Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy:	7.997085095311196
Filename:	Photoshop_x64_en-us.exe
Filesize:	24276144
MD5:	62044b7de91afa1c39d5312428957c44
SHA1:	5ad2964db98cafa09ea71f2a790959a0ed67ff2a
SHA256:	a1af62c4cae7eb01939beb0adb4adc83296d85a49462b399d14cf814d50627d3
SHA512:	88448cb1b537a69735ac55cae778cb3f0552729e958b241ae2810b459dbedc76ab43a2d8df50787d8dfc992e0f1cfca43a599d75b89916f39e8181be2c3b463f
SSDEEP:	393216:A26GA3is67YJMnDiyrZ74MC1EgVqNHb2k7D/fea7KiDqBIaThxGVnxpxjAat0eb1:lA3isGYJMD1rZKLqNPDKiDqV/Gvp+60G
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F...v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...\|.....

Signature Hits	Behavior Group	Mitre Attack
Contains functionality for read data from the clipboard	Key, Mouse, Clipboard, Microphone and Screen Capturing	Clipboard Data
Contains functionality to shutdown / reboot the system	System Summary	Access Token Manipulation System Shutdown/Reboot
Detected potential crypto function	System Summary	Access Token Manipulation Archive Collected Data Encrypted Channel
Drops PE files	Persistence and Installation Behavior	Access Token Manipulation
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Uses 32bit PE files	Compliance, System Summary	Masquerading
Checks the free space of harddrives	Malware Analysis System Evasion
Contains functionality to adjust token privileges (e.g. debug / backup)	System Summary	Access Token Manipulation
Contains functionality to check free disk space	System Summary	System Information Discovery
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion
Contains functionality to instantiate COM classes	System Summary	Access Token Manipulation
Contains functionality to query windows version	Language, Device and Operating System Detection	System Information Discovery
Creates files inside the user directory	System Summary	Masquerading
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
PE file has an executable .text section and no other executable section	System Summary	Access Token Manipulation
Program exit points	Malware Analysis System Evasion
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary	Access Token Manipulation
Sample reads its own file content	System Summary	Access Token Manipulation
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary	Access Token Manipulation
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Creates license or readme file	Compliance, Persistence and Installation Behavior
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\LICENSE.txt
Category:	dropped
Dump:	LICENSE.txt.0.dr
ID:	dr_26
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	Unicode text, UTF-8 text, with very long lines (514), with CRLF line terminators
Entropy:	4.902271147017698
Encrypted:	false
Ssdeep:	192:ydP0KvBLCqikR/EgGJLrlwD+eilNi5Py1SDeoDXDw9lF5OMz6Q:PWBuqikR/EDJLriwlNi5KI1Tw9lF5OjQ
Size:	9519
Whitelisted:	true
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Creates license or readme file	Compliance, Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\host\fxr\8.0.8\hostfxr.dll
Category:	dropped
Dump:	hostfxr.dll.0.dr
ID:	dr_27
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.298019612811869
Encrypted:	false
Ssdeep:	6144:s3oCq7D6qYvWzxP5tsWaag28fxfIUmtd3+:9+1Wzbtsftvmdu
Size:	350472
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.CSharp.dll
Category:	dropped
Dump:	Microsoft.CSharp.dll.0.dr
ID:	dr_28
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.717630206703801
Encrypted:	false
Ssdeep:	24576:Wuz94uYWl+9whtbSp1HVu9yH+sChDUD3IX+:v54uZ++tbQHVu9yHugrH
Size:	1005832
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.DiaSymReader.Native.amd64.dll
Category:	dropped
Dump:	Microsoft.DiaSymReader.Native.amd64.dll.0.dr
ID:	dr_29
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.414576855139372
Encrypted:	false
Ssdeep:	49152:jH+fGgFyzuNiG6H0n8D1gkrz/OAyFAopdrq/c/:+GgFQq8DT/ZyFDN0c
Size:	2309152
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.VisualBasic.Core.dll
Category:	dropped
Dump:	Microsoft.VisualBasic.Core.dll.0.dr
ID:	dr_30
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.749192841590639
Encrypted:	false
Ssdeep:	24576:NsvtzOPj/l89Sk2f+/eOUCxRepC36Rk3i+XFqUn:NsvtzOP7ymf+/TZd3ie
Size:	1247520
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\Microsoft.Win32.Registry.dll
Category:	dropped
Dump:	Microsoft.Win32.Registry.dll.0.dr
ID:	dr_31
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.141095686333107
Encrypted:	false
Ssdeep:	3072:HY1NwrxWkbGKzcNqJSvEVcULVii1i81SFUt:Dl6KYqJSvEVz7/iO
Size:	120992
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Concurrent.dll
Category:	dropped
Dump:	System.Collections.Concurrent.dll.0.dr
ID:	dr_32
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.735103537020919
Encrypted:	false
Ssdeep:	6144:zH8+KHhcm1xa3ZvGFehyhyO28ibc8wXD6GK:zPChcm1xachD2PbVE+GK
Size:	276744
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Immutable.dll
Category:	dropped
Dump:	System.Collections.Immutable.dll.0.dr
ID:	dr_33
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.723078162409922
Encrypted:	false
Ssdeep:	12288:crJR+uRoPwK6eN8/98vTU4dQEE3k0T9YLVgHr4lucvMgllgg9n:w+uM8abw+CMlFDll/n
Size:	837896
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.NonGeneric.dll
Category:	dropped
Dump:	System.Collections.NonGeneric.dll.0.dr
ID:	dr_34
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	5.9531643262406995
Encrypted:	false
Ssdeep:	1536:4QoktJ1UcLZmsYAZwmkXjhXVrMZREnZWzUdhiszMO:4jk9vZ7I1GZKZPHoO
Size:	104712
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.Specialized.dll
Category:	dropped
Dump:	System.Collections.Specialized.dll.0.dr
ID:	dr_35
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.019621325219264
Encrypted:	false
Ssdeep:	1536:Nx/tht+6AWhqlJH5MC+W06201CTBUsqEiONocgw50ad01IODi0zmG:Nx/Q6AqiT+WFPaiONocgwaaOhDzl
Size:	104608
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Collections.dll
Category:	dropped
Dump:	System.Collections.dll.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.618737529882049
Encrypted:	false
Ssdeep:	6144:nXiJoXLKgtvcp1M5eRWAbQW0ryS1woXh3m3x:XYCKgtEzweMiD0rGqJmB
Size:	260272
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.Annotations.dll
Category:	dropped
Dump:	System.ComponentModel.Annotations.dll.0.dr
ID:	dr_12
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.207298456243025
Encrypted:	false
Ssdeep:	3072:ADzcvTHdJdCe4dCLLe+Yfn3gwmMWQArD5/oE5bF65eUV/uuTG:AQT9WDvgwzWQArHUV/uui
Size:	203024
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.ComponentModel.TypeConverter.dll
Category:	dropped
Dump:	System.ComponentModel.TypeConverter.dll.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.6621018055827355
Encrypted:	false
Ssdeep:	12288:EwTQLZPFIwJ04TS1jMoubC+hfzF89TwM/BiXtDaCPzFPaOL8j0ecA:TTQd9IwJ0B1jMoubC+hbO9TwM/BiwCPE
Size:	743696
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Console.dll
Category:	dropped
Dump:	System.Console.dll.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.276884758080206
Encrypted:	false
Ssdeep:	3072:ioeEmXYzdfd6+Vfz5mDVVdwF6xARZvcKZzxuR1BB1GwRV:Ve1X4fd6qwVdC6x2ZvcK14B73
Size:	174240
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Data.Common.dll
Category:	dropped
Dump:	System.Data.Common.dll.0.dr
ID:	dr_18
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.795350514221502
Encrypted:	false
Ssdeep:	49152:/LlMm2mf+ncGZUm3k+mywJOHPxIyiNMZ62YGkO3egTxiZsc5hBhB0X1v:DOOQZYyZ62YGkO3egTxiZs209
Size:	2861216
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.DiagnosticSource.dll
Category:	dropped
Dump:	System.Diagnostics.DiagnosticSource.dll.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.6490929239322965
Encrypted:	false
Ssdeep:	6144:zsUTEcoc/FGzasNt2l4ru2jKw6xtQ7/tvjETqeZ03EdoUj4MKD/6:oUTf/FGGsNtM4q2jStgjH+4Me/6
Size:	415904
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.Process.dll
Category:	dropped
Dump:	System.Diagnostics.Process.dll.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.5467859190265045
Encrypted:	false
Ssdeep:	6144:KXlZtqaP75HL9eEIdkh+T9jb3b41PlmF6YZTdiX2JWb:KXlZtqweDdmMy8Wb
Size:	338080
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Diagnostics.TraceSource.dll
Category:	dropped
Dump:	System.Diagnostics.TraceSource.dll.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.213889260140082
Encrypted:	false
Ssdeep:	3072:HXvuCBgDTeY0dpwQn60x7cftbgZyeI7XT5DFEj3C:xBgOY6aQn60x7cftbgfalCjy
Size:	145680
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Drawing.Primitives.dll
Category:	dropped
Dump:	System.Drawing.Primitives.dll.0.dr
ID:	dr_24
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.080206645595261
Encrypted:	false
Ssdeep:	3072:LQz5724yeP4Sy2vmH00N6no5WkCIJJoRc0onc:y57O6mpMSoZB
Size:	133392
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Asn1.dll
Category:	dropped
Dump:	System.Formats.Asn1.dll.0.dr
ID:	dr_25
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.50591783119501
Encrypted:	false
Ssdeep:	3072:mfSRUsXJHsqVpPq+Pu1Nr7tXAjsEpN0Qif+j7kgiuG4krZAuZAt0/+JvyQ4UjIPl:27s5Hsq7Pq+67qjhp+QifuvtzJ4TwM
Size:	243872
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Formats.Tar.dll
Category:	dropped
Dump:	System.Formats.Tar.dll.0.dr
ID:	dr_40
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.50562073982023
Encrypted:	false
Ssdeep:	3072:9q6gkJLdnAwEqvTlz1aYqsOMBFK0rkir51KYb8FK3MEIS3PQnZg28aq/xv642ucw:0dkJLN5EqvpzTC01anZ0/H2NfFgzFIS
Size:	272544
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Compression.dll
Category:	dropped
Dump:	System.IO.Compression.dll.0.dr
ID:	dr_42
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.565006382155934
Encrypted:	false
Ssdeep:	6144:B14BmTBMCV3tgcWf/e9wYxn1Wc/od4pFFm4n2C:/GCV3CfqpFFgC
Size:	264472
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.FileSystem.AccessControl.dll
Category:	dropped
Dump:	System.IO.FileSystem.AccessControl.dll.0.dr
ID:	dr_44
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.03720418323957
Encrypted:	false
Ssdeep:	1536:eE8AlMvSLSjaab0PihEzfQHl9I+CAvpYhLKPyf9DKiVzm4G:eEjGKWKAuf+af9DKCy
Size:	104608
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.IO.Pipes.dll
Category:	dropped
Dump:	System.IO.Pipes.dll.0.dr
ID:	dr_46
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.346422693533479
Encrypted:	false
Ssdeep:	3072:oqlaVz+We9hgsXZyPTA8pLtx1k82pq1L8p9X8f/F:tAVzeosXZf8pL0p9X8fd
Size:	166048
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Expressions.dll
Category:	dropped
Dump:	System.Linq.Expressions.dll.0.dr
ID:	dr_48
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.684594575848001
Encrypted:	false
Ssdeep:	49152:h6S6FKfOBPKD5EUsp4Zq2daW7L2+K06Fs4sZ39SuMsFIW/pR:HOBiOmbp8uMsFIW/pR
Size:	3676336
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Parallel.dll
Category:	dropped
Dump:	System.Linq.Parallel.dll.0.dr
ID:	dr_50
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.7416805748123725
Encrypted:	false
Ssdeep:	12288:nbwydNnBKT9DzuU4/sKE5QmSfc+1yQgdY5wDG00eK0CszcyYl:nbzpKT9PuO5QmaryQgdYai0ZK03k
Size:	805152
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.Queryable.dll
Category:	dropped
Dump:	System.Linq.Queryable.dll.0.dr
ID:	dr_52
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.296291995805638
Encrypted:	false
Ssdeep:	3072:i3adgejQmgA0o3eXZI6e07fww49JKotL3aZv0Tl:EadgQuA0/pI6eufww49F3aJ0J
Size:	174352
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Linq.dll
Category:	dropped
Dump:	System.Linq.dll.0.dr
ID:	dr_53
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.739097833229294
Encrypted:	false
Ssdeep:	6144:fFcC4bb3czSgsrusOv38qA0s4WfufbFHJMb3xqHYYzLhMxjCUoTclQ:K7b38crusO/yEvuhsSWmQ
Size:	542880
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Memory.dll
Category:	dropped
Dump:	System.Memory.dll.0.dr
ID:	dr_54
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.47315446775413
Encrypted:	false
Ssdeep:	3072:Vm98N/j+0sbFbqX63vwZuIBo7M5F896ToYdBCBuqmwLhtTihdUmXD:88Cb6oIBo7q2GBCBuwhzmT
Size:	157960
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.Json.dll
Category:	dropped
Dump:	System.Net.Http.Json.dll.0.dr
ID:	dr_55
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.196981583264401
Encrypted:	false
Ssdeep:	3072:4YBSzjfI+HAOaaRH8/OhcRRY4beMDSZkXs3pMGudO:ifIcJxRHMOhO+Zkcyz0
Size:	129184
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Http.dll
Category:	dropped
Dump:	System.Net.Http.dll.0.dr
ID:	dr_60
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.692369218509377
Encrypted:	false
Ssdeep:	24576:mycmIjdj8GrJnZLDflJjD2TRSKIP616WF1IMx:amIjdjFrJnZLDfz/aSs
Size:	1730848
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.HttpListener.dll
Category:	dropped
Dump:	System.Net.HttpListener.dll.0.dr
ID:	dr_61
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.571055787933049
Encrypted:	false
Ssdeep:	6144:KmIFBDqpp+4F/B7VRZ3KYNB0hZJ6c7fkDNRd2B/eBl3EWZg0gG/qikXOG4drks:veip+4F/BJNuZJZx++WZgoQOzrks
Size:	551184
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Mail.dll
Category:	dropped
Dump:	System.Net.Mail.dll.0.dr
ID:	dr_62
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.566108898209545
Encrypted:	false
Ssdeep:	6144:K+cqnJGnQkW6a+Sdjoe9k7u0GeFowoR5axLmqRSxnJ8kks1GL0q3+lL4A:l6aFP9f0NokSxOL0AEX
Size:	432416
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NameResolution.dll
Category:	dropped
Dump:	System.Net.NameResolution.dll.0.dr
ID:	dr_63
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.132923222586611
Encrypted:	false
Ssdeep:	1536:NUgJ8nlSAIFIpp8oXAcRKdRObZDFduWF8XwYJiAzk:Nx8nMAc2p8qRgAVDVF8Acjg
Size:	112800
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.NetworkInformation.dll
Category:	dropped
Dump:	System.Net.NetworkInformation.dll.0.dr
ID:	dr_64
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.292306263911845
Encrypted:	false
Ssdeep:	3072:O1TeXCmzdST4L7rGE5RtqbqeQGwpncU/SLVXyVMnA9kmeBgo:WGCwdu4SsRQbIfqZm0H
Size:	157856
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Ping.dll
Category:	dropped
Dump:	System.Net.Ping.dll.0.dr
ID:	dr_65
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.098459980747934
Encrypted:	false
Ssdeep:	1536:Y6cypC971fwwSZy9hswibRSsYwlFb7R/gJR7SSNNJkZphyNVdWvmVzS:YUC971fZgy9hswZsYcN76JR7SAfuphyI
Size:	96432
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Primitives.dll
Category:	dropped
Dump:	System.Net.Primitives.dll.0.dr
ID:	dr_66
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.473831853357629
Encrypted:	false
Ssdeep:	3072:LaO7AQhsFgOZrgy5HSchuzeQ4X1VjK6uJQ+Y6MFot9R9loV2O1w6D/:77AQhsFgOZrBccgeQxRJNtngV2YTL
Size:	231696
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Quic.dll
Category:	dropped
Dump:	System.Net.Quic.dll.0.dr
ID:	dr_67
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.504374684121034
Encrypted:	false
Ssdeep:	6144:6T5mQ9WRSfuurvHljMR4WGTSttIqq+xM8cSA7ljZZ2uy:W5/9WRSfuMHljCxMkA7lNZ2uy
Size:	280840
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Requests.dll
Category:	dropped
Dump:	System.Net.Requests.dll.0.dr
ID:	dr_68
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.521387641131273
Encrypted:	false
Ssdeep:	6144:+f/JWsKEin0hypPmFjQMt5e15XxGGIDvdDp3k+fc3CU1S2Du:6JW7EincF9QEe0THQCU1HDu
Size:	346272
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Security.dll
Category:	dropped
Dump:	System.Net.Security.dll.0.dr
ID:	dr_69
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.738177589721567
Encrypted:	false
Ssdeep:	12288:WauvNG3LGljZ0W5Yk0ZdmNtAj0mhIPLboapg1i6k90QdsAYcNCYq:WagNGbG2vBx093n6MVS7cZq
Size:	669856
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.Sockets.dll
Category:	dropped
Dump:	System.Net.Sockets.dll.0.dr
ID:	dr_70
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.626088648642838
Encrypted:	false
Ssdeep:	12288:BZmV75OO7txaGNUL2Sdr5Nzv0SAu9FWc1sPHE/0NY05:BZm95FtxaGDSzxAu9IpEsN5
Size:	547088
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebClient.dll
Category:	dropped
Dump:	System.Net.WebClient.dll.0.dr
ID:	dr_71
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.427166919417408
Encrypted:	false
Ssdeep:	3072:Hza6IfDI6Q8nqNIJ55jypCTpAY3ykJ9rialFpR/fTu:T9t6vn8IJySpxFHfi
Size:	170144
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.Client.dll
Category:	dropped
Dump:	System.Net.WebSockets.Client.dll.0.dr
ID:	dr_72
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.038277233896664
Encrypted:	false
Ssdeep:	1536:Xl4Xlu9IUefYv9AfOWog+qBWO7bBjLLEORWNzrT:Xl4XlDl89Bg+uV7bBjLLEOR2fT
Size:	100632
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Net.WebSockets.dll
Category:	dropped
Dump:	System.Net.WebSockets.dll.0.dr
ID:	dr_73
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.3691331105031095
Encrypted:	false
Ssdeep:	3072:tOEp0tsypJKO0BYnjbpL8DqJVyR3IUQeu0IeW+1omEAa9NYLbkbmvh0dksI8mt/R:fpKsnRnYQzIeW+1odmvhSR7mtxrX
Size:	190752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Uri.dll
Category:	dropped
Dump:	System.Private.Uri.dll.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.615511865069277
Encrypted:	false
Ssdeep:	6144:wfAevHZGInBPKCeDc6CK9MG3bMeVmtG0FsGu6Myw0M:XyIDc6MG3wamtG0fuVMM
Size:	260376
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.Linq.dll
Category:	dropped
Dump:	System.Private.Xml.Linq.dll.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.600068240160654
Encrypted:	false
Ssdeep:	6144:QxxBCAdWeda9F5g7yB4cPIm1OwpXQgQbTCtYnzrZjzEOdlIZJ4aU:QDBZHU9F5Rv7/QnCSnz1fQZyaU
Size:	403616
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Private.Xml.dll
Category:	dropped
Dump:	System.Private.Xml.dll.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.799190907572347
Encrypted:	false
Ssdeep:	49152:xgKjbhmQzKo84xxpBR2ZPQ3DtqDTXNaVC8v4aYzqNmKG82o4AgcKVLDSvdEAzsfr:xlRDDnVul2QSvdEhYw2gfW5WUFH5chT
Size:	7989512
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Emit.dll
Category:	dropped
Dump:	System.Reflection.Emit.dll.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.114698747717757
Encrypted:	false
Ssdeep:	3072:6Z54JKiEAYbKatyLJSsVkrc00EBR7yxcuk:B/fSessuaRxhk
Size:	129184
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Reflection.Metadata.dll
Category:	dropped
Dump:	System.Reflection.Metadata.dll.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.6439477896792
Encrypted:	false
Ssdeep:	12288:43e0ziO6AJ8+utVRA8WDlLeO9om5EoU/mSdWKURfeGWTbrWnoDzgVdkn:43e0BlJ8TRocOWmc/DamGWTbwIn
Size:	1116320
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.InteropServices.dll
Category:	dropped
Dump:	System.Runtime.InteropServices.dll.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.024769249295685
Encrypted:	false
Ssdeep:	1536:BOryyBJoyJyGXe5CtLey6+67NVpnSPM+l5+tkmVgKmH6iRnzDDn:BPyJO5CtiXdSPM+r6kmud6KnTn
Size:	96528
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Numerics.dll
Category:	dropped
Dump:	System.Runtime.Numerics.dll.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.652393975318632
Encrypted:	false
Ssdeep:	6144:x17UgKhUflT6tEFs8Sx/mPueNpQV587It9diIKc1yCC:x17SeflT6tK8UQV58kt9diUsD
Size:	329888
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Runtime.Serialization.Formatters.dll
Category:	dropped
Dump:	System.Runtime.Serialization.Formatters.dll.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.56574804790244
Encrypted:	false
Ssdeep:	6144:nzv7WOXu33WPEei5EZNqHRk5XDiio9gZbzZYNAgk74dzzKX22zRrRBKZ+FhJDwwz:J2WR1BpLDRcnFIB2ahm97z/+
Size:	309536
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.AccessControl.dll
Category:	dropped
Dump:	System.Security.AccessControl.dll.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.4927538353537635
Encrypted:	false
Ssdeep:	3072:QTJLDgw9ow9j0rKu8bmb3KD/L8V8/6Xe9QF+wVkjox7rtefYGA/+PXuXUGL:mgw9ow9A4bmrA/mt7jWfuka
Size:	231688
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Claims.dll
Category:	dropped
Dump:	System.Security.Claims.dll.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	5.964892851536555
Encrypted:	false
Ssdeep:	1536:yQAG0KzKsXnTOShX+bX5SHuDQp6O/U/xOQwQ7rzUU3q2bP6NLrSjlV4i7Ep4za/e:ywRXSSV+bJSHu6cgXSJV4QXUe
Size:	100616
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Cryptography.dll
Category:	dropped
Dump:	System.Security.Cryptography.dll.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.677577580791444
Encrypted:	false
Ssdeep:	49152:HUy8hZ9wf3V7i9KAgmJE2Jjd/mxObmVw6Q41x:HU4QRgeL41x
Size:	2050208
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Security.Principal.Windows.dll
Category:	dropped
Dump:	System.Security.Principal.Windows.dll.0.dr
ID:	dr_13
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.415230610741847
Encrypted:	false
Ssdeep:	3072:pSw4kXyyyLNMWWqfY8SJYrjXQori1RqU2TOK1xguZunS:VCyyKSA86YrkorvU2rfj0S
Size:	186528
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encoding.CodePages.dll
Category:	dropped
Dump:	System.Text.Encoding.CodePages.dll.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	7.456874615261393
Encrypted:	false
Ssdeep:	12288:5f7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPQYBKgTWeUAm:5D9km6k/IwRYbiBeKGCHYTy/Am
Size:	862368
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Encodings.Web.dll
Category:	dropped
Dump:	System.Text.Encodings.Web.dll.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.118931111888508
Encrypted:	false
Ssdeep:	1536:7mTuj37yym3E5T+zpq5D3lhjdPTp8K76+d05Hzdy+NXMBpm4+SqUNiNxCzQd:7mTuq33E16qvZ5N77uLLN8BkSqUNACkd
Size:	133280
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.Json.dll
Category:	dropped
Dump:	System.Text.Json.dll.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.703064329512441
Encrypted:	false
Ssdeep:	24576:iNDUuuRgw5xH6D9+YFVCwIbvRz6ySHAJcEVAvM8UbUJnBpK95:8vmTH6DMYTCwIlzPScp8UJ
Size:	1501456
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Text.RegularExpressions.dll
Category:	dropped
Dump:	System.Text.RegularExpressions.dll.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.821588247611613
Encrypted:	false
Ssdeep:	24576:7PNtms1Go9Fz7KPTT8inDiv67tA2ehjEnQKL:N1G457KLTRivKehjg7
Size:	1022128
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Channels.dll
Category:	dropped
Dump:	System.Threading.Channels.dll.0.dr
ID:	dr_36
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.277895373459539
Encrypted:	false
Ssdeep:	1536:Zj3t+/k1S+F3g2vlsEjd2fzs6FlsdJQ/WoioIa3cBPdzcWxRC4dezFTDkn:Zj3tYkwQQQmEjd2ZFli6/riY5avItDkn
Size:	133400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Dataflow.dll
Category:	dropped
Dump:	System.Threading.Tasks.Dataflow.dll.0.dr
ID:	dr_37
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.715559969531241
Encrypted:	false
Ssdeep:	12288:X/ZX6ZS+34JkIT8tA7nPgNK4pFI6yB5v3Jx45WX9gLP:XV+Icur4vi5v5x4IX9gLP
Size:	489752
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Threading.Tasks.Parallel.dll
Category:	dropped
Dump:	System.Threading.Tasks.Parallel.dll.0.dr
ID:	dr_38
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.342375712378606
Encrypted:	false
Ssdeep:	3072:UzCkkW0glfG6WVKdrhYnS+5On3kg9dE8rVP9kiTL:0kWxI6WVKVhjg8rVPOif
Size:	133296
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\System.Transactions.Local.dll
Category:	dropped
Dump:	System.Transactions.Local.dll.0.dr
ID:	dr_39
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
Entropy:	6.673728367333183
Encrypted:	false
Ssdeep:	6144:4J5UP48Vd00bmWIQf2VQIhS3dzGpepguWC4bVUl6lJlD2EL66zP0ARZ9dn3/sx1w:5PJddbmWnf2VQ9bgnzVTFD2S6isx91o3
Size:	661664
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clretwrc.dll
Category:	dropped
Dump:	clretwrc.dll.0.dr
ID:	dr_41
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.240184363331846
Encrypted:	false
Ssdeep:	3072:SE9XK6chFa5y9sh33X+QIa7rGgtfqYZdLqt:xq0FfqYZdLk
Size:	311056
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrgc.dll
Category:	dropped
Dump:	clrgc.dll.0.dr
ID:	dr_43
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.597025509314607
Encrypted:	false
Ssdeep:	6144:6lUe0bQZSn84GFMN5mSVv8pg8OWFODaunfRSzPg9HRfAWbsxLTjjTVSAAbijTwxt:6ZZo8JaN5z+dufRS6xrgSAXTCWon
Size:	668448
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\clrjit.dll
Category:	dropped
Dump:	clrjit.dll.0.dr
ID:	dr_45
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.549282182275219
Encrypted:	false
Ssdeep:	49152:u/m1kU6fimCAYAOwJlfRyraVXxwHkye4asWnwZMN8f:uKAYzolImViHTe4avuf
Size:	1785096
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\coreclr.dll
Category:	dropped
Dump:	coreclr.dll.0.dr
ID:	dr_47
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.559243918969336
Encrypted:	false
Ssdeep:	49152:SFznQSUNeMW/3Pz42WuxpWNbIotHsErN3ocWErFMzHRGNTJc5fnzn7M4Fdpi9Zdo:dexpWNbIotUcsA9FbNF0DcxQ
Size:	5044488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\hostpolicy.dll
Category:	dropped
Dump:	hostpolicy.dll.0.dr
ID:	dr_49
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.332083868536635
Encrypted:	false
Ssdeep:	6144:8LsyeU2urknHxoHs+n1wg1xhDrLj5OAS0+QB02u7FksfEX7RPzfUz:ysyN2urknCHsAwgtrsA6Qu2v7dcz
Size:	393488
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore.dll
Category:	dropped
Dump:	mscordaccore.dll.0.dr
ID:	dr_51
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.358098724993395
Encrypted:	false
Ssdeep:	12288:cABsjnIunobZ5eGiBSk7uf9xg9Y/ydKEPXoRyingNLi0/rqsaoGSZNrWVgi00szd:cjIuG4Sk7ug9Y/ytNe4rqsa0njGzQD
Size:	1338400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordaccore_amd64_amd64_8.0.824.36612.dll
Category:	dropped
Dump:	mscordaccore_amd64_amd64_8.0.824.36612.dll.0.dr
ID:	dr_56
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.358098724993395
Encrypted:	false
Ssdeep:	12288:cABsjnIunobZ5eGiBSk7uf9xg9Y/ydKEPXoRyingNLi0/rqsaoGSZNrWVgi00szd:cjIuG4Sk7ug9Y/ytNe4rqsa0njGzQD
Size:	1338400
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscordbi.dll
Category:	dropped
Dump:	mscordbi.dll.0.dr
ID:	dr_57
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.349941690072582
Encrypted:	false
Ssdeep:	12288:YyL6o2u8NwfPWN0uenPtMDQUxbDjDDF2FZNd0W+/y9RtI/2gTZWQ9s16y6p54yqX:YyL6oXnU0uePtM/DjDDFA7dFiugTypf
Size:	1241520
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\mscorrc.dll
Category:	dropped
Dump:	mscorrc.dll.0.dr
ID:	dr_58
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	3.9056973889632753
Encrypted:	false
Ssdeep:	1536:HIH591YWvh7xR+l5dZU49N9SqignwJ5cvBMgSIctpoECyIWLzH:HIHhal5dZU4dSqHns2SpSkIAT
Size:	136984
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Release_1.7.5.2\shared\Microsoft.NETCore.App\8.0.8\msquic.dll
Category:	dropped
Dump:	msquic.dll.0.dr
ID:	dr_59
Target ID:	0
Process:	C:\Users\user\Desktop\Photoshop_x64_en-us.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.299714405457925
Encrypted:	false
Ssdeep:	12288:q5YDDKStgzRK093ertSfiOMVAXUYYJJOb:qmDxSP6OaLYYJC
Size:	538136
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Photoshop_x64_en-us.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPhotoshop_x64_en-us.exe

Files

Processes

URLs

Memdumps

IOC Report
Photoshop_x64_en-us.exe