Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe |
Avira: detection malicious, Label: TR/Patched.Gen2 |
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe |
ReversingLabs: Detection: 84% |
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe |
Virustotal: Detection: 81% |
Perma Link |
Source: Bzw4UJiXNj.exe |
ReversingLabs: Detection: 66% |
Source: Bzw4UJiXNj.exe |
Virustotal: Detection: 69% |
Perma Link |
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe |
Joe Sandbox ML: detected |
Source: Bzw4UJiXNj.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb source: Bzw4UJiXNj.exe, 00000000.00000003.2115529243.00000279499A2000.00000004.00000020.00020000.00000000.sdmp, Icon-https.exe.0.dr |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: Bzw4UJiXNj.exe |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,SetForegroundWindow,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,PostMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646DAB190 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D940BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646D940BC |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DBFCA0 FindFirstFileExA, |
0_2_00007FF646DBFCA0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\AppData\Local |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\Videos\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\Music\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\OneDrive\desktop.ini |
Jump to behavior |
Source: Icon-https.exe.0.dr |
String found in binary or memory: http://www.apache.org/ |
Source: Bzw4UJiXNj.exe, 00000000.00000003.2115529243.00000279499A2000.00000004.00000020.00020000.00000000.sdmp, Icon-https.exe.0.dr |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Icon-https.exe.0.dr |
String found in binary or memory: http://www.zeustech.net/ |
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe, type: DROPPED |
Matched rule: Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). Author: unknown |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D8C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646D8C2F0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB0754 |
0_2_00007FF646DB0754 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D8F930 |
0_2_00007FF646D8F930 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D94928 |
0_2_00007FF646D94928 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9A4AC |
0_2_00007FF646D9A4AC |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA3484 |
0_2_00007FF646DA3484 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DAB190 |
0_2_00007FF646DAB190 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D85E24 |
0_2_00007FF646D85E24 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA1F20 |
0_2_00007FF646DA1F20 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DACE88 |
0_2_00007FF646DACE88 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DBC838 |
0_2_00007FF646DBC838 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D84840 |
0_2_00007FF646D84840 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC2550 |
0_2_00007FF646DC2550 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D876C0 |
0_2_00007FF646D876C0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA53F0 |
0_2_00007FF646DA53F0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9B534 |
0_2_00007FF646D9B534 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA21D0 |
0_2_00007FF646DA21D0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9F180 |
0_2_00007FF646D9F180 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D8A310 |
0_2_00007FF646D8A310 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D8C2F0 |
0_2_00007FF646D8C2F0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D87288 |
0_2_00007FF646D87288 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9126C |
0_2_00007FF646D9126C |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC2080 |
0_2_00007FF646DC2080 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA8DF4 |
0_2_00007FF646DA8DF4 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB0754 |
0_2_00007FF646DB0754 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA2D58 |
0_2_00007FF646DA2D58 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9AF18 |
0_2_00007FF646D9AF18 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB8C1C |
0_2_00007FF646DB8C1C |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA4B98 |
0_2_00007FF646DA4B98 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9BB90 |
0_2_00007FF646D9BB90 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D95B60 |
0_2_00007FF646D95B60 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB89A0 |
0_2_00007FF646DB89A0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA3964 |
0_2_00007FF646DA3964 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D9C96C |
0_2_00007FF646D9C96C |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC5AF8 |
0_2_00007FF646DC5AF8 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D81AA4 |
0_2_00007FF646D81AA4 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA2AB0 |
0_2_00007FF646DA2AB0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DBFA94 |
0_2_00007FF646DBFA94 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D91A48 |
0_2_00007FF646D91A48 |
Source: Bzw4UJiXNj.exe, 00000000.00000003.2115529243.00000279499A2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameab.exeF vs Bzw4UJiXNj.exe |
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe, type: DROPPED |
Matched rule: Windows_Trojan_Metasploit_24338919 os = windows, severity = x86, description = Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = ac76190a84c4bdbb6927c5ad84a40e2145ca9e76369a25ac2ffd727eefef4804, id = 24338919-8efe-4cf2-a23a-a3f22095b42d, last_modified = 2021-08-23 |
Source: Icon-https.exe.0.dr |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: classification engine |
Classification label: mal96.troj.winEXE@1/3@0/0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D8B6D8 GetLastError,FormatMessageW,LocalFree, |
0_2_00007FF646D8B6D8 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DA8624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, |
0_2_00007FF646DA8624 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File created: C:\Users\user\AppData\Local\Temp\RarSFX0 |
Jump to behavior |
Source: Bzw4UJiXNj.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File read: C:\Windows\win.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Bzw4UJiXNj.exe |
ReversingLabs: Detection: 66% |
Source: Bzw4UJiXNj.exe |
Virustotal: Detection: 69% |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File read: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: dxgidebug.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: ndfapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: wdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: Bzw4UJiXNj.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: Bzw4UJiXNj.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: Bzw4UJiXNj.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb source: Bzw4UJiXNj.exe, 00000000.00000003.2115529243.00000279499A2000.00000004.00000020.00020000.00000000.sdmp, Icon-https.exe.0.dr |
Source: |
Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: Bzw4UJiXNj.exe |
Source: Bzw4UJiXNj.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: Bzw4UJiXNj.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: Bzw4UJiXNj.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: Bzw4UJiXNj.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: Bzw4UJiXNj.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_6096718 |
Jump to behavior |
Source: Bzw4UJiXNj.exe |
Static PE information: section name: .didat |
Source: Bzw4UJiXNj.exe |
Static PE information: section name: _RDATA |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC5156 push rsi; retf |
0_2_00007FF646DC5157 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC5166 push rsi; retf |
0_2_00007FF646DC5167 |
Source: Icon-https.exe.0.dr |
Static PE information: section name: .text entropy: 7.021725181628894 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File created: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,SetForegroundWindow,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,PostMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646DAB190 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D940BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646D940BC |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DBFCA0 FindFirstFileExA, |
0_2_00007FF646DBFCA0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB16A4 VirtualQuery,GetSystemInfo, |
0_2_00007FF646DB16A4 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\AppData\Local |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\Videos\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\Music\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
File opened: C:\Users\user\OneDrive\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF646DB76D8 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC0D20 GetProcessHeap, |
0_2_00007FF646DC0D20 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF646DB76D8 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB3354 SetUnhandledExceptionFilter, |
0_2_00007FF646DB3354 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF646DB2510 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF646DB3170 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DAB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,SetForegroundWindow,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,PostMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646DAB190 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DC58E0 cpuid |
0_2_00007FF646DC58E0 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: GetLocaleInfoW,GetNumberFormatW, |
0_2_00007FF646DAA2CC |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646DB0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF646DB0754 |
Source: C:\Users\user\Desktop\Bzw4UJiXNj.exe |
Code function: 0_2_00007FF646D951A4 GetVersionExW, |
0_2_00007FF646D951A4 |
Source: Yara match |
File source: C:\Users\user\AppData\Local\Temp\RarSFX0\Icon-https.exe, type: DROPPED |