uQlxzbC
Size:	12432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll3.2.dr
ID:	dr_203
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.669167982349583
Encrypted:	false
Ssdeep:	384:1Hk1JzBcKcIpWphW8wGyaGECifl/zdbQD:1+cKc1/tzO
Size:	13760
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll3.2.dr
ID:	dr_204
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.826298522089573
Encrypted:	false
Ssdeep:	192:o/DiDfIeBWphW7WSawTyihVWQ4eW9zGBQRW52fqnaj7zdKT:1DfIeBWphWUwGyXifl/zdK
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll3.2.dr
ID:	dr_235
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.959708399553805
Encrypted:	false
Ssdeep:	192:cnaYWphWXWSawTyihVWQ4yWropVwyqnajlAU/j:caYWphW4wGylvlmU/j
Size:	10688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll3.2.dr
ID:	dr_236
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.774218151425283
Encrypted:	false
Ssdeep:	192:2G9WphWgWSawTyihVWQ4eWHaZGEpeLirKqnaj/H:2G9WphWhwGyR+LIKlzH
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll3.2.dr
ID:	dr_237
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.874431183729956
Encrypted:	false
Ssdeep:	192:xGyMvBWphW5WSawTyihVWQ4SWbPquJqnajjqP6G8rgk:xGyMvBWphW+wGyIJlvCz8rgk
Size:	11416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll4.2.dr
ID:	dr_238
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.740747425770286
Encrypted:	false
Ssdeep:	384:2dv3V0dfpkXc0vVaXWphWnwGyE0e3nlx/s:2dv3VqpkXc0vVaWgeb
Size:	13488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll4.2.dr
ID:	dr_239
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.883126121612803
Encrypted:	false
Ssdeep:	192:BY3ZDQtZ3IWphWDKWSawTyihVWQ4SWnr11usUDR0qnajVXj9y:BY3ZDQtZ3IWphWbwGyW11uQlxzc
Size:	11920
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll4.2.dr
ID:	dr_240
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.782553149861649
Encrypted:	false
Ssdeep:	192:Q7QzKIMFMWphWUWSawTyihVWQ4WWLABOhKEwkqnajVkL2yEHAE:Q8zZWphWNwGy/BOhKtklxtbgE
Size:	12440
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll4.2.dr
ID:	dr_241
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.87441983548633
Encrypted:	false
Ssdeep:	192:ePWphWOWSawTyihVWQ4uWSkDA0884LfqnajJNyb2n9A:ePWphWTwGy5JllNo29A
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll4.2.dr
ID:	dr_242
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7952185678003545
Encrypted:	false
Ssdeep:	192:ZKWphWGmWSawTyihVWQ4eWEVc67lqnajX8QKX8Q:ZKWphWG7wGymolz8D
Size:	11208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll4.2.dr
ID:	dr_244
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.796320133064848
Encrypted:	false
Ssdeep:	192:aEWphWsWSawTyihVWQ4eWRG6c67lqnajX8QJsCdy:aEWphWVwGyLolz83k
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll5.2.dr
ID:	dr_275
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.562367453011828
Encrypted:	false
Ssdeep:	192:JM0wd8dc9cy1WphWLWSawTyihVWQ4eWSJ6615uE7MqnajcPQ:G0wd8xy1WphWEwGyyyuOMlA
Size:	15304
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll4.2.dr
ID:	dr_276
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.77118912343302
Encrypted:	false
Ssdeep:	192:a9KNcWphW7WSawTyihVWQ4eW+gS4kOqnaj2NLFmPV:YKNcWphWUwGyilgpw
Size:	11720
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll4.2.dr
ID:	dr_277
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.793455396893645
Encrypted:	false
Ssdeep:	192:yGnWlC0i5C9WphWZWSawTyihVWQ4uWXduQRW52fqnaj7zdCTyRk:tnWm5C9WphWewGy8Qifl/zdCeRk
Size:	13248
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll4.2.dr
ID:	dr_278
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.729597024670557
Encrypted:	false
Ssdeep:	192:raY17aFBRQWphWoWSawTyihVWQ4eWMBjX6ArNc4qnajr7vgq49N:zVWphWZwGyt84lrv3wN
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll4.2.dr
ID:	dr_279
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.855315201507517
Encrypted:	false
Ssdeep:	192:G9vbhWphWqWSawTyihVWQ4yWhPC67lpVwyqnajlAdmh:G9vbhWphW3wGyCC6Xvlm8h
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll4.2.dr
ID:	dr_280
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.275912021557885
Encrypted:	false
Ssdeep:	384:wt1MCbM4Oe5grykfIgTmLSWphWMwGy2VlgEBlD:k6gMq5grxfIndDHT5
Size:	21960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-multibyte-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-multibyte-l1-1-0.dll4.2.dr
ID:	dr_281
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.28724886598146
Encrypted:	false
Ssdeep:	384:iSrxLPmIHJI6/CpG3t2G3t4odXLZWphWNwGyfpLIKlz3:iiPmIHJI6iGopL
Size:	19400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-private-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-private-l1-1-0.dll4.2.dr
ID:	dr_282
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.555058128213375
Encrypted:	false
Ssdeep:	1536:yfolDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPTP1:SolDe5c4bFE2Jy2cvxXWpD9d3334BkZS
Size:	66200
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll4.2.dr
ID:	dr_283
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.7508394455859655
Encrypted:	false
Ssdeep:	192:Fonqjd71WphWjWSawTyihVWQ4eW7e5qAAqnaj/I4R:Fon8WphWMwGyOlDd
Size:	12232
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll4.2.dr
ID:	dr_284
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.595033028538626
Encrypted:	false
Ssdeep:	192:0JB0fhrpIhhf4AN5/ji7WphWb1WSawTyihVWQ4eWDRSDN3pPqs7IwdY+kqnajHa4:00hrKYWphWbywGymozIwS+klTx
Size:	15816
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll5.2.dr
ID:	dr_315
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.5066651039706205
Encrypted:	false
Ssdeep:	192:rpPLNPjFuWYFxEpah7WphWJWSawTyihVWQ4eWlSws0884LfqnajJNRE:r19OFVh7WphWuwGyE0JllNRE
Size:	17352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll4.2.dr
ID:	dr_316
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.396902203036038
Encrypted:	false
Ssdeep:	384:PFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphWwFwGyOnk9flx6BGM:55yguNvZ5VQgx3SbwA71IkFxFFMyGM
Size:	18072
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll4.2.dr
ID:	dr_317
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.684953706674831
Encrypted:	false
Ssdeep:	192:gy5NDSWphWXWSawTyihVWQ4eWD8jo5M8xOSqnaj3yo:gUEWphW4wGyTBCTluo
Size:	13768
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll4.2.dr
ID:	dr_318
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.856640823154055
Encrypted:	false
Ssdeep:	192:/mXI6fHQduHWphW0WSawTyihVWQ4uWS+GB5M8xOSqnaj3yUvB:/+fxWphWtwGy10CTluU5
Size:	11712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\msvcp140.dll
Category:	dropped
Dump:	msvcp140.dll4.2.dr
ID:	dr_319
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.641867059831725
Encrypted:	false
Ssdeep:	12288:9822+H2EIqZ14mVYh8vN4xyoZPeKjuYMc+MQQQjhUgiW6QR7t5s03Ooc8dHkC2eF:9822+H2Y4mVYh44xyoZPHaw03Ooc8dHd
Size:	448384
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll4.2.dr
ID:	dr_320
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.8060128370628075
Encrypted:	false
Ssdeep:	24576:HWidEhqcKIqMOKgf4GokSnxqZbCU3lYU+6ozo+mSY+mcvIZPoy4PmcLloi:2idEhqFBMiExqZiY4o+mSpmcZT
Size:	1170880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\x86\vcruntime140.dll
Category:	dropped
Dump:	vcruntime140.dll5.2.dr
ID:	dr_321
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.777357741796387
Encrypted:	false
Ssdeep:	1536:JhQmqDRK9IfURwL67cuhH6poqPpep4yW3UecbiT18ozr:Jh+DRGI86L6gshupXUecbiTB
Size:	76168
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-4K0PE.tmp\ossbucket\zlibwapi.dll
Category:	dropped
Dump:	zlibwapi.dll.2.dr
ID:	dr_7
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.649139236621164
Encrypted:	false
Ssdeep:	3072:xDN7V2s+eR/sp6yqyKYcBWLZDOIbB0pvgzGFD6Nd807zR2hllaTBf2rSZMVUCzS:xDZTkSDy12hqTBOrSZiW
Size:	172544
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Category:	dropped
Dump:	SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Crypt.25649.28700.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.3880151736249955
Encrypted:	false
Ssdeep:	49152:rR/KpmZubPf2S8W2ILeWl+C1p9jWy5Mnd0wigbL:t/jtYLP1Sy5i0
Size:	2570752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Contains functionality to check if a debugger is running (IsDebuggerPresent)	Anti Debugging	Security Software Discovery
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)	Anti Debugging	Security Software Discovery
Contains functionality to communicate with device drivers	System Summary
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to query locales information (e.g. system language)	Language, Device and Operating System Detection	System Information Discovery
Contains functionality which may be used to detect a debugger (GetProcessHeap)	Anti Debugging	Security Software Discovery
Detected potential crypto function	System Summary	Encrypted Channel Archive Collected Data
Drops PE files	Persistence and Installation Behavior
Extensive use of GetProcAddress (often used to hide API calls)	Hooking and other Techniques for Hiding and Protection
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Found large amount of non-executed APIs	Malware Analysis System Evasion
Found potential string decryption / allocating functions	System Summary	Obfuscated Files or Information Deobfuscate/Decode Files or Information
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality for error logging	System Summary
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to load and extract PE file embedded resources	System Summary
Contains functionality to query local / system time	Language, Device and Operating System Detection	System Information Discovery System Time Discovery
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains functionality to query windows version	Language, Device and Operating System Detection	System Information Discovery
Contains functionality to register its own exception handler	Anti Debugging
Creates files inside the user directory	System Summary	Masquerading
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads the Windows registered organization settings	System Summary	System Owner/User Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Creates install or setup log file	Compliance, Persistence and Installation Behavior
Executable creates window controls seldom found in malware	System Summary
Uses Rich Edit Controls	System Summary
Reads the Windows registered owner settings	System Summary	System Owner/User Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\osssdk.log
Category:	dropped
Dump:	osssdk.log.2.dr
ID:	dr_269
Target ID:	2
Process:	C:\Users\user\AppData\Local\Temp\is-R3KMA.tmp\SecuriteInfo.com.Trojan.Crypt.25649.28700.tmp
Type:	ISO-8859 text, with very long lines (370), with CRLF line terminators
Entropy:	5.490536984184061
Encrypted:	false
Ssdeep:	192:4aU4TQfrNhuV9P0Oft2tjQsz5UPHu2uGlzKx/X4PHQ2QclzKyaX4cohDhHSzDDsM:0cxSVTBzbQ7cH4Ff41
Size:	13542
Whitelisted:	false
Reputation:	timeout

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.Crypt.25649.28700.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.Crypt.25649.28700.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
SecuriteInfo.com.Trojan.Crypt.25649.28700.exe