Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

ID:	1500505
Product:	CloudBasic
Start time:	15:28:05
Start date:	28.08.2024
Sample:	SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f4d6d6ea62cb666b6fee9d00bdb77350
SHA1:	7e02b9be8a9ab7f3c6f371d2ff930a7de43fa272
SHA256:	f1afd0fa63ba265a10d59a7407b0341f7d93ca6a903ad861efb02cfbc6c0d67e
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256

AV Detection

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Avira: detected

Source: locatedblsoqp.shop	Avira URL Cloud: Label: phishing
Source: millyscroqwp.shop	Avira URL Cloud: Label: malware
Source: condedqpwqm.shop	Avira URL Cloud: Label: phishing
Source: traineiwnqo.shop	Avira URL Cloud: Label: malware
Source: caffegclasiqwp.shop	Avira URL Cloud: Label: malware
Source: miracledzmnqwui.shop	Avira URL Cloud: Label: phishing
Source: stamppreewntnq.shop	Avira URL Cloud: Label: phishing
Source: stagedchheiqwo.shop	Avira URL Cloud: Label: phishing

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Malware Configuration Extractor: LummaC {"C2 url": ["miracledzmnqwui.shop", "millyscroqwp.shop", "evoliutwoqm.shop", "caffegclasiqwp.shop", "traineiwnqo.shop", "locatedblsoqp.shop", "stagedchheiqwo.shop", "stamppreewntnq.shop", "condedqpwqm.shop"], "Build id": "WpM2Co--SUSELL"}

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.7% probability

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: caffegclasiqwp.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: stamppreewntnq.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: stagedchheiqwo.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: millyscroqwp.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: evoliutwoqm.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: condedqpwqm.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: traineiwnqo.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: locatedblsoqp.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: miracledzmnqwui.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: lid=%s&j=%s&ver=4.0
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: TeslaBrowser/5.5
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: - Screen Resoluton:
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: - Physical Installed Memory:
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: Workgroup: -
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	String decryptor: WpM2Co--SUSELL

Compliance

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Software Vulnerabilities

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov word ptr [esi], ax		0_2_006B4066
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]		0_2_006B4066
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp]		0_2_0068B000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp]		0_2_006900CB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [eax+02h], 00000000h		0_2_006B2080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp]		0_2_00694160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [ecx], al		0_2_00694160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then push 00000000h		0_2_00694160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]		0_2_006A0120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 625B6034h		0_2_0069C1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]		0_2_006B09A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov word ptr [eax], cx		0_2_0069FA7F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]		0_2_006B6250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then jmp edx		0_2_00699A55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov ecx, dword ptr [esp]		0_2_00699A55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]		0_2_006A9A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp]		0_2_0069C219
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov ecx, dword ptr [esp+04h]		0_2_0068A2A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov edx, dword ptr [ebp-10h]		0_2_0069EB5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov dword ptr [esi+04h], ecx		0_2_006A3300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [ebx], al		0_2_006A3300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [eax], cl		0_2_006A3300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [edi], al		0_2_006A3BC9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h		0_2_00692BC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esi]		0_2_006923AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, ebp		0_2_00686B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, ebp		0_2_00686B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [ecx], al		0_2_006A3C24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp+18h]		0_2_00693555
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h		0_2_0068EDDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h		0_2_00698580
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [ecx], al		0_2_006A4D86
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov word ptr [ebx], cx		0_2_00692D9D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov ecx, dword ptr [esp+08h]		0_2_0069E594
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then lea eax, dword ptr [esp+20h]		0_2_0069CE70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then movzx eax, word ptr [ebx]		0_2_006B6E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov byte ptr [edi], dl		0_2_006A3E16
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]		0_2_0069AEBD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h		0_2_006B66B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h		0_2_006A0710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp byte ptr [esi], 00000000h		0_2_0068EFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp+48h]		0_2_0068EFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov word ptr [eax], cx		0_2_006987E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov word ptr [esi], cx		0_2_0069A7D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]		0_2_0069A7D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov eax, dword ptr [esp]		0_2_00698F9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then cmp byte ptr [edi], 00000000h		0_2_00698F9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then jmp edx		0_2_00698F9A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 4x nop then mov ecx, dword ptr [esp]		0_2_00698F9A

Networking

Source: Malware configuration extractor	URLs: miracledzmnqwui.shop
Source: Malware configuration extractor	URLs: millyscroqwp.shop
Source: Malware configuration extractor	URLs: evoliutwoqm.shop
Source: Malware configuration extractor	URLs: caffegclasiqwp.shop
Source: Malware configuration extractor	URLs: traineiwnqo.shop
Source: Malware configuration extractor	URLs: locatedblsoqp.shop
Source: Malware configuration extractor	URLs: stagedchheiqwo.shop
Source: Malware configuration extractor	URLs: stamppreewntnq.shop
Source: Malware configuration extractor	URLs: condedqpwqm.shop

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Code function: 0_2_006A97F0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_006A97F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Code function: 0_2_006A97F0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_006A97F0

System Summary

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B4066		0_2_006B4066
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B5830		0_2_006B5830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00681000		0_2_00681000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0068181C		0_2_0068181C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00694160		0_2_00694160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B5110		0_2_006B5110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069C1E0		0_2_0069C1E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006A01C0		0_2_006A01C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00690A4B		0_2_00690A4B
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069CA40		0_2_0069CA40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00699A55		0_2_00699A55
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00691220		0_2_00691220
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B2A30		0_2_006B2A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00684A10		0_2_00684A10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00690B4D		0_2_00690B4D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006A5342		0_2_006A5342
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069EB5F		0_2_0069EB5F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006AEB21		0_2_006AEB21
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006A3300		0_2_006A3300
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B6B00		0_2_006B6B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00687BE0		0_2_00687BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069DBA2		0_2_0069DBA2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006853B0		0_2_006853B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00686B80		0_2_00686B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006ADB80		0_2_006ADB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006A3C24		0_2_006A3C24
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00683C30		0_2_00683C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B54E0		0_2_006B54E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0068CC80		0_2_0068CC80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00682480		0_2_00682480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B5492		0_2_006B5492
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00691D50		0_2_00691D50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00693555		0_2_00693555
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0068C510		0_2_0068C510
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0068B5E0		0_2_0068B5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069CE70		0_2_0069CE70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00685E40		0_2_00685E40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B6E10		0_2_006B6E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006886F0		0_2_006886F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069DF69		0_2_0069DF69
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069CF42		0_2_0069CF42
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00687750		0_2_00687750
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006A0710		0_2_006A0710
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0068EFE0		0_2_0068EFE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0068BFE1		0_2_0068BFE1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_0069A7D8		0_2_0069A7D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_006B4FB0		0_2_006B4FB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00681F98		0_2_00681F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: 0_2_00698F9A		0_2_00698F9A

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: String function: 006899A0 appears 105 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe	Code function: String function: 006891D0 appears 44 times

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal88.troj.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Code function: 0_2_006A8918 CoCreateInstance,

0_2_006A8918

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Section loaded: apphelp.dll

Jump to behavior

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

API coverage: 7.1 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

API call chain: ExitProcess graph end node

Anti Debugging

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe

Code function: 0_2_006B3FA0 LdrInitializeThunk,

0_2_006B3FA0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: caffegclasiqwp.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: stamppreewntnq.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: stagedchheiqwo.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: millyscroqwp.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: evoliutwoqm.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: condedqpwqm.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: traineiwnqo.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: locatedblsoqp.shop
Source: SecuriteInfo.com.Win32.PWSX-gen.30515.23037.exe, 00000000.00000002.2918339800.0000000000D48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: miracledzmnqwui.shop

Stealing of Sensitive Information

Source: Yara match

File source: decrypted.binstr, type: MEMORYSTR

Remote Access Functionality

Source: Yara match

File source: decrypted.binstr, type: MEMORYSTR