Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.996223052086757
Filename:	MyTrustID.EXE
Filesize:	7301120
MD5:	1f4bb0f2b9d26f2419fbb7e7ba860d03
SHA1:	0ec525f5032f91544908aa957dc9fa9212d9ac7d
SHA256:	0b4d29b13046032af8c92bff26283ac8522bc178e9b4428010030bd352c49e91
SHA512:	d02b65506c55cf2d9b7120ccdc44aec738f34dad80e6d0dd667b9948851958188eae90799d916bea26a574ee23a2ad0172212f2471e0627cb8ddfc99ee3bfae8
SSDEEP:	98304:oHaT0WVxMdBjaTQIybPRJLNL6kQnxZn9tPR+1nnf0OlvP2tFHBxhmkxK9:XTM3eTQIybHQXfP2rhOvhxcUK9
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Of.{...(...(...(.l.)...(.l.)...(.l.)...(.l.)...(...(...(.l.)...(.l\(...(.l.)...(Rich...(........PE..L...!V.:.................d.

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains executable resources (Code or Archives)	System Summary
Uses 32bit PE files	Compliance, System Summary
Creates an autostart registry key	Boot Survival
Creates temporary files	System Summary
Executes batch files	System Summary
PE file has an executable .text section and no other executable section	System Summary
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\Users\Public\Desktop\MyTrustIDv1.lnk
Category:	dropped
Dump:	MyTrustIDv1.lnk0.14.dr
ID:	dr_101
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Jan 10 07:12:02 2023, mtime=Thu Oct 24 23:44:59 2024, atime=Tue Jan 10 07:12:02 2023, length=2592256, window=hide
Entropy:	4.6072329265669305
Encrypted:	false
Size:	1244
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder	System Summary
Creates files inside the user directory	System Summary	Masquerading

Details

File:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\CreateShortcut.vbs
Category:	modified
Dump:	CreateShortcut.vbs.3.dr
ID:	dr_2
Target ID:	3
Process:	C:\Windows\SysWOW64\cmd.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.143301581319301
Encrypted:	false
Size:	317
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Command shell drops VBS files	Persistence and Installation Behavior	Scripting

Details

File:	58626a.rbf (copy)
Category:	dropped
Dump:	System.Diagnostics.Debug.dll.14.dr
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	58626b.rbf (copy)
Category:	dropped
Dump:	System.Text.Encoding.dll.14.dr
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	58626c.rbf (copy)
Category:	dropped
Dump:	System.Reflection.dll.14.dr
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	58626d.rbf (copy)
Category:	dropped
Dump:	System.Runtime.Serialization.Primitives.dll.14.dr
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	58626e.rbf (copy)
Category:	dropped
Dump:	System.Threading.dll.14.dr
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	58626f.rbf (copy)
Category:	dropped
Dump:	System.Threading.Tasks.dll.14.dr
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Config.Msi\586269.rbs
Category:	modified
Dump:	586269.rbs.14.dr
ID:	dr_8
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	6.003394862226206
Encrypted:	false
Size:	56322
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\32bit\eToken.dll
Category:	dropped
Dump:	eToken.dll.14.dr
ID:	dr_40
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.793324516037024
Encrypted:	false
Size:	644152
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\BouncyCastle.Crypto.dll
Category:	dropped
Dump:	BouncyCastle.Crypto.dll.14.dr
ID:	dr_93
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.824583171540262
Encrypted:	false
Size:	2609152
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.Core.dll
Category:	dropped
Dump:	userburn.Micro.Platform.Core.dll.14.dr
ID:	dr_14
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.317912087227824
Encrypted:	false
Size:	14848
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.Platform.dll
Category:	dropped
Dump:	userburn.Micro.Platform.dll.14.dr
ID:	dr_56
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.92989745056437
Encrypted:	false
Size:	83968
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\userburn.Micro.dll
Category:	dropped
Dump:	userburn.Micro.dll.14.dr
ID:	dr_59
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.834897784977097
Encrypted:	false
Size:	61952
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\CreateCSRdll.dll
Category:	dropped
Dump:	CreateCSRdll.dll.14.dr
ID:	dr_4
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.016852466199556
Encrypted:	false
Size:	23040
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\Hardcodet.Wpf.TaskbarNotification.dll
Category:	dropped
Dump:	Hardcodet.Wpf.TaskbarNotification.dll.14.dr
ID:	dr_95
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.6056707762562175
Encrypted:	false
Size:	45056
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\ICSharpCode.SharpZipLib.dll
Category:	dropped
Dump:	ICSharpCode.SharpZipLib.dll.14.dr
ID:	dr_83
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.9179021547434365
Encrypted:	false
Size:	198656
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\IDPrimeTokenEngine.dll
Category:	dropped
Dump:	IDPrimeTokenEngine.dll.14.dr
ID:	dr_67
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.710289960871951
Encrypted:	false
Size:	482360
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\InstallCertdll.dll
Category:	dropped
Dump:	InstallCertdll.dll.14.dr
ID:	dr_45
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.186538552836002
Encrypted:	false
Size:	29184
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\LicInfo.xml
Category:	dropped
Dump:	LicInfo.xml.14.dr
ID:	dr_60
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.818506374523169
Encrypted:	false
Size:	250
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\MimeTypes.config
Category:	dropped
Dump:	MimeTypes.config.14.dr
ID:	dr_97
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.719390226150669
Encrypted:	false
Size:	722
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe
Category:	dropped
Dump:	MyTrustIDv1.exe.14.dr
ID:	dr_16
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.349342333979024
Encrypted:	false
Size:	2592256
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses Microsoft Silverlight	System Summary

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe.config
Category:	dropped
Dump:	MyTrustIDv1.exe.config.14.dr
ID:	dr_38
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.2567712293742455
Encrypted:	false
Size:	7472
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Enables debug privileges	Anti Debugging
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses Microsoft Silverlight	System Summary

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\Newtonsoft.Json.dll
Category:	dropped
Dump:	Newtonsoft.Json.dll.14.dr
ID:	dr_21
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.9289057284451445
Encrypted:	false
Size:	700336
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\Pkcs11Interop.dll
Category:	dropped
Dump:	Pkcs11Interop.dll.14.dr
ID:	dr_96
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.940269664524611
Encrypted:	false
Size:	553216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Collections.Concurrent.dll
Category:	dropped
Dump:	System.Collections.Concurrent.dll.14.dr
ID:	dr_22
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.9344402861411885
Encrypted:	false
Size:	20728
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Collections.dll
Category:	dropped
Dump:	System.Collections.dll.14.dr
ID:	dr_74
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.040745236586006
Encrypted:	false
Size:	30760
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.Annotations.dll
Category:	dropped
Dump:	System.ComponentModel.Annotations.dll.14.dr
ID:	dr_25
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.869151816770907
Encrypted:	false
Size:	21768
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.EventBasedAsync.dll
Category:	dropped
Dump:	System.ComponentModel.EventBasedAsync.dll.14.dr
ID:	dr_106
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.946168036500629
Encrypted:	false
Size:	20760
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ComponentModel.dll
Category:	dropped
Dump:	System.ComponentModel.dll.14.dr
ID:	dr_86
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.923708952415366
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Contracts.dll
Category:	dropped
Dump:	System.Diagnostics.Contracts.dll.14.dr
ID:	dr_108
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.891025465711431
Encrypted:	false
Size:	21232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Debug.dll
Category:	dropped
Dump:	System.Diagnostics.Debug.dll.14.dr
ID:	dr_46
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.1081973367756595
Encrypted:	false
Size:	30304
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Tools.dll
Category:	dropped
Dump:	System.Diagnostics.Tools.dll.14.dr
ID:	dr_36
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.924349667668396
Encrypted:	false
Size:	20704
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Diagnostics.Tracing.dll
Category:	dropped
Dump:	System.Diagnostics.Tracing.dll.14.dr
ID:	dr_26
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.878030783079058
Encrypted:	false
Size:	21232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Dynamic.Runtime.dll
Category:	dropped
Dump:	System.Dynamic.Runtime.dll.14.dr
ID:	dr_10
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.906892337193367
Encrypted:	false
Size:	21208
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Globalization.dll
Category:	dropped
Dump:	System.Globalization.dll.14.dr
ID:	dr_102
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.925762912674675
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.IO.dll
Category:	dropped
Dump:	System.IO.dll.14.dr
ID:	dr_84
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.090969434577509
Encrypted:	false
Size:	30256
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Expressions.dll
Category:	dropped
Dump:	System.Linq.Expressions.dll.14.dr
ID:	dr_107
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.0641094175254215
Encrypted:	false
Size:	31280
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Parallel.dll
Category:	dropped
Dump:	System.Linq.Parallel.dll.14.dr
ID:	dr_39
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.936540006800381
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.Queryable.dll
Category:	dropped
Dump:	System.Linq.Queryable.dll.14.dr
ID:	dr_47
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.932656588423688
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Linq.dll
Category:	dropped
Dump:	System.Linq.dll.14.dr
ID:	dr_69
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.923076053397558
Encrypted:	false
Size:	20656
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Http.dll
Category:	dropped
Dump:	System.Net.Http.dll.14.dr
ID:	dr_85
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.387255281301793
Encrypted:	false
Size:	44736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.NetworkInformation.dll
Category:	dropped
Dump:	System.Net.NetworkInformation.dll.14.dr
ID:	dr_43
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.8579553448189365
Encrypted:	false
Size:	21752
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Primitives.dll
Category:	dropped
Dump:	System.Net.Primitives.dll.14.dr
ID:	dr_27
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.919458745073652
Encrypted:	false
Size:	21208
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.Requests.dll
Category:	dropped
Dump:	System.Net.Requests.dll.14.dr
ID:	dr_73
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.928260203577834
Encrypted:	false
Size:	20688
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Net.WebHeaderCollection.dll
Category:	dropped
Dump:	System.Net.WebHeaderCollection.dll.14.dr
ID:	dr_61
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.89115410520229
Encrypted:	false
Size:	20728
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ObjectModel.dll
Category:	dropped
Dump:	System.ObjectModel.dll.14.dr
ID:	dr_64
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.080975022669934
Encrypted:	false
Size:	30792
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.ILGeneration.dll
Category:	dropped
Dump:	System.Reflection.Emit.ILGeneration.dll.14.dr
ID:	dr_52
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.946896969155413
Encrypted:	false
Size:	20752
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.Lightweight.dll
Category:	dropped
Dump:	System.Reflection.Emit.Lightweight.dll.14.dr
ID:	dr_98
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.923479962458419
Encrypted:	false
Size:	20744
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Emit.dll
Category:	dropped
Dump:	System.Reflection.Emit.dll.14.dr
ID:	dr_34
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.91547420532875
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Extensions.dll
Category:	dropped
Dump:	System.Reflection.Extensions.dll.14.dr
ID:	dr_53
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.920152062437649
Encrypted:	false
Size:	20720
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.Primitives.dll
Category:	dropped
Dump:	System.Reflection.Primitives.dll.14.dr
ID:	dr_51
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.870371668028369
Encrypted:	false
Size:	21232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Reflection.dll
Category:	dropped
Dump:	System.Reflection.dll.14.dr
ID:	dr_42
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.086685048718698
Encrypted:	false
Size:	30760
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Resources.ResourceManager.dll
Category:	dropped
Dump:	System.Resources.ResourceManager.dll.14.dr
ID:	dr_87
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.932434859320068
Encrypted:	false
Size:	20736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Extensions.dll
Category:	dropped
Dump:	System.Runtime.Extensions.dll.14.dr
ID:	dr_90
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.934721926136644
Encrypted:	false
Size:	20712
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Handles.dll
Category:	dropped
Dump:	System.Runtime.Handles.dll.14.dr
ID:	dr_94
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.909954114781456
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.InteropServices.WindowsRuntime.dll
Category:	dropped
Dump:	System.Runtime.InteropServices.WindowsRuntime.dll.14.dr
ID:	dr_29
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.9822039641350795
Encrypted:	false
Size:	20800
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.InteropServices.dll
Category:	dropped
Dump:	System.Runtime.InteropServices.dll.14.dr
ID:	dr_44
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.75991945084597
Encrypted:	false
Size:	23800
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Numerics.dll
Category:	dropped
Dump:	System.Runtime.Numerics.dll.14.dr
ID:	dr_41
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.918322799480784
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Json.dll
Category:	dropped
Dump:	System.Runtime.Serialization.Json.dll.14.dr
ID:	dr_18
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.941661839342404
Encrypted:	false
Size:	20736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Primitives.dll
Category:	dropped
Dump:	System.Runtime.Serialization.Primitives.dll.14.dr
ID:	dr_54
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.125924993328888
Encrypted:	false
Size:	30256
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.Serialization.Xml.dll
Category:	dropped
Dump:	System.Runtime.Serialization.Xml.dll.14.dr
ID:	dr_80
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.862287983262007
Encrypted:	false
Size:	21248
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Runtime.dll
Category:	dropped
Dump:	System.Runtime.dll.14.dr
ID:	dr_37
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.767818804480797
Encrypted:	false
Size:	38472
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Algorithms.dll
Category:	dropped
Dump:	System.Security.Cryptography.Algorithms.dll.14.dr
ID:	dr_55
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.283940364650081
Encrypted:	false
Size:	39872
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Encoding.dll
Category:	dropped
Dump:	System.Security.Cryptography.Encoding.dll.14.dr
ID:	dr_66
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.745210347664389
Encrypted:	false
Size:	23480
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.Primitives.dll
Category:	dropped
Dump:	System.Security.Cryptography.Primitives.dll.14.dr
ID:	dr_79
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.787311984913185
Encrypted:	false
Size:	22816
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Cryptography.X509Certificates.dll
Category:	dropped
Dump:	System.Security.Cryptography.X509Certificates.dll.14.dr
ID:	dr_50
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.259985051067165
Encrypted:	false
Size:	38872
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Security.Principal.dll
Category:	dropped
Dump:	System.Security.Principal.dll.14.dr
ID:	dr_68
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.914716992976391
Encrypted:	false
Size:	20712
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Duplex.dll
Category:	dropped
Dump:	System.ServiceModel.Duplex.dll.14.dr
ID:	dr_23
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.934520929656973
Encrypted:	false
Size:	20712
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Http.dll
Category:	dropped
Dump:	System.ServiceModel.Http.dll.14.dr
ID:	dr_28
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.873112333209616
Encrypted:	false
Size:	21216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.NetTcp.dll
Category:	dropped
Dump:	System.ServiceModel.NetTcp.dll.14.dr
ID:	dr_78
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.880584712333072
Encrypted:	false
Size:	21224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Primitives.dll
Category:	dropped
Dump:	System.ServiceModel.Primitives.dll.14.dr
ID:	dr_92
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.6576971282907005
Encrypted:	false
Size:	25848
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.ServiceModel.Security.dll
Category:	dropped
Dump:	System.ServiceModel.Security.dll.14.dr
ID:	dr_89
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.906318445293764
Encrypted:	false
Size:	21232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.Encoding.Extensions.dll
Category:	dropped
Dump:	System.Text.Encoding.Extensions.dll.14.dr
ID:	dr_63
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.891303075811866
Encrypted:	false
Size:	20736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.Encoding.dll
Category:	dropped
Dump:	System.Text.Encoding.dll.14.dr
ID:	dr_49
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.11014944348534
Encrypted:	false
Size:	30256
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Text.RegularExpressions.dll
Category:	dropped
Dump:	System.Text.RegularExpressions.dll.14.dr
ID:	dr_81
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.102245005139269
Encrypted:	false
Size:	30248
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Tasks.Parallel.dll
Category:	dropped
Dump:	System.Threading.Tasks.Parallel.dll.14.dr
ID:	dr_65
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.934416006873891
Encrypted:	false
Size:	20736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Tasks.dll
Category:	dropped
Dump:	System.Threading.Tasks.dll.14.dr
ID:	dr_48
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.041897183018887
Encrypted:	false
Size:	31304
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.Timer.dll
Category:	dropped
Dump:	System.Threading.Timer.dll.14.dr
ID:	dr_71
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.909978113746904
Encrypted:	false
Size:	20696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Threading.dll
Category:	dropped
Dump:	System.Threading.dll.14.dr
ID:	dr_76
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	7.087733077859821
Encrypted:	false
Size:	30792
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Windows.Interactivity.dll
Category:	dropped
Dump:	System.Windows.Interactivity.dll.14.dr
ID:	dr_12
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.299047178318044
Encrypted:	false
Size:	55904
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.ReaderWriter.dll
Category:	dropped
Dump:	System.Xml.ReaderWriter.dll.14.dr
ID:	dr_82
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.894351716923277
Encrypted:	false
Size:	21216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.XDocument.dll
Category:	dropped
Dump:	System.Xml.XDocument.dll.14.dr
ID:	dr_62
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.85265137305525
Encrypted:	false
Size:	21200
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\System.Xml.XmlSerializer.dll
Category:	dropped
Dump:	System.Xml.XmlSerializer.dll.14.dr
ID:	dr_91
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.894289264830931
Encrypted:	false
Size:	21216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\Uninstall.dll
Category:	dropped
Dump:	Uninstall.dll.14.dr
ID:	dr_75
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	3.7665668658749603
Encrypted:	false
Size:	4608
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\WebSockets.dll
Category:	dropped
Dump:	WebSockets.dll.14.dr
ID:	dr_70
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.4140625465178145
Encrypted:	false
Size:	32256
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\client.html
Category:	dropped
Dump:	client.html.14.dr
ID:	dr_104
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	4.857811752809092
Encrypted:	false
Size:	2666
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\itextsharp.dll
Category:	dropped
Dump:	itextsharp.dll.14.dr
ID:	dr_57
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	6.147708413144167
Encrypted:	false
Size:	2621440
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\jquery-1.11.1.js
Category:	dropped
Dump:	jquery-1.11.1.js.14.dr
ID:	dr_35
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.12600132038836
Encrypted:	false
Size:	293074
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\log4net.dll
Category:	dropped
Dump:	log4net.dll.14.dr
ID:	dr_17
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	5.578971164961494
Encrypted:	false
Size:	270336
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\st3ace.dll
Category:	dropped
Dump:	st3ace.dll.14.dr
ID:	dr_88
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.545712240081286
Encrypted:	false
Size:	878592
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\st3ace_s.dll
Category:	dropped
Dump:	st3ace_s.dll.14.dr
ID:	dr_58
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.787809558210488
Encrypted:	false
Size:	48128
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\st3csp11.dll
Category:	dropped
Dump:	st3csp11.dll.14.dr
ID:	dr_24
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.151502759848908
Encrypted:	false
Size:	1290696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\tg_shield.ico
Category:	dropped
Dump:	tg_shield.ico.14.dr
ID:	dr_5
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows icon resource - 1 icon, -40x256, 32 bits/pixel
Entropy:	2.122478318000402
Encrypted:	false
Size:	228414
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\tg_shield_copy.ico
Category:	dropped
Dump:	tg_shield_copy.ico.14.dr
ID:	dr_105
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows icon resource - 1 icon, -40x256, 32 bits/pixel
Entropy:	3.6902473380407703
Encrypted:	false
Size:	228414
Whitelisted:	false

Details

File:	C:\Program Files (x86)\Trustgate\MyTrustID\wss.txt
Category:	dropped
Dump:	wss.txt.14.dr
ID:	dr_77
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	ASCII text, with very long lines (9772), with no line terminators
Entropy:	5.996176228148865
Encrypted:	false
Size:	9772
Whitelisted:	false

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyTrustID Apps\MyTrustIDv1.lnk
Category:	dropped
Dump:	MyTrustIDv1.lnk.14.dr
ID:	dr_6
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Entropy:	2.645239680479132
Encrypted:	false
Size:	2635
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\MyTrustIDv1.lnk
Category:	dropped
Dump:	MyTrustIDv1.lnk1.14.dr
ID:	dr_103
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Entropy:	2.6428419967606454
Encrypted:	false
Size:	2635
Whitelisted:	false

Details

File:	C:\Trustgate\MyTrustID\drivers\Trustgate.dll
Category:	dropped
Dump:	Trustgate.dll.14.dr
ID:	dr_19
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.178652162918622
Encrypted:	false
Size:	1159512
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Trustgate\MyTrustID\drivers\Trustgate.sig
Category:	dropped
Dump:	Trustgate.sig.14.dr
ID:	dr_72
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	7.171569531114784
Encrypted:	false
Size:	256
Whitelisted:	false

Details

File:	C:\Trustgate\MyTrustID\drivers\Trustgate_s.dll
Category:	dropped
Dump:	Trustgate_s.dll.14.dr
ID:	dr_100
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	4.951784664876952
Encrypted:	false
Size:	10752
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Trustgate\MyTrustID\logs\24.10.2024.log
Category:	modified
Dump:	24.10.2024.log.17.dr
ID:	dr_110
Target ID:	17
Process:	C:\Program Files (x86)\Trustgate\MyTrustID\MyTrustIDv1.exe
Type:	CSV text
Entropy:	5.527180835234962
Encrypted:	false
Size:	1124
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\CFG64B9.tmp
Category:	dropped
Dump:	CFG64B9.tmp.15.dr
ID:	dr_109
Target ID:	15
Process:	C:\Windows\SysWOW64\msiexec.exe
Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Entropy:	5.038757123363281
Encrypted:	false
Size:	152
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\mytrustid.bat
Category:	dropped
Dump:	mytrustid.bat.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\MyTrustID.EXE
Type:	DOS batch file, ASCII text, with CRLF line terminators
Entropy:	5.277533323684584
Encrypted:	false
Size:	6345
Whitelisted:	false

Details

File:	C:\Windows\Installer\586270.msi
Category:	dropped
Dump:	586270.msi.14.dr
ID:	dr_7
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {515A415D-AD11-4005-A4FD-AD810EC31437}, Title: MyTrustID, Subject: Version 1.1, Author: MSC Trustgate.com Sdn Bhd, Comments: This application is develop by MSC Trustgate.com Sdn Bhd, Number of Words: 2, Last Saved Time/Date: Mon Jan 9 20:13:53 2023, Last Printed: Mon Jan 9 20:13:53 2023
Entropy:	7.729982787074363
Encrypted:	false
Size:	8450048
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Installer\MSI64C9.tmp
Category:	dropped
Dump:	MSI64C9.tmp.14.dr
ID:	dr_33
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.504247783181216
Encrypted:	false
Size:	305152
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops PE files to the windows directory (C:\Windows)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Windows\Installer\MSI6557.tmp
Category:	dropped
Dump:	MSI6557.tmp.14.dr
ID:	dr_20
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	3.9773329145706704
Encrypted:	false
Size:	971782
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Installer\SourceHash{A97F7040-544D-4857-B3ED-8ED1ED9AE368}
Category:	dropped
Dump:	SourceHash{A97F7040-544D-4857-B3ED-8ED1ED9AE368}.14.dr
ID:	dr_13
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	1.1671377009427568
Encrypted:	false
Size:	20480
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Installer\{A97F7040-544D-4857-B3ED-8ED1ED9AE368}\_58D1171B4CA0552DFB6D1D.exe
Category:	dropped
Dump:	_58D1171B4CA0552DFB6D1D.exe.14.dr
ID:	dr_99
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	MS Windows icon resource - 1 icon, -40x256, 32 bits/pixel
Entropy:	3.6901975391224604
Encrypted:	false
Size:	228414
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Details

File:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Category:	dropped
Dump:	ngen.log.14.dr
ID:	dr_32
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy:	5.356172233044458
Encrypted:	false
Size:	454234
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF118E5FCD0A324909.TMP
Category:	dropped
Dump:	~DF118E5FCD0A324909.TMP.14.dr
ID:	dr_31
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	1.833481735366168
Encrypted:	false
Size:	24576
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF14F1FE8D2044DA52.TMP
Category:	dropped
Dump:	~DF14F1FE8D2044DA52.TMP.14.dr
ID:	dr_30
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	512
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF30417841F2FD983B.TMP
Category:	dropped
Dump:	~DF30417841F2FD983B.TMP.14.dr
ID:	dr_11
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	0.07437259497127073
Encrypted:	false
Size:	32768
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DF4B641695827FA498.TMP
Category:	dropped
Dump:	~DF4B641695827FA498.TMP.14.dr
ID:	dr_9
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	Composite Document File V2 Document, Cannot read section info
Entropy:	1.20038972886914
Encrypted:	false
Size:	49152
Whitelisted:	false

Details

File:	C:\Windows\Temp\~DFA0F9AAAFCC690B16.TMP
Category:	dropped
Dump:	~DFA0F9AAAFCC690B16.TMP.14.dr
ID:	dr_15
Target ID:	14
Process:	C:\Windows\System32\msiexec.exe
Type:	data
Entropy:	0.3187933968102696
Encrypted:	false
Size:	69632
Whitelisted:	false

Details

File:	\Device\Null
Category:	dropped
Dump:	Null.6.dr
ID:	dr_3
Target ID:	6
Process:	C:\Windows\SysWOW64\net1.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.6408290408368487
Encrypted:	false
Size:	37
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MyTrustID.EXE

Files

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMyTrustID.EXE

Files

Domains

IPs

IOC Report
MyTrustID.EXE