Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
ReversingLabs: Detection: 52% |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Virustotal: Detection: 54% |
Perma Link |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 99.8% probability |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: unknown |
HTTPS traffic detected: 18.166.250.135:443 -> 192.168.2.4:49730 version: TLS 1.2 |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\Ashtin\Desktop\WTF\SolaraBootstrapper\SolaraBootstrapper\bin\Release\Bootstrapper.pdb source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Source: global traffic |
HTTP traffic detected: GET /quiving/Solara/raw/branch/main/Files/endpoint HTTP/1.1Host: gitea.comConnection: Keep-Alive |
Source: Joe Sandbox View |
JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e |
Source: unknown |
UDP traffic detected without corresponding DNS query: 1.1.1.1 |
Source: global traffic |
HTTP traffic detected: GET /quiving/Solara/raw/branch/main/Files/endpoint HTTP/1.1Host: gitea.comConnection: Keep-Alive |
Source: global traffic |
DNS traffic detected: DNS query: gitea.com |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 12:27:01 GMTContent-Type: text/plain;charset=utf-8Content-Length: 11Connection: closeCache-Control: max-age=0, private, must-revalidate, no-transformServer: CaddySet-Cookie: i_like_gitea=775661cd8dc0adc0; Path=/; HttpOnly; Secure; SameSite=LaxSet-Cookie: _csrf=6ppViQ1aeWleoIZL9QKPor9alOY6MTcyODgyMjQyMTcxMzI0NzM3MA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=LaxX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGIN |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2943769676.0000000002A11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://gitea.com |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2943769676.0000000002A11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://gitea.comd |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2943769676.0000000002991000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: https://aka.ms/vs/16/release/vc_redist.x64.exe#vc_redist.x64.exeiVisual |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2943769676.0000000002991000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exeiWebView2 |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2943769676.0000000002991000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://gitea.com |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: https://gitea.com/quiving/Solara/raw/branch/main/Files/endpoint |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
HTTPS traffic detected: 18.166.250.135:443 -> 192.168.2.4:49730 version: TLS 1.2 |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2942925913.0000000000DCE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000000.1696542029.000000000068A000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameSolaraBootstrapper.exeF vs SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Binary or memory string: OriginalFilenameSolaraBootstrapper.exeF vs SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: mal56.evad.winEXE@2/0@1/1 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Mutant created: NULL |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
ReversingLabs: Detection: 52% |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Virustotal: Detection: 54% |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: pv]Error checking WebView2 runtime installation: chttps://go.microsoft.com/fwlink/p/?LinkId=2124703=MicrosoftEdgeWebview2Setup.exe!/silent /installQWebView2 runtime installed successfully.qWebView2 runtime installation failed with exit code {0}.GError installing WebView2 runtime: iSOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64 |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
String found in binary or memory: Version3Error checking registry: ]https://aka.ms/vs/16/release/vc_redist.x64.exe#vc_redist.x64.exeiVisual C++ Redistributable installer downloaded to: 5/install /quiet /norestart |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\Users\Ashtin\Desktop\WTF\SolaraBootstrapper\SolaraBootstrapper\bin\Release\Bootstrapper.pdb source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, DynamicUtils.cs |
.Net Code: CreateSharpArgumentInfoArray |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, LateBoundReflectionDelegateFactory.cs |
.Net Code: CreateDefaultConstructor |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Memory allocated: DA0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Memory allocated: 2990000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Memory allocated: 4990000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe TID: 6848 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe, 00000000.00000002.2942925913.0000000000E05000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Process token adjusted: Debug |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Memory allocated: page read and write | page guard |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |