Click to jump to signature section
Source: snd.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: snd.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: | Binary string: C:\work\file_sender\sender2\sender2\bin\Release\sender2.pdb source: snd.exe |
Source: | Binary string: C:\work\file_sender\sender2\sender2\bin\Release\sender2.pdbx source: snd.exe |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49762 |
Source: unknown | Network traffic detected: HTTP traffic on port 49762 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49849 |
Source: unknown | Network traffic detected: HTTP traffic on port 49849 -> 443 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: snd.exe | String found in binary or memory: https://164.92.232.192/data/ |
Source: snd.exe | String found in binary or memory: https://164.92.232.192/data/3Can |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92.232.192/data/WORKGROUP.813848/ |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92.232.192/data/x |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92.232.192x |
Source: snd.exe, 00000000.00000002.519656216.000000000327C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92H |
Source: snd.exe | String found in binary or memory: https://duckduckgo.com |
Source: snd.exe | String found in binary or memory: https://duckduckgo.comqThere |
Source: snd.exe | String found in binary or memory: https://tools.ietf.org/html/rfc4253#sec |
Source: snd.exe | String found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4. |
Source: snd.exe | String found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4.2 |
Source: snd.exe, type: SAMPLE | Matched rule: Detects BlackMatter data exfiltration tool Author: ditekSHen |
Source: 0.2.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: Detects BlackMatter data exfiltration tool Author: ditekSHen |
Source: 0.0.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: Detects BlackMatter data exfiltration tool Author: ditekSHen |
Source: snd.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: snd.exe, type: SAMPLE | Matched rule: MALWARE_Win_ExMatter hash2 = a5e050f1278473d41c3a3d6f98f3fd82932f51a937bc57d8f5605815f0efb0f8, hash1 = 4a0e10e1e9fea0906379f99fa350b91c2af37f0fd2cc55491643cc71a9887d30, author = ditekSHen, description = Detects BlackMatter data exfiltration tool |
Source: 0.2.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_ExMatter hash2 = a5e050f1278473d41c3a3d6f98f3fd82932f51a937bc57d8f5605815f0efb0f8, hash1 = 4a0e10e1e9fea0906379f99fa350b91c2af37f0fd2cc55491643cc71a9887d30, author = ditekSHen, description = Detects BlackMatter data exfiltration tool |
Source: 0.0.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_ExMatter hash2 = a5e050f1278473d41c3a3d6f98f3fd82932f51a937bc57d8f5605815f0efb0f8, hash1 = 4a0e10e1e9fea0906379f99fa350b91c2af37f0fd2cc55491643cc71a9887d30, author = ditekSHen, description = Detects BlackMatter data exfiltration tool |
Source: snd.exe, 00000000.00000002.518779511.00000000012BC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs snd.exe |
Source: snd.exe, 00000000.00000000.250137464.0000000000E7E000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamesender2.exe0 vs snd.exe |
Source: snd.exe | Binary or memory string: OriginalFilenamesender2.exe0 vs snd.exe |
Source: snd.exe | Virustotal: Detection: 52% |
Source: snd.exe | ReversingLabs: Detection: 60% |
Source: snd.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: unknown | Process created: C:\Users\user\Desktop\snd.exe "C:\Users\user\Desktop\snd.exe" |
Source: C:\Users\user\Desktop\snd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5516:120:WilError_01 |
Source: snd.exe, 00000000.00000002.520557629.0000000003631000.00000004.00000800.00020000.00000000.sdmp, snd.exe, 00000000.00000002.520547699.0000000003621000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C\\?\C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln |
Source: snd.exe, 00000000.00000002.520557629.0000000003631000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ?C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln0y |
Source: snd.exe, 00000000.00000002.520557629.0000000003631000.00000004.00000800.00020000.00000000.sdmp, snd.exe, 00000000.00000002.520584273.0000000003669000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AutoItX.sln |
Source: snd.exe, 00000000.00000002.520584273.0000000003669000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C\\?\C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln( |
Source: snd.exe, 00000000.00000002.520547699.0000000003621000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \\?\C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln |
Source: snd.exe, 00000000.00000002.520584273.0000000003669000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ?C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln |
Source: classification engine | Classification label: mal64.evad.winEXE@2/1@0/1 |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.KeyExchangeHashData::set_ClientPayload(System.Byte[]) |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.KeyExchangeHashData::set_ServerPayload(System.Byte[]) |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.KeyExchangeHashData::get_ServerPayload() |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.KeyExchangeHashData::get_ClientPayload() |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.GroupExchangeHashData::get_ServerPayload() |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.GroupExchangeHashData::set_ServerPayload(System.Byte[]) |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.GroupExchangeHashData::get_ClientPayload() |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.GroupExchangeHashData::set_ClientPayload(System.Byte[]) |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Int32) |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.SecurityIdentifier) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Void System.IO.Directory::SetAccessControl(System.String,System.Security.AccessControl.DirectorySecurity) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Security.AccessControl.DirectorySecurity System.IO.Directory::GetAccessControl(System.String) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Security.AccessControl.AuthorizationRuleCollection System.Security.AccessControl.CommonObjectSecurity::GetAccessRules(System.Boolean,System.Boolean,System.Type) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Void System.IO.File::SetAccessControl(System.String,System.Security.AccessControl.FileSecurity) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Security.AccessControl.FileSecurity System.IO.File::GetAccessControl(System.String) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/Directory.cs | Security API names: System.Security.AccessControl.DirectorySecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.DirectorySecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/Directory.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/Directory.cs | Security API names: System.Security.AccessControl.DirectorySecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlHandleCore<System.Security.AccessControl.DirectorySecurity>(System.Boolean,System.Boolean,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Security.SECURITY_INFORMATION) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/File.cs | Security API names: System.Security.AccessControl.FileSecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.FileSecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/File.cs | Security API names: System.Security.AccessControl.FileSecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlHandleCore<System.Security.AccessControl.FileSecurity>(System.Boolean,System.Boolean,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Security.SECURITY_INFORMATION) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/File.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Security/InternalPrivilegeEnabler.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Security.Principal.TokenAccessLevels) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/FileInfo.cs | Security API names: System.Security.AccessControl.FileSecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.FileSecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/FileInfo.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/DirectoryInfo.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/DirectoryInfo.cs | Security API names: System.Security.AccessControl.DirectorySecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.DirectorySecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/BackupFileStream.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe | Static file information: File size 1355264 > 1048576 |
Source: snd.exe | Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: snd.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: snd.exe | Static PE information: Raw size of .text is bigger than: 0x100000 < 0x14a400 |
Source: snd.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: snd.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\work\file_sender\sender2\sender2\bin\Release\sender2.pdb source: snd.exe |
Source: | Binary string: C:\work\file_sender\sender2\sender2\bin\Release\sender2.pdbx source: snd.exe |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -22136092888451448s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -100000s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99843s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99703s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99584s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99435s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99290s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99187s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99077s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98968s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98859s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98750s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98640s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98530s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98421s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98312s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98202s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98093s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97983s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97874s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97765s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97656s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97546s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97437s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97327s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97218s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97108s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96998s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96890s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96780s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96669s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96562s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96449s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96342s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96234s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96121s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96015s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95906s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95795s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95687s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95577s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95468s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95359s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95241s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95140s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95031s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94922s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94812s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94703s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94592s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94483s >= -30000s | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94373s >= -30000s | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 922337203685477 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 100000 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99843 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99703 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99584 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99435 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99290 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99187 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99077 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98968 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98859 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98750 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98640 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98530 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98421 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98312 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98202 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98093 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97983 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97874 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97765 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97656 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97546 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97437 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97327 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97218 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97108 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96998 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96890 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96780 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96669 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96562 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96449 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96342 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96234 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96121 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96015 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95906 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95795 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95687 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95577 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95468 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95359 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95241 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95140 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95031 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94922 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94812 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94703 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94592 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94483 | Jump to behavior |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94373 | Jump to behavior |
Source: snd.exe, 00000000.00000002.519127719.000000000131A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: snd.exe, 00000000.00000002.519127719.000000000131A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD |
Source: C:\Users\user\Desktop\snd.exe | Process Stats: CPU usage > 90% for more than 60s |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |