Edit tour
Windows
Analysis Report
Setup_OpenUtilitiesMapx64_24.00.00.011.exe
Overview
General Information
| Sample name: | Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| Analysis ID: | 1670571 |
| MD5: | 357a952831051d757359cadc23b43f43 |
| SHA1: | 5cc270135b1925ae6b51004f22820eb2f94d21a4 |
| SHA256: | a33de435ee5de842b967ae90f0bdbfbf6d6eb067fb1932828706ee4439f72479 |
| Infos: | |
 | |
Detection
| Score: | 21 |
| Range: | 0 - 100 |
| Confidence: | 20% |
Signatures
Drops HTML or HTM files to system directories
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Classification
- System is w10x64
Setup_OpenUtilitiesMapx64_24.00.00.011.exe (PID: 7348 cmdline: "C:\Users\ user\Deskt op\Setup_O penUtiliti esMapx64_2 4.00.00.01 1.exe" MD5: 357A952831051D757359CADC23B43F43) - Setup_OpenUtilitiesMapx64_24.00.00.011.exe (PID: 7368 cmdline:
"C:\Window s\Temp\{A8 73772C-EA4 4-4227-A5A 3-37331C08 8187}\.cr\ Setup_Open UtilitiesM apx64_24.0 0.00.011.e xe" -burn. clean.room ="C:\Users \user\Desk top\Setup_ OpenUtilit iesMapx64_ 24.00.00.0 11.exe" -b urn.fileha ndle.attac hed=528 -b urn.fileha ndle.self= 548 MD5: 1B4C96DA3533ADE3A50D0D34DA728F28)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-21T21:57:49.346158+0200 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49689 | 20.119.128.12 | 443 | TCP |
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Process Stats: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Persistence and Installation Behavior |   |
|---|
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com | 20.119.128.12 | true | false | high | |
| communities.bentley.com | 89.106.200.1 | true | false | high | |
| aka.bentley.com | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 20.119.128.12 | waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1670571 |
| Start date and time: | 2025-04-21 21:56:46 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| Detection: | SUS |
| Classification: | sus21.winEXE@3/50@2/1 |
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, WMIADAP.exe, SIHCl ient.exe, SgrmBroker.exe, conh ost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 184.29.183.29, 4.1 75.87.197 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, slscr.update.microsoft.com , ctldl.windowsupdate.com, c.p ki.goog, fe3cr.delivery.mp.mic rosoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size exceeded maximum c
apacity and may have missing b ehavior information. - Report size getting too big, t
oo many NtAllocateVirtualMemor y calls found. - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found.
| Time | Type | Description |
|---|---|---|
| 15:57:47 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | KeyLogger, StormKitty, VenomRAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\HtmlAgilityPack.dll | Get hash | malicious | Python Stealer, Babadeda | Browse | ||
| C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dll | Get hash | malicious | Unknown | Browse |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26665 |
| Entropy (8bit): | 5.472331873627919 |
| Encrypted: | false |
| SSDEEP: | 384:xnpsyQ/7nE5xUs0T2dW61aao9edY+EMtwmzsY/p:xnO//o90T2dW6jdY+VpsY/p |
| MD5: | CC1A57DE58DD76D691C6191ECD31EF46 |
| SHA1: | 9F9FDBD268A85F3ACC17C5E2E89E1CFD366CA11F |
| SHA-256: | 78BD5385CD7287D0B2AC4D79810AFABFFA0425338AC3D70C90A4E77ABC190929 |
| SHA-512: | BE3D98FC44C43B6328DB43D4622686590041E7C199335B95795B928AC56904E9BD3AEB888834C63569AC9C943341362528B15EEF4D9D6FB6F2D078F0B1A97F75 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2735248 |
| Entropy (8bit): | 7.924729718133504 |
| Encrypted: | false |
| SSDEEP: | 49152:yLZ5zot7Gnxu7LElC5tRnLuiFz9tVoLeuDPb7RI3evHESsUlWiATxwt+:yLZ1oF7L8CRnaiF5oLvjbtzvHEntiATP |
| MD5: | 1B4C96DA3533ADE3A50D0D34DA728F28 |
| SHA1: | CB623A2290A822C744714F29ABFA771C04E4183A |
| SHA-256: | C1DB12B95B40E4D2C3EDDB624C8EA3AB0C88DB86760F6256E0860248C332FFD8 |
| SHA-512: | 55C3BCB58761F8E8BBD3659C7068AF76483A390038CFE32F871DF43AD270AE65EE881F5CE6C3ACBF7BD4443D465A96D343C45197AB611405BF46BA7C168F8B51 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2025 |
| Entropy (8bit): | 6.231406644010833 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DTAT8tMBCus9T3FVWmHdniarRFeOrw8Nhv2VyfN3mKNWFP44SBWWW1GyfiPq:8L4T2RJhfHP8+VYuTmQUc2mE |
| MD5: | 1D4B831F77EFEC96FFBC70BC4B59B8B5 |
| SHA1: | 1B3ED82655AEC8A52DAEC60F8674BC7E07F8CFEB |
| SHA-256: | 1B93556F07C35AC0564D57E0743CCBA231950962C6506C8D4A74A31CD66FD04C |
| SHA-512: | C6CCB188281F161DEBF02DCDDE24B77D8D14943DEED8852E77E5AFB18F3F62683AB1AE06DCEB1E09D53804A76DF6400A360712D8E7E228B7F971054BB4FB2496 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2458 |
| Entropy (8bit): | 5.36165936198009 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DTZT8u9cktosM6re4mSTcIIyfI7sh/DMNwIHWAoN3mepNRfKPnWZ0hqAQZfC:8LxTK23f33AwIViRrRynRuZfiMS |
| MD5: | CC8C6D04DC707B38E0F0C08BA16FE49B |
| SHA1: | 95EA7F570677AEA52393D02FDB21CEBB218A7343 |
| SHA-256: | DC445E2457ED31ABF536871F90FF7CC96800A40B6BC033F37D45E3156A3B4FA9 |
| SHA-512: | A4B19EBC8BB0D88ABA7D3D5783E28F8B6E0960582A540059BC71076B1203BF43BCA15EA726272D15395C7B4E431046ADA1CBB9D55072BBC5DBE7729C4599F0E0 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2286 |
| Entropy (8bit): | 5.061915970731254 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DCrT81tbzjamsjFq7LhzqGgdRDJNbqoN3mpN+ELPnfyOwYxPyzraXnAF:8LaTOkaEOiGd/BwF |
| MD5: | 7C6E4CE87870B3B5E71D3EF4555500F8 |
| SHA1: | E831E8978A48BEAFA04AAD52A564B7EADED4311D |
| SHA-256: | CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696 |
| SHA-512: | 2A02415A3E5F073F4530FD87C97B685D95B8C0E1B15EFD185CC5CB046FCF1D0DCE28DB9889AD52588B96FE01841A7A61F6B7D6D2F669EAB10A8926C46B8E93D1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2442 |
| Entropy (8bit): | 5.094465051245675 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DASTcCwit/soJy9hkVByUZN+29N3mfN65PS9CvZwZi7uuASD:8LxT8itGeVB97+gyC9BdaSD |
| MD5: | C8E7E0B4E63B3076047B7F49C76D56E1 |
| SHA1: | 4E44E656A0D552B2FFD65911CB45245364E5DBF3 |
| SHA-256: | 631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295 |
| SHA-512: | FD7E8896F9414F0DB7A88F926F55EE24E0591DA676F330200BC6BB829EB32648D90D3094E0011BFE36C7BA8BE41DFD74B12D444AFEA0D2866801258DA4FA16E8 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3400 |
| Entropy (8bit): | 5.279888750092028 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7D8jVT8dUk9Ug/usOo2pNSBIbESvR2drdESPzghC76DeN2hL0eLoN3mOLSNIx:8L45TCyop5riGzH7xgJit8IqSsBwqk |
| MD5: | 074D5921AF07E6126049CB45814246ED |
| SHA1: | 91D4BDDA8D2B703879CFE2C28550E0A46074FA57 |
| SHA-256: | B8E90E20EDF110AAAAEA54FBC8533872831777BE5589E380CFDD17E1F93147B5 |
| SHA-512: | 28DAC36516BCC76BCC598C6E7ABDE359695F85AB7A830D6ADBC844EB240D9FA372CB5A5CE4DBE21E250408C6B246D371D3CDD656D2178FB0EC22DAC7D39CBD9F |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2235 |
| Entropy (8bit): | 5.142592159444541 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DE+T8Z+bm5snwETMAoQEATN27uNBDReq4N3mJeNHNP64NsFKJJem4vyAs:8LZTDkZ7+2IBCht6J8neHs |
| MD5: | E338408F1101499EB22507A3451F7B06 |
| SHA1: | 83B42F9D7307265A108FC339D0460D36B66A8B94 |
| SHA-256: | B7D9528F29761C82C3D926EFE5E0D5036A0E0D83EB4CCA7282846C86A9D6F9F3 |
| SHA-512: | F7BE923DC2856E0941D0669E2DE5A5C307C98DC7EBA0A1B68728EB29C95B4625145C2AD3AC6F6B6D82F062887EA349E2187F1F91785DDE5A5083BC1150E56326 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2306 |
| Entropy (8bit): | 5.076293283609686 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DyBT81BbKBswAL1xV1wjRcDSNwDXoN3mSZfNhkLPkQpznsdMEodAY:8LwTK5KHsijmEXY |
| MD5: | AA32A059AADD42431F7837CB1BE7257F |
| SHA1: | 4CD21661E341080FB8C2DEFD9F32F134561FC3BA |
| SHA-256: | 88E7DDACD6B714D94D5322876BD50051479B7A0C686DC2E9EB06B3B7A0BC06C9 |
| SHA-512: | 78E201F369E65535E25722DFC0EFE99EDF641F7C14EFF1526DC1CC047FF11640079F1E3D25C9072CF25F4804195891BE006FC5ED313063AFCB91FB5700120B88 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2392 |
| Entropy (8bit): | 5.293225307744296 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DwzT8cSwvs48mF7GD/g1v0wH7N3wwJxL99oN3m/ZNRUYPBZRT1XESW3o/ULG:8LQT2wpFGbgT3wMN2QRj/y/LKr |
| MD5: | 17FB605A2F02DA203DF06F714D1CC6DE |
| SHA1: | 3A71D13D4CCA06116B111625C90DD1C451EA9228 |
| SHA-256: | 55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF |
| SHA-512: | D05008D37143A1CC031F4B6268490A5A10FBB686C86984D20DB94843BDC4624EF9651D158DCB5B660FC239C3C3E8D087EB5D23FFFB8C4681910CBC376148F0F0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2304 |
| Entropy (8bit): | 4.985260685429469 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DQyT81ebRcesyB+lY25ukVpkXJM2DJNXhpXZoN3mMhNTM+POYO/n1YxXlcI5:8LFTzLtkfwWKXHZi37MIDp |
| MD5: | 50261379B89457B1980FF19CFABE6A08 |
| SHA1: | F80B1F416539D33206CE3C24BA3B14B799A84813 |
| SHA-256: | A40C94EB33F8841C79E9F6958433AFFD517F97B4570F731666AF572E63178BB7 |
| SHA-512: | BBD9794181EEC95D6BE7A1B7BA83FD61AF2B2DF61D9DA8DDA2788B61BEC53C30FCEFE5222EDF134166532B36D3AB6CE8996F2D670DC6907C1864AF881A21EA40 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2545 |
| Entropy (8bit): | 5.923292576429967 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DpcYT86WyscLpTIFw6tnOUjsj/D3NIgHcQN3mKN/WPOhT0SXsDay+z8QZEcE:8L1TccOFw6tnOUjsjpICnlOO934apWz |
| MD5: | DB0F5BAB42403FD67C0A18E35E6880EC |
| SHA1: | C0A18C8C5BCD7B88C384B5304B56EEB85A0DA3DC |
| SHA-256: | CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE |
| SHA-512: | 589522BD4A26BF54CCF3564E392E41BBBA4E7B3FD1ED74E7F4F6AD6F2E65CDE11FFF32D0C5F3BCD09052FE5110FDC361D1926E220FD0BAD2D38CAC21BBE93211 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2236 |
| Entropy (8bit): | 5.97627825234954 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7D3sT8ZeusKOwOWGyKCstFmhENI2Y+kN3mp4iNmi6IPa0dDaoIunvZqIHU5UH:8LQTXvRFhIzl44wmgko04U5TY |
| MD5: | 442F8463EF5CA42B99B2EFACA696BD01 |
| SHA1: | 67496DB91CBAA85AC0727B12FC2D35E990537DAC |
| SHA-256: | D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD |
| SHA-512: | A350EAF9E7AEAFAB1163D7C0B8D014AFE07EE98BAE3915CBDD3C26282E345A0838E853C89BAE8943474758DCBCFD0BB0724A0C75CBF969F321FAB4944E8704FD |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2312 |
| Entropy (8bit): | 4.965432037520827 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DK1T8u7hbU7Asd7MqpSwzCcHGFN9OsNN3mvoNBC7hPFtO7+xw7t0Yza2Al:8LcTtpGLFSwJHmPnnKhEBtsl |
| MD5: | 67F28BCDB3BA6774CD66AA198B06FF38 |
| SHA1: | 85D843B7248A5E1173FF9BD59CB73BB505F69B66 |
| SHA-256: | 226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E |
| SHA-512: | 7BC7D3E6E19ECF865B2CABFC46C75D516561D5A8A81A8ED55B4EDBA41A13A7110F474473740200AFB035B9597A2511D08C2A2E7A9ADE2C2AB4D3F168944B8328 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2171 |
| Entropy (8bit): | 5.089922193759582 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DTeT8uUbnFdsLnFHv+Gpm1qL5DQNDDaoN3mpZfN15dPnfuOOg5wZ5uAq8fAS:8L+Tec1x8Siule4S |
| MD5: | 5454F724C9CDAB8172678A1CC7057220 |
| SHA1: | 241A57018ACE1210881583A9CF646E7D2E51412F |
| SHA-256: | 41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113 |
| SHA-512: | 40E311EADA299996E32A7D35223CA678A03C869D63C023D59BC97A7B2049B0252AA9D0A7EC8558D5ACB73BD14C7BFA913097E65ABEE7455658DB7E35BBDA8AE1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2368 |
| Entropy (8bit): | 5.270514043715206 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7Du4OT82gXusarwkfpYrKD8DTNkbNuoN3mjbsNniIPh8ynN1NYd4iYuffAL:8LKTsXgpYr2IyoiiOffpT3L |
| MD5: | 96ACAAA5AEF7798E9048BAFF4C3FA8D3 |
| SHA1: | E76629973F6C1CFC06F60BA64FE9F237B2DB9698 |
| SHA-256: | F4AA983E39FB29C95E3306082F034B3A43E1D26489C997B8E6697B6A3B2F9F3C |
| SHA-512: | 964F73E572BDCB1AD946C770E6A2FB4A1CE54AF4B5BB072F64256083BA27A223F4DAD4A95B9D2A646180806D1F977726147970B06AAC35EED75AEC6CA89ED337 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2147 |
| Entropy (8bit): | 5.130635342194656 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DuoT85b0s/4TDoYDj4NF5j2hN3mMNYskPDXKIMaKcP9A5g:8L1TmBHjs59M8r6 |
| MD5: | BD39ADB6B872163FD2D570028E9F3213 |
| SHA1: | 688B8A109688D3EA483548F29DE2E57A8A56C868 |
| SHA-256: | ECB5C22E6C2423CAF07AEBE69F4FAF22450164EEE9587B64EF45A2D7F658CA15 |
| SHA-512: | F2826BE203E767D09FF0D7677E1CF5B13113B773D529166DAE02A1F5DB2DC58E0856A34901DF70011EBABB6E964FAB7ACF38590E650BD629D4E4DC4CB36C8D45 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2880 |
| Entropy (8bit): | 5.408094213063887 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DkTT8fjtEeusogrohY2Ar7DHNnjTh53oN3miRMNKrdPin+/uYcbSkuEIcOvG:8LYT8EeHMMJRNi1Ruwi3OwL |
| MD5: | DAF167AF4031EF47E562056A7D51AA73 |
| SHA1: | 0156B230CADD6169AC2820865E3C031ED79785EF |
| SHA-256: | C91C9E87AB4A6DB078F1991F4A2CDC726B58A40E47BCE49D39168A8F8F151C3B |
| SHA-512: | 5E87EE3838E3595ADBD7EABA6E3E33CDFEA5E15ED716FBCCDBD55235B3E53E1E41EA5A907F425E96C35167543C7F75AC5214B5AEE177D299FC2464A68B22851E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2701 |
| Entropy (8bit): | 5.416644976437225 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7D+cT8muPusz2qs1u+Vh1TqDINHZJoN3m8fN0vPp3OAwa2ywSODAubHK/TAB9:8L1TuPdKNzfifFmcat0K/V4bd |
| MD5: | 776CDF9B481F0E857758E9BE2771AFDE |
| SHA1: | 06C320749964BB4107815D88A37C7451AE4284BF |
| SHA-256: | 63EC83F825844C8F568130FA0CA5FC72266B2F55196769327024E66E04CA2483 |
| SHA-512: | 18B82E8CA973644A571A769E7E5B29832870AEA705BB67601B2E0BA3E3830BFD5547F08C19B8044859E12EBE5F1077CBF1C4E1DE27D6C1C3931C4A3AA2E3C899 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2132 |
| Entropy (8bit): | 5.1255014007111495 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DviT8NFLbu9sM2vECjf26axBZYXcqADCNKTbkoN3maT6NWOjEXPauOOKYnhf:8LmTAcRnQXFPK0iHMsfb2Ws3M |
| MD5: | D95E81164C57B6FD75E7C3022454192E |
| SHA1: | 5D5ACBC56E7078AF4D04C45B78C0FF090C02EE6A |
| SHA-256: | 6DD61CC6B87B53EAF28430068A2A459730FD4B2BCF876CCDF040212D04C4FE7D |
| SHA-512: | 9E4BA81A145574818DD6A1F1D0EC38EA1629C7771919C35923F440E31EA9912E1630D94FCDB82B71104EBD61D0321DCDF935BA20D69988EE6E9B22259186AF0C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2303 |
| Entropy (8bit): | 5.2754753523795275 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DNcYT8anOSMsHEqGpcBztpvrJlrs2ZmNI2+Yo6irN3m22NFcPc+4Trzrdgc7:8LZHTE7APaTI9sq6yEbgg |
| MD5: | 01B200E06BA600A4EF00C00F7AAC5CE4 |
| SHA1: | 22234426C42637E069A46217019551E4434A4AB6 |
| SHA-256: | 06BFB6DFBC38105C699DEA226A029DF3EF673C33E4B8928DC4EC7FB8F761487D |
| SHA-512: | 8BDCF7533A6BCFA231B42A7EF845A70C7535FBF607D62FF6404928D5941BA6AFBF139450A1A1B58C65FACF88DC0785AEC4ABEFBCC803466A58B1930F7C468CDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2200 |
| Entropy (8bit): | 5.1485120966265 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DZ0T8obZsw9g5gS56K97D7NCt2VoN3mQXNJPOhP58vqc1qwueo3RAL:8LyTLlS9h9hCtsihdxOh+NL |
| MD5: | 5836F0C655BDD97093F68AAF69AB2BAB |
| SHA1: | B6842E816F9E0DCC559A5692E4D26101D10B4B16 |
| SHA-256: | C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C |
| SHA-512: | 640A79D6A756E591AD02DDCCC53BC43F855C5148B8CBB5CE6C1CAF5419CA02F7B2AFF89CCA4C056356814D3899EF79BF038B4E8B4B79EB85138A3CEDCCE93E5B |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1980 |
| Entropy (8bit): | 6.189594519053644 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DjQT8tOBousi+zq+frUR2ropNV2rfN3msNUqPPT9T+DwZ9f5wDTAV:8L4TGUGw3V8N3RykV |
| MD5: | A34DCF7771198C779648B89156483E83 |
| SHA1: | A6E0FA91CD50048511C7BEF1BE3A8D32B42B6D1F |
| SHA-256: | 89C559C6765F8D643469E3C8F4AA93023F09369B0395EA647FAD5AF3C2893EB6 |
| SHA-512: | 0F1D7BC4FD64E18EEEC488CDCE01FB6BFA5CD3BFF614A8D03E388D39F569B8341E74302946877EB25BA1EB17AEC137499189605E251FAFB6B20051744CB463B1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2211 |
| Entropy (8bit): | 5.1155097909395035 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DbT8QGls54nK3znI5zKDj4NLkdoN3mMNYsEPbpK2Aegeu9A5g:8LXTUasJnYdi59som6 |
| MD5: | 8A278E519EF81B2847490EFB070219BC |
| SHA1: | 7365EDF6E4F9E66B6CEE47933B6C70FF0B9ECFF8 |
| SHA-256: | E2BFDB2CF3BEAE2E988827C52C58006D7EEAD4ABA5312B5EAE1F6CCF3863C385 |
| SHA-512: | 88275C1136FFB15AB04D315E8601BE2DE77387F3E00F17E9807E415A9DFC4A73E2CD3B5710E4CA58006F91E18180D7CFAEEF4E8319C624E1B81397F9CB9ECA92 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2400 |
| Entropy (8bit): | 4.992567587099768 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DLT8/OusS2V8j4Lq+7dKzCLdqaaD6NJaXFoN3mRNLo3PWKWnRcsB9A8:8LfTz+8EPqKqTJiFikUgk8 |
| MD5: | 1024AA88AE01BC7BA797193CC6023375 |
| SHA1: | 9252A309C1CB32573F4D58A595A78660FDF54B2F |
| SHA-256: | B884C4ABB8867553C1FFADD6721C2135EC5F9F1455C3F668D711CCEA65363D1A |
| SHA-512: | 77E6DD332104C0461B7C5A08469161AF3F1DC51D3B55585D39DD9FC9E2088DA036BDF2278CFB96CA702FD26CE073C6C6F66611313270700B9E7A76600C1C8E38 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 17406 |
| Entropy (8bit): | 3.689906065154555 |
| Encrypted: | false |
| SSDEEP: | 384:X0s5nlXxgFEuhO1i1bWYWd9c5W/WxXClcibj:X0s5nlXxgFE2LbpN5+x |
| MD5: | EB67F8651AC8266DE916753DB3D42669 |
| SHA1: | 0464EA4CFE13DFE80554643DA826D5E476E488CC |
| SHA-256: | 760C2E15D3CC33CDA3A9820F007CAB0478E1D4FF2F475971E0B73AB5337F09D1 |
| SHA-512: | BAC480A4F5BD91057BAF62E18F3B7C3403B7F27F92548C3C2AFCBDD5AE32C06AEEBD9A6A08FA959CE1FC89308281F9F68498C61374964EC50C6473E53C9AA01B |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 791 |
| Entropy (8bit): | 5.061501009029691 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdGbP07lzc+TXYr+XJ9bWzc+TXYcX1QpXbo02Vymhs4v/bX5JXbbQtmyjyuxm:2dKP07RtYry9itYwQVtXmh7bLgtmyjyF |
| MD5: | C5EB5E3954D1A143028343F5B303E7D2 |
| SHA1: | 3A80882B02D6CC9D09AD0B7BF279DE6F080726C3 |
| SHA-256: | 6B60848A2DD83CBFF8F8B5161477CAEBA2F714AD4DEB54644BE589F63D865B3A |
| SHA-512: | AAE8B7A4549436D35DEBAA57A7AA14FB18FC46384AE0AB65607BC74DBA992A4E9D2C9BC66EF4E0FB959403E0E33A8EF0F8A37BB6DE7C2F6C4B5A5890E9958F38 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 93968 |
| Entropy (8bit): | 5.8605371011542875 |
| Encrypted: | false |
| SSDEEP: | 1536:2HMBp/GRbgi5ofpiG2pq+51zogZVPilxi:2uUbV5jlq+51zowVPZ |
| MD5: | E808F606E54D6F823B9D22F56E8982FC |
| SHA1: | 9A7342DCCD0C6E51432D7E33D0886239759BDA4F |
| SHA-256: | CF2AE76D1DA5AF70A72259E7E51DAE62C715BC32239DAF5DA6B1BDE122BCDAB6 |
| SHA-512: | ACC26487BD3387EB8F8EA0FA1790198FD773ECF85AD61B4ED5B88815C9B03B35AAB81747DB065DEAD1B51AE6276D58C51B53AC71B1FAE12505860664721EA2BB |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 109468 |
| Entropy (8bit): | 5.306858621424133 |
| Encrypted: | false |
| SSDEEP: | 1536:4Z9cTd1iIOnUa8CmIbkGja5jVNMA+i86eFQjYLQJOJimaLglndcN6d9DoPAcjyzQ:4ZEnN/u3qidQW97KmZ6IE61APz |
| MD5: | 87C8E0A6E2A249413B88080DAB0E3A95 |
| SHA1: | 42A46F75C8A9A4E0F6D154A46DB074C9CF5FB388 |
| SHA-256: | 4B02F9AE82ED364C2DCC54AADADC0AA950530BF5C69659DC1C926C666250F646 |
| SHA-512: | 855F50C8A2DBC4B7FA25454A21C5EE40C19A9228156AAF0B32EF5C3E44CC647AAA79C53CDDBB67C9CF0AC17A61660E8A4BC90227753B406ADBA238FD6B6761C8 |
| Malicious: | true |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 126464 |
| Entropy (8bit): | 5.761526804882093 |
| Encrypted: | false |
| SSDEEP: | 3072:BXpTk1Pla+8e/vc/XM+MWWftfT5757XFl/gySY0SVqF:bk1tOoYD0 |
| MD5: | 97458FB37FCBEA19B16704474E0BB747 |
| SHA1: | D846A58C2DFA287DC070A3B3EAA12DE54AEFC5F4 |
| SHA-256: | EB6841497CAFAB1AAC432B09F4979997FA3314D4828BE15CDBD37F621BA38EAC |
| SHA-512: | 7EDEAADAE25C60ACF5FA969655AD667826DBEC8025A09BD14933D81C3FDDF2E6409C2F60345DA2420D63C70B3B4985F8E33913FE09AF5CB4695B28B2BA561F3D |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49152 |
| Entropy (8bit): | 4.476480919433434 |
| Encrypted: | false |
| SSDEEP: | 768:0exl81nX6ZxlvUAa7KoBv7epginbCe7AXjuw9tL0Duxj7tr+BrLFS:0exl81nK34PJepgqcVz7 |
| MD5: | 26A0959C90B97D5E7D73CBB652C99E49 |
| SHA1: | FC31DBC77734DBC37274673EB7F3892BD54E3D7E |
| SHA-256: | 995D364A7396028314503D6E94ADE774A562FB09A5D3347D0B840FD596D47EB9 |
| SHA-512: | EA8C6EFEB74A07169FC3BBD12D5AA401FEC9D003F03B1973DAECDA2670C39BCEA7CBA891B804197827C20DAEA41772C09209839211102997CF92CF666113564F |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
C:\Windows\Temp\{D903B613-265B-42B6-AC90-268A845DB3BC}\.ba\Microsoft.Deployment.WindowsInstaller.dll 
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 188176 |
| Entropy (8bit): | 5.959466185021699 |
| Encrypted: | false |
| SSDEEP: | 3072:pGfZS7hUuK3PcbFeRRLxyR69UgoCaf8xzCnfKlRUjW01KyPePc:lzMRLkR6joxfKK3 |
| MD5: | C2C83128276CC7C9CCCC399BB5D76031 |
| SHA1: | 776F9CA8175D95D0BC7C44847D60091BDF415041 |
| SHA-256: | 791DA16B0DF6956E88B04DAB8B543B99DC2ABD9AF24AA25208FE5A0981E811B3 |
| SHA-512: | C8651107F699DAA299182DBE594DA76CD794BA0D7661A483AAA932F0967A3AF5761C8E8A3250CB501019D39B483D09427AC75AA7FA3A191A090E226D8D9FD515 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 487134 |
| Entropy (8bit): | 4.601239497004852 |
| Encrypted: | false |
| SSDEEP: | 3072:Eyyk9hhW0H6A9xaGAX1YWM90QtDzncMpvETn7TZdP6zXcqHJhpARQ/l/3:Eyv9hlU1YTtUOb |
| MD5: | 3F3B628AC91EBBED6F7F76775A236100 |
| SHA1: | 04B6A51730C9C6BB98877B72BD8263AD7278C437 |
| SHA-256: | 61CB0C6259A7F40E8FDBC8314BE5B0F9B5BE12063756E14B8C0119CA1BCC95F2 |
| SHA-512: | 177E145268F828D4ED4C0274864FE39A03C8405D18B01D7DD923E8B5AD883321C4438FD4B026AF99EAB95FEE2EE7EBB0DD5B8B08A6DDFB6466E9B5639AF18629 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 701992 |
| Entropy (8bit): | 5.940787194132384 |
| Encrypted: | false |
| SSDEEP: | 12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5 |
| MD5: | 081D9558BBB7ADCE142DA153B2D5577A |
| SHA1: | 7D0AD03FBDA1C24F883116B940717E596073AE96 |
| SHA-256: | B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3 |
| SHA-512: | 2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32056 |
| Entropy (8bit): | 6.149258764371362 |
| Encrypted: | false |
| SSDEEP: | 384:TIBLvfWZ+Wzl0Mu/ygnmfIQkakJFpgIYiK+DFtXeOAM+o/8E9VF0Nybj:TIB3WZTzONzmfIQ1qpYiRkOAMxkEJ |
| MD5: | 03C9179C32BB23812675213C08C580D8 |
| SHA1: | 6001EA371017C9020FDB7F97C5FF334702B755E7 |
| SHA-256: | EE02E48A04A159E259045648AB1194B0498C42EF6472A2C72B79B3B318DDF07A |
| SHA-512: | A5242BD24979A6BB86AC8292D858FC47CAA302BF7A2F7D3878B14E4C0C165CD9E937805C9FDDBF9C9CB87B33D710BEF94137000B08EDAE4C424CFC3C0E2517B2 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16184 |
| Entropy (8bit): | 6.883732183894757 |
| Encrypted: | false |
| SSDEEP: | 384:iByhaQnIYiK+DFc1HyAM+o/8E9VF0NyEKf4:/haQIYiRESAMxkE7A |
| MD5: | B9A21405CE4DD0D00A6FC7FEF3419B6D |
| SHA1: | FADFEA99FB6EC71DF37DA8DA767A77BB9358B365 |
| SHA-256: | DB90EB10716D696D14EBA3E786B97258FE4E0F52C4AAA99EC63CC51CE7F0C6A1 |
| SHA-512: | B8DE2600F62B439BD486F4FFA3228342D9DB18A97A7451C29488E58D14D1AB5BBFAE0076C89C874AC2B8A3F37BB0D28DC8350AF6C4B64B35600ADCE34957BFD5 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 138552 |
| Entropy (8bit): | 6.241173028161675 |
| Encrypted: | false |
| SSDEEP: | 3072:LAsTc+v+AZKLJcukLW/Zd97oRr1wBvCCcbNs56/NZ:Lxb+AZKLJc/W/Zd97ocBDcb6Q |
| MD5: | DC208D933BA6974A5BBF8B6619469DE5 |
| SHA1: | FF60667807BEB0A4BDE6F699613161BE9F435128 |
| SHA-256: | EFF24B3D2933F3B058E7E643A0A7BAB6BCDF5948A6EE9EEC469A8E80D7978638 |
| SHA-512: | 80DDB47A30ADACF5341B165E3B9C0A2EA62D6BA20216BFDFB66D3C434B7CB4FD69EED1908CC21A7F1F46CA5BCE277128AB69874BDC019D9CE5942FA304C25733 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6354 |
| Entropy (8bit): | 4.944393334683147 |
| Encrypted: | false |
| SSDEEP: | 96:c2s5gEutyj6jnnii7jU7V7buuZVj9uxJPuFPuO9uo9u59uMRPubdPuF:G5OJAFXUZR4dI |
| MD5: | 70105BA2C15F727FA2AD4EF0B1E79899 |
| SHA1: | A69CACF34376303F24B7BEB3D619F10FD896FA56 |
| SHA-256: | 16E696A3A6217BA72D8A39273FBB118920C00D98580BBBF2C79A2D71F055F68B |
| SHA-512: | C8B15AA1D1940AD7CA484BA08F0AB1E64B1C528C537B2F2B8D0DE0AF6ACA51A73F2EAD97EFDD5923405A6679F8322232F314C55D5212B0AAC7AD5BCD78B4A73A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 408888 |
| Entropy (8bit): | 5.989634248935896 |
| Encrypted: | false |
| SSDEEP: | 12288:KN9r8z5XI4sD6LDn63TW6HY/681R6QlE6Pc56Sx56DO06ZVF16DzO6mfs6csJ6Jh:2w44sD6LDn63TW6HY/681R6QlE6Pc56D |
| MD5: | B851F3727BE3DD95CF79A7A1ACD9C7DF |
| SHA1: | 97B40D9DFB0966C711141E6125CC33C12513A4F2 |
| SHA-256: | 02BCF34D2D49A48EA8C249A4BD637BE2CC86B6DA8F067A783CAEB6E9719DB816 |
| SHA-512: | FAA071E55E5A99A50706F60714499E86B191C902DEF9F5C194AAAD34D335A5386B9E83C516BBBC41C3109CB86FC6158E449D10CA7C2E25C142CBA4EF5D84702B |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 134656 |
| Entropy (8bit): | 6.559676765965599 |
| Encrypted: | false |
| SSDEEP: | 3072:EwiCCLJxzFa/XIZnbFBIa3APoGfAoA/g:GCQF3HBIYCbSg |
| MD5: | 695BD38BB62302A0903E4CED008A73DD |
| SHA1: | 7828E9F925AB978541E7DA8A21C79A9CEA5B1545 |
| SHA-256: | 5EE45A965AA6BD6C00C795BDB394B9A8D911FBC8961EF62E55014F53EFE64F9F |
| SHA-512: | 67203AE6D51210F409B95674B6BA184A1F6C6768D3FB28424048D3240C5D467F91E49D0FB92CDCF211219C996057D21B70C9D3396F9874FD4D710CE69DD3C077 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1757184 |
| Entropy (8bit): | 6.006043757845107 |
| Encrypted: | false |
| SSDEEP: | 49152:KV2Zc3HyatnKl9tFTIfh3TvtomXvJTX5d+tF4:Vc3Ht |
| MD5: | 2F055F819691AA4A8A6FBF8FDBA2FC4C |
| SHA1: | BD0ED47F54DFDA63CA1DD0EB377BDC74A0D9EB8F |
| SHA-256: | A2C897A03F9F4795426EE058EA386A6891ACB9A8179B77060515A6BA6525E242 |
| SHA-512: | 58BF10E629A14C1086571814D00E2B8DDEF94252EF2727DAEF684F8690A14B8D91DB845340842B6FE178979E9E5CB697E6E3A09DD6038DD2B6AA3F9B007B0DAF |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 628536 |
| Entropy (8bit): | 6.36985683629423 |
| Encrypted: | false |
| SSDEEP: | 12288:XzFpOKFuMhNbUJaLsclwB9FrIJJaqCNktA+SXfUCc:XzFpOXZ4lwB9FrIJJpCNoh+7c |
| MD5: | 972F04F6F53DBFA26857C67A42523C70 |
| SHA1: | 6CBB6044DEBA48058DCE69A3A76D8E38FB14FF7A |
| SHA-256: | 993D06F7AAAC5571A0BB6F3FDD6F066BB4AE41AC11510BDA065930D0502FD2DB |
| SHA-512: | 585C394D516E87D46B18747E16D2DDD87203288DB711EFCF2EB6994CAC7586A9A8A8AED1C6C26F50B2DA06DAFEF9BC3486DD9821A9A2F11FD0E98C4401832F4C |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 443 |
| Entropy (8bit): | 4.9956781913821064 |
| Encrypted: | false |
| SSDEEP: | 12:JeUtBRfUtKLCdoGNq4U2Yka6BU897tiKV/ljuB2T8SptXi:JeoRff0TwFG+etjVNyMT8Spc |
| MD5: | F9A6786F6405CCDC77CDC04929F7216E |
| SHA1: | 1B9DA34F8AD1393E6C33F75205ADC5983691DA68 |
| SHA-256: | F6460F68EC235181A70ED25CE8E2E9A05B241E78ADE64C4F4B4D0537EF09DF3A |
| SHA-512: | 8A906CCF31E2BA8D8A428372077DE101CCEA821FFB630B7EC7D5F2BEEC5124FC0A49FE3DB162344817E7D96AE2EBCB9C0E067DA1F41625CF1A2302897DE283E3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 142616 |
| Entropy (8bit): | 6.730761600307328 |
| Encrypted: | false |
| SSDEEP: | 3072:1xWu4uSLObpRTiyX+mJq4fazD3eN/LdYGrvqvP:OLudRPDq4fOCGGLq |
| MD5: | E3471734DF4345B4EC9F60333A96982B |
| SHA1: | 8416F57FE6A376CE421DB24474859FE78A66F222 |
| SHA-256: | D728E7449243BC7099890BADB6FAE3F2B082A80D9C950E498051F89A65D48687 |
| SHA-512: | 519598CE63B0E3AEA3F548B37191C52F59C70EB46FB2D12C16113A6662028F315B020A642D1A9821C3B17D22FABF328E4BBE68F99CC6EDBE331EEF508A195F2A |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 210200 |
| Entropy (8bit): | 6.679490293698669 |
| Encrypted: | false |
| SSDEEP: | 3072:tEIwsGi6eTe5uBR3SupIu+ieZpKamkOLCaQuEsSyhssS2KPjbfkd4qhgTrm9b3EJ:tEZdi6e93SuDeTKZxQfsRy26BqbUHF |
| MD5: | 87C8A7EA44E8EE0D9358E25B7DCD397D |
| SHA1: | 0E2021BE823FEE499175D2C0D68346D15C02A376 |
| SHA-256: | B7DE0A0CA3A94738747ABD708E30BA1F9638A8C8B7D8173C76D4F39FAE3D9346 |
| SHA-512: | 98B5BBE5BB3EC331A0025E3DA209296050B2F695BE5A4B90B5C939F8FBBAADA6DD93483EBA779C10151546C2798AAB5282FA619A55EC0CF04F56A03795A0A3F5 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 797 |
| Entropy (8bit): | 7.648767094164769 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7rW3M/jDYAlFTzdvhKZ7e/cbp4/82UNb6MjmlKPNXheD1H0oJodqSXaTbutak:lQD1lldv8Z7g04/82Y6+Pxi19mDoqt5 |
| MD5: | A356956FD269567B8F4612A33802637B |
| SHA1: | 75AE41181581FD6376CA9CA88147011E48BF9A30 |
| SHA-256: | A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03 |
| SHA-512: | A0F7836AEFA1747F481C116F6B085F503B5C09B3A1DD97CD2189F7CE4E6E7EA98F1F66503CBA2E6A83E873248CC7507328710DFA670AA5763DF8AEDCC560285E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3915 |
| Entropy (8bit): | 5.15881451198739 |
| Encrypted: | false |
| SSDEEP: | 48:cecHddpXBT2E/zPHWgtpmAPH8TSJmBP+NPHrM/O8YpQbFUuhJ3PK7usPH4Lr:wHdHxS4Z9UG4BmNjCOhpsB3PswP |
| MD5: | A20778EC90A094A62A6C3A6AB2A6DC7D |
| SHA1: | 74C131B5FD80446FFDF2AFAD723762DD36621309 |
| SHA-256: | F8C3A03F47F0B9B3C20F0522A2481DA28C77FECDBB302F8DD8FBED87758CBAEA |
| SHA-512: | 47F34A9F416D223DCBF071E7292A05554AF3D27CDE67FC8C161C1BED564C6E7FC448C2F482E05F33149C782E09C681BD65730CA00CF9EC68B284128214B75529 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2464 |
| Entropy (8bit): | 5.076345322304751 |
| Encrypted: | false |
| SSDEEP: | 48:cxX7DxMT8dbCsK19Wqq8+JIDxN3Wm2WcN3miNlLPDHXsmkaYXfXQ2BmGA7b1fABP:8LuTY1xmmmTerNR0AT1O |
| MD5: | 4D2C8D10C5DCCA6B938B71C8F02CA8A8 |
| SHA1: | 11577021465379E9D1FF4260E607149BA5DFA6B3 |
| SHA-256: | C63DE5F309502F9272402587A6BE22624D1BC2FEACD1BD33FB11E44CD6614B96 |
| SHA-512: | AE791C1F05821167F1D2E1D07DBF95FE7E72B35B3E4B1E22720006C7A672B1330B748414792392B0E806F111AA4EFC1C424F4479EBDE349E3F079792DBB3BF47 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32002 |
| Entropy (8bit): | 5.025759575952749 |
| Encrypted: | false |
| SSDEEP: | 384:O8dIn/kaoJ/4A4A04ztIIhsGYz4sxSeXQXyhVJIRW+A8O06nT8:3EMYA4A04ztRsGYUeXrhVJwAznT8 |
| MD5: | BA1B4D64FCF1F94A24035E93E29EA101 |
| SHA1: | C96B453F1DCBA7BDD923AE674C76BE7ADAD4CC88 |
| SHA-256: | 08FDC9DFA031096EBA53591B34BDC5260F5099C971C121099F6D23D8A3FCD989 |
| SHA-512: | 701F8CD34D6C9DD8AD3973EA13F86DDFF2297BAA28D5FB8974B0778D2D0FA673AD8C6A308B46D9CBD5A5660E422669073904A82AB66F13435F5944622932BF3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 438755 |
| Entropy (8bit): | 7.9972466725622775 |
| Encrypted: | true |
| SSDEEP: | 12288:QVOwWNo1hsV39ll0XD/fzMJPcaURde9dd:xRN5Tll8fMJUB+/ |
| MD5: | B2E44D600B9B704FAE1214404D84A179 |
| SHA1: | 8A9AFB881C281BEC9E5B5917BD16FC770B7F93BE |
| SHA-256: | 27BFD90BA42F49D55FA909F6E7B2C58B5496EA1945094CF39CB9166F554D5878 |
| SHA-512: | 50511D204D947246FE9D507F374A25E1EC66BE148832236D4275438F8146E3FBEE03C8DF3D6B513D4820E5FA2AD92865035AFBAE30850CB012A9D1F78598AA09 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.931434291852171 |
| TrID: |
|
| File name: | Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| File size: | 2'897'096 bytes |
| MD5: | 357a952831051d757359cadc23b43f43 |
| SHA1: | 5cc270135b1925ae6b51004f22820eb2f94d21a4 |
| SHA256: | a33de435ee5de842b967ae90f0bdbfbf6d6eb067fb1932828706ee4439f72479 |
| SHA512: | 8d09190239fdf781ad5b3a9cf6a3e8f11498ae79b955c7bf2120faf59e896e269ba1c365bf8d5b30c3c8770cfc6a1fed3b79501d5e0975d729fa709c88ed03db |
| SSDEEP: | 49152:QLZ5zot73nxu7LElC5tRnLuiFz9tVoLeuDPb7RI3evHESsUlWiATxwt715ECpD:QLZ1om7L8CRnaiF5oLvjbtzvHEntiATs |
| TLSH: | 16D51232A5611037EBF10573A968A5313E7DE3282B51C4AAE3D4BD1D7EA98C163F7213 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]aN.<...<...<...L...<...L..j<...T...<...T...<...T...<...L...<...L...<...L...<...<...=..PU...<..PU...<...<...<..PU...<..Rich.<. |
 | |
| Icon Hash: | 2d2e3797b32b2b99 |
| Entrypoint: | 0x4302e5 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x65FE02D3 [Fri Mar 22 22:14:43 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e277f1464e7729ad9df5ec047611738a |
| Signature Valid: | true |
| Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 2CE589519DC7CF658F9B06E070D63066 |
| Thumbprint SHA-1: | 09E8B118160523D6F4A192B0227A53426EA033CF |
| Thumbprint SHA-256: | 841883BCE7CFFC704FA90F659A7790DF68BFB1C364B9CA7C828853422F5B6E95 |
| Serial: | 0D69B823F48CA83D774B1798C991D4D1 |
| Instruction |
|---|
| call 00007F6A84E90EDCh |
| jmp 00007F6A84E907CFh |
| int3 |
| mov eax, dword ptr [esp+08h] |
| mov ecx, dword ptr [esp+10h] |
| or ecx, eax |
| mov ecx, dword ptr [esp+0Ch] |
| jne 00007F6A84E9095Bh |
| mov eax, dword ptr [esp+04h] |
| mul ecx |
| retn 0010h |
| push ebx |
| mul ecx |
| mov ebx, eax |
| mov eax, dword ptr [esp+08h] |
| mul dword ptr [esp+14h] |
| add ebx, eax |
| mov eax, dword ptr [esp+08h] |
| mul ecx |
| add edx, ebx |
| pop ebx |
| retn 0010h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| cmp cl, 00000040h |
| jnc 00007F6A84E90967h |
| cmp cl, 00000020h |
| jnc 00007F6A84E90958h |
| shld edx, eax, cl |
| shl eax, cl |
| ret |
| mov edx, eax |
| xor eax, eax |
| and cl, 0000001Fh |
| shl edx, cl |
| ret |
| xor eax, eax |
| xor edx, edx |
| ret |
| int3 |
| push ecx |
| lea ecx, dword ptr [esp+04h] |
| sub ecx, eax |
| sbb eax, eax |
| not eax |
| and ecx, eax |
| mov eax, esp |
| and eax, FFFFF000h |
| cmp ecx, eax |
| jc 00007F6A84E9095Eh |
| mov eax, ecx |
| pop ecx |
| xchg eax, esp |
| mov eax, dword ptr [eax] |
| mov dword ptr [esp], eax |
| ret |
| sub eax, 00001000h |
| test dword ptr [eax], eax |
| jmp 00007F6A84E90939h |
| int3 |
| int3 |
| int3 |
| cmp cl, 00000040h |
| jnc 00007F6A84E90967h |
| cmp cl, 00000020h |
| jnc 00007F6A84E90958h |
| shrd eax, edx, cl |
| shr edx, cl |
| ret |
| mov eax, edx |
| xor edx, edx |
| and cl, 0000001Fh |
| shr eax, cl |
| ret |
| xor eax, eax |
| xor edx, edx |
| ret |
| push ebp |
| mov ebp, esp |
| jmp 00007F6A84E9095Fh |
| push dword ptr [ebp+08h] |
| call 00007F6A84E9A11Dh |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6bfd4 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x71000 | 0x3af0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2c0b90 | 0x2938 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x75000 | 0x3ebc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6ace0 | 0x54 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x6ad34 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x646e8 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x4e000 | 0x3d4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x6bb54 | 0x100 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x4ca3e | 0x4cc00 | 6815c282e1bc693149a4065a4b552600 | False | 0.5385948951547231 | data | 6.575139639749137 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x4e000 | 0x1f626 | 0x1f800 | b06ec0f7aec92ec457d68a2887bdc39f | False | 0.29986669146825395 | data | 5.082703220713294 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x6e000 | 0x183c | 0xc00 | 350a688b66a5ddc1ea1d1a0cc2d04020 | False | 0.23274739583333334 | firmware 2005 v9319 (revision 0) \261\031\277DN\346@\273 V2, 0 bytes or less, at 0 0 bytes , at 0 0 bytes | 2.869037900210062 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .wixburn | 0x70000 | 0x38 | 0x200 | ad9a401d16b1107a8f0cd7f7d3df45b2 | False | 0.12890625 | data | 0.7258747138069125 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x71000 | 0x3af0 | 0x3c00 | 6e589d1a19fa687af80c13ec283a208f | False | 0.33372395833333335 | data | 5.506701043212035 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x75000 | 0x3ebc | 0x4000 | ac56ac7d93b473ebe9a2a079106f6056 | False | 0.79290771484375 | data | 6.748278735648908 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x71178 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.43185920577617326 |
| RT_MESSAGETABLE | 0x71a20 | 0x2840 | data | English | United States | 0.28823757763975155 |
| RT_GROUP_ICON | 0x74260 | 0x14 | data | English | United States | 1.2 |
| RT_VERSION | 0x74274 | 0x3a8 | data | English | United States | 0.43162393162393164 |
| RT_MANIFEST | 0x7461c | 0x4d2 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminators | English | United States | 0.47568881685575365 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, InitiateSystemShutdownExW, GetUserNameW, CloseEventLog, OpenEventLogW, ReportEventW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CreateWellKnownSid, InitializeAcl, DecryptFileW, SetEntriesInAclW, ChangeServiceConfigW, CloseServiceHandle, ControlService, OpenSCManagerW, OpenServiceW, QueryServiceStatus, SetNamedSecurityInfoW, CheckTokenMembership, AllocateAndInitializeSid, SetEntriesInAclA, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetTokenInformation, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextW, QueryServiceConfigW |
| USER32.dll | PeekMessageW, PostMessageW, IsWindow, WaitForInputIdle, PostQuitMessage, GetMessageW, TranslateMessage, MsgWaitForMultipleObjects, PostThreadMessageW, GetMonitorInfoW, MonitorFromPoint, IsDialogMessageW, LoadCursorW, LoadBitmapW, SetWindowLongW, GetWindowLongW, GetCursorPos, MessageBoxW, CreateWindowExW, UnregisterClassW, RegisterClassW, DefWindowProcW, DispatchMessageW |
| OLEAUT32.dll | VariantInit, SysAllocString, VariantClear, SysFreeString |
| GDI32.dll | DeleteDC, DeleteObject, SelectObject, StretchBlt, GetObjectW, CreateCompatibleDC |
| SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW, ShellExecuteExW |
| ole32.dll | CoUninitialize, CoInitializeEx, CoInitialize, StringFromGUID2, CoCreateInstance, CoTaskMemFree, CoInitializeSecurity, CLSIDFromProgID |
| KERNEL32.dll | GetFileType, GetStdHandle, EncodePointer, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, CreateFileW, CloseHandle, ExitProcess, CreateFileA, SetFilePointer, WriteFile, GetLastError, GetCurrentProcessId, GetSystemDirectoryW, LoadLibraryW, lstrlenA, HeapSetInformation, GetModuleHandleW, GetProcAddress, LocalFree, SetCurrentDirectoryW, GetCurrentDirectoryW, CreateDirectoryW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetFileAttributesW, GetTempFileNameW, RemoveDirectoryW, SetFileAttributesW, GetTempPathW, MoveFileExW, FormatMessageW, lstrlenW, MultiByteToWideChar, IsValidCodePage, LCMapStringW, ExpandEnvironmentStringsW, GetFileSizeEx, GetFullPathNameW, ReadFile, SetFilePointerEx, SetFileTime, Sleep, GlobalAlloc, GlobalFree, CopyFileW, GetLocalTime, GetModuleFileNameW, CompareStringW, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, FreeLibrary, InitializeCriticalSection, DeleteCriticalSection, ReleaseMutex, GetCurrentProcess, FindFirstFileExW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateProcessW, GetVersionExW, VerSetConditionMask, GetVolumePathNameW, EnterCriticalSection, LeaveCriticalSection, GetSystemTime, GetWindowsDirectoryW, GetNativeSystemInfo, GetSystemWow64DirectoryW, GetModuleHandleExW, GetComputerNameW, VerifyVersionInfoW, GetDateFormatW, GetUserDefaultUILanguage, GetUserDefaultLangID, GetSystemDefaultLangID, GetStringTypeW, DuplicateHandle, LoadLibraryExW, CreateEventW, ProcessIdToSessionId, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, WaitForSingleObject, GetProcessId, OpenProcess, CreateThread, GetExitCodeThread, SetEvent, WaitForMultipleObjects, LocalFileTimeToFileTime, SetEndOfFile, ResetEvent, DosDateTimeToFileTime, CompareStringA, GetExitCodeProcess, SetThreadExecutionState, CopyFileExW, CreateMutexW, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, GetThreadLocale, GetStartupInfoW, IsDebuggerPresent, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, DecodePointer, WriteConsoleW, GetModuleHandleA, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, GetCurrentThreadId, WideCharToMultiByte, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LoadLibraryExA, VirtualQuery, VirtualProtect, GetSystemInfo, RaiseException, GetTimeZoneInformation |
| RPCRT4.dll | UuidCreate |
| Description | Data |
|---|---|
| CompanyName | Bentley Systems, Incorporated |
| FileDescription | OpenUtilities Map 2024 |
| FileVersion | 24.0.0.11 |
| InternalName | setup |
| LegalCopyright | Copyright 2024 Bentley Systems, Incorporated. All rights reserved. |
| OriginalFilename | Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| ProductName | OpenUtilities Map 2024 |
| ProductVersion | 24.0.0.11 |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-21T21:57:49.346158+0200 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49689 | 20.119.128.12 | 443 | TCP |
- Total Packets: 16
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 21, 2025 21:57:47.230803013 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:47.230870962 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:47.230947018 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:47.351846933 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:47.351882935 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:47.951350927 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:47.951431990 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:47.954876900 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:47.954888105 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:47.955136061 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.011451006 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.056277990 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.335067034 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.335149050 CEST | 443 | 49688 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.335484982 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.339986086 CEST | 49688 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.381257057 CEST | 49689 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.381299973 CEST | 443 | 49689 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.381419897 CEST | 49689 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.381875992 CEST | 49689 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.381889105 CEST | 443 | 49689 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.960946083 CEST | 443 | 49689 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:48.963726044 CEST | 49689 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:48.963749886 CEST | 443 | 49689 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:49.346216917 CEST | 443 | 49689 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:49.346311092 CEST | 443 | 49689 | 20.119.128.12 | 192.168.2.6 |
| Apr 21, 2025 21:57:49.346544027 CEST | 49689 | 443 | 192.168.2.6 | 20.119.128.12 |
| Apr 21, 2025 21:57:49.346930027 CEST | 49689 | 443 | 192.168.2.6 | 20.119.128.12 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 21, 2025 21:57:46.940095901 CEST | 59873 | 53 | 192.168.2.6 | 1.1.1.1 |
| Apr 21, 2025 21:57:47.221690893 CEST | 53 | 59873 | 1.1.1.1 | 192.168.2.6 |
| Apr 21, 2025 21:57:49.349008083 CEST | 58756 | 53 | 192.168.2.6 | 1.1.1.1 |
| Apr 21, 2025 21:57:49.513127089 CEST | 53 | 58756 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 21, 2025 21:57:46.940095901 CEST | 192.168.2.6 | 1.1.1.1 | 0xba02 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 21, 2025 21:57:49.349008083 CEST | 192.168.2.6 | 1.1.1.1 | 0xf92e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 21, 2025 21:57:47.221690893 CEST | 1.1.1.1 | 192.168.2.6 | 0xba02 | No error (0) | prod-buddi-trafficmanager.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 21, 2025 21:57:47.221690893 CEST | 1.1.1.1 | 192.168.2.6 | 0xba02 | No error (0) | prod-buddiapp-eus2.azurewebsites.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 21, 2025 21:57:47.221690893 CEST | 1.1.1.1 | 192.168.2.6 | 0xba02 | No error (0) | waws-prod-bn1-207.sip.azurewebsites.windows.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 21, 2025 21:57:47.221690893 CEST | 1.1.1.1 | 192.168.2.6 | 0xba02 | No error (0) | waws-prod-bn1-207-3057.eastus2.cloudapp.azure.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 21, 2025 21:57:47.221690893 CEST | 1.1.1.1 | 192.168.2.6 | 0xba02 | No error (0) | 20.119.128.12 | A (IP address) | IN (0x0001) | false | ||
| Apr 21, 2025 21:57:49.513127089 CEST | 1.1.1.1 | 192.168.2.6 | 0xf92e | No error (0) | 89.106.200.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49688 | 20.119.128.12 | 443 | 7368 | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-21 19:57:48 UTC | 96 | OUT | |
| 2025-04-21 19:57:48 UTC | 358 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49689 | 20.119.128.12 | 443 | 7368 | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-21 19:57:48 UTC | 71 | OUT | |
| 2025-04-21 19:57:49 UTC | 395 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:57:37 |
| Start date: | 21/04/2025 |
| Path: | C:\Users\user\Desktop\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa40000 |
| File size: | 2'897'096 bytes |
| MD5 hash: | 357A952831051D757359CADC23B43F43 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| Target ID: | 1 |
| Start time: | 15:57:37 |
| Start date: | 21/04/2025 |
| Path: | C:\Windows\Temp\{A873772C-EA44-4227-A5A3-37331C088187}\.cr\Setup_OpenUtilitiesMapx64_24.00.00.011.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xf00000 |
| File size: | 2'735'248 bytes |
| MD5 hash: | 1B4C96DA3533ADE3A50D0D34DA728F28 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
⊘No disassembly
