Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe
Analysis ID:	1532531
MD5:	6e90c863f1166a43e590204d055ee08a
SHA1:	c02e42892470124601b5b1126b2c780bb0f2c502
SHA256:	54abe3ef576221e0d1341371378f36e9f63e3f5576069573910fcad5cf43b24f
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

AV process strings found (often used to terminate AV products)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Detected potential crypto function

Found large amount of non-executed APIs

One or more processes crash

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	ReversingLabs: Detection: 68%
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Virustotal: Detection: 63%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.0% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: 0_2_00007FF7B8599150 CryptStringToBinaryA,?_Random_device@std@@YAIXZ,_Query_perf_frequency,_Query_perf_counter,log,cos,sin,exp,pow,tan,memset,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,memset,CryptStringToBinaryA,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,malloc,memcpy,getenv,_flushall,CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,free,

0_2_00007FF7B8599150

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb,, source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe
Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: 0_2_00007FF7B85BA518 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,GetFileInformationByHandleEx,GetLastError,CloseHandle,abort,CloseHandle,CloseHandle,abort,

0_2_00007FF7B85BA518

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: 0_2_00007FF7B8597EC0 InternetOpenA,?_Random_device@std@@YAIXZ,_Query_perf_frequency,_Query_perf_counter,log,cos,sin,exp,pow,tan,memset,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,InternetOpenUrlA,InternetReadFile,memcpy,memset,InternetCloseHandle,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7B8597EC0

Source: Amcache.hve.3.dr

String found in binary or memory: http://upx.sf.net

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A4580	0_2_00007FF7B85A4580
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A0640	0_2_00007FF7B85A0640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A36E0	0_2_00007FF7B85A36E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B8599150	0_2_00007FF7B8599150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85B5A00	0_2_00007FF7B85B5A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A59E3	0_2_00007FF7B85A59E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85B9A20	0_2_00007FF7B85B9A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85943E0	0_2_00007FF7B85943E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A73E3	0_2_00007FF7B85A73E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B859D3A0	0_2_00007FF7B859D3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85934B0	0_2_00007FF7B85934B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BA518	0_2_00007FF7B85BA518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B8594640	0_2_00007FF7B8594640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B8597EC0	0_2_00007FF7B8597EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85B3080	0_2_00007FF7B85B3080

One or more processes crash

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6576 -s 380

Source: classification engine

Classification label: mal52.winEXE@2/5@0/0

Source: C:\Windows\System32\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6576

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\872a0ad2-417c-43c2-b1d6-3f71c6bd732b

Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	ReversingLabs: Detection: 68%
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Virustotal: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6576 -s 380

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb,, source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe
Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

API coverage: 2.8 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

0_2_00007FF7B85BA518

Source: Amcache.hve.3.dr	Binary or memory string: VMware
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.3.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: 0_2_00007FF7B85BB480 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7B85BB480

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BB2A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7B85BB2A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BB480 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7B85BB480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BB660 SetUnhandledExceptionFilter,	0_2_00007FF7B85BB660

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: GetLocaleInfoEx,FormatMessageA,

0_2_00007FF7B85BA33C

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: 0_2_00007FF7B85BB6CC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7B85BB6CC

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.3.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: MsMpEng.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_5eddaabcaf5431d6a9e73f24f859e1829c34287e_8bd6df6a_fa43c35e-9b9c-45d3-8592-9ad6b35f7232\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	04734609A9DBC656A44C0E1D90308D94	011EC49124FC0F12DEFC8E37826A071901DF20AD	21882E839C14A7267CE87693C45E538A01E8F9C07EBD6CB2B9B5ECE2F7856FC2
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3282.tmp.dmp	Mini DuMP crash report, 15 streams, Sun Oct 13 13:27:16 2024, 0x1205a4 type	E7D2362E1FE9EAA0A99D9ADA9F88114C	AED17DA830F05AE6BA89D408B80D293457007BF9	3C9E16F2247E65614B6BB0BFB2919617D4CC50B04BF8D70448DF90080BAAD3AF
C:\ProgramData\Microsoft\Windows\WER\Temp\WER331F.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	F47CC0332F28BEAC41C9CCF91D25EB14	954EA88D7ADCFF26989EB7770A8E228F02737FD0	60D1273BEBFF4A245379475A2402153FE47A0E0A6072536D7517892BD01BBA25
C:\ProgramData\Microsoft\Windows\WER\Temp\WER334F.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	95B809442E7B1D55822E833919290129	23F3A13093DD88326E703D5E586FBD37ADAC160D	31A9D7FD56EF4204C395FCEDC5316174FF298FCE473FF517B076CE88898F43CE
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	1E9FF353F66966B5DE35E95ECE664488	BA3105475861B2AD2B75349A461AED21892A81C6	08D9C780EA97A3F24568E4E74E599A1D4959D04E1A1FD7A6EBC7CE15AFB5CD8F

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	ReversingLabs: Detection: 68%
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Virustotal: Detection: 63%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.0% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

0_2_00007FF7B8599150

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb,, source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe
Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

0_2_00007FF7B85BA518

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

0_2_00007FF7B8597EC0

Source: Amcache.hve.3.dr

String found in binary or memory: http://upx.sf.net

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A4580	0_2_00007FF7B85A4580
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A0640	0_2_00007FF7B85A0640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A36E0	0_2_00007FF7B85A36E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B8599150	0_2_00007FF7B8599150
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85B5A00	0_2_00007FF7B85B5A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A59E3	0_2_00007FF7B85A59E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85B9A20	0_2_00007FF7B85B9A20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85943E0	0_2_00007FF7B85943E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85A73E3	0_2_00007FF7B85A73E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B859D3A0	0_2_00007FF7B859D3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85934B0	0_2_00007FF7B85934B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BA518	0_2_00007FF7B85BA518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B8594640	0_2_00007FF7B8594640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B8597EC0	0_2_00007FF7B8597EC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85B3080	0_2_00007FF7B85B3080

One or more processes crash

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6576 -s 380

Source: classification engine

Classification label: mal52.winEXE@2/5@0/0

Source: C:\Windows\System32\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6576

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\872a0ad2-417c-43c2-b1d6-3f71c6bd732b

Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	ReversingLabs: Detection: 68%
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Virustotal: Detection: 63%

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6576 -s 380

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb,, source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe
Source:	Binary string: C:\Calc\Builds\922AVUSVRZEXKB\x64\Release\Loader.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

API coverage: 2.8 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

0_2_00007FF7B85BA518

Source: Amcache.hve.3.dr	Binary or memory string: VMware
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.3.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.3.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.3.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

0_2_00007FF7B85BB480

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BB2A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7B85BB2A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BB480 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7B85BB480
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe	Code function: 0_2_00007FF7B85BB660 SetUnhandledExceptionFilter,	0_2_00007FF7B85BB660

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: GetLocaleInfoEx,FormatMessageA,

0_2_00007FF7B85BA33C

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Code function: 0_2_00007FF7B85BB6CC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7B85BB6CC

AV process strings found (often used to terminate AV products)

Source: Amcache.hve.3.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.dr	Binary or memory string: MsMpEng.exe

ID:	1532531
Product:	CloudBasic
Start time:	15:26:09
Start date:	13.10.2024
Sample:	SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	6e90c863f1166a43e590204d055ee08a
SHA1:	c02e42892470124601b5b1126b2c780bb0f2c502
SHA256:	54abe3ef576221e0d1341371378f36e9f63e3f5576069573910fcad5cf43b24f
Filetype:	Win64 Executable GUI (202006/5) 92.65%

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.14656.24748.exe