Windows Analysis Report
SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe
Analysis ID: 1521519
MD5: 8ae20294b12f8eaa5551a24b0667a235
SHA1: bfebb9baf9713511c55c5ef2d992aaee161d6c4e
SHA256: 708a473bbcd229fac5dcd38b59415fd39a8a2daf7884be0e3e5967edecbbecb1
Tags: exe
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1517175819.000000007FA50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1515449436.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000000.1520540335.00000000007D6000.00000002.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000003.1521169565.0000000002EDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2776845903.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000003.1521194354.0000000002EDA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2776928746.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr String found in binary or memory: http://fontawesome.io
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1517175819.000000007FA50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1515449436.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000000.1520540335.00000000007D6000.00000002.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2776845903.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2776928746.00000000030D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr String found in binary or memory: http://fontawesome.io/license/
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1517175819.000000007FA50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1515449436.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000000.1520540335.00000000007D6000.00000002.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2776845903.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000002.2775405487.00000000021DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1512822147.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2775903496.000000000254B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000002.2775903496.000000000252E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000003.1522887745.0000000003F40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000002.2775405487.00000000021B1000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/p
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1517175819.000000007FA50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1515449436.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000000.1519323279.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr String found in binary or memory: https://www.innosetup.com/
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1517175819.000000007FA50000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1515449436.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp, 00000002.00000000.1519323279.0000000000401000.00000020.00000001.01000000.00000004.sdmp, SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr String found in binary or memory: https://www.remobjects.com/ps
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1517175819.000000007FA50000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000000.1512524263.000000000042F000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe, 00000000.00000003.1515449436.00000000023A0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Binary or memory string: OriginalFileName vs SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean3.winEXE@3/2@0/0
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe File created: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Process created: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp "C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp" /SL5="$2043C,4689659,161280,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Process created: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp "C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp" /SL5="$2043C,4689659,161280,C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Static file information: File size 5841251 > 1048576
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp.0.dr Static PE information: section name: .didata
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp File created: C:\Users\user\AppData\Local\Temp\is-VAP6D.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe File created: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-VAP6D.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M9OFA.tmp\SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1521519 Sample: SecuriteInfo.com.Win32.Appl... Startdate: 28/09/2024 Architecture: WINDOWS Score: 3 5 SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.exe 2 2->5         started        file3 11 SecuriteInfo.com.W...BSF.10950.31692.tmp, PE32 5->11 dropped 8 SecuriteInfo.com.Win32.Application.Agent.XLWBSF.10950.31692.tmp 3 12 5->8         started        process4 file5 13 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 8->13 dropped
No contacted IP infos