Automated Malware Analysis IOC Report for

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.969351631656782
Filename:	Installe Digicall V1011.exe
Filesize:	8760634
MD5:	ddd4a9bc51107da308b55929d18c512f
SHA1:	9f3ccfe491e05e66696a8af045f613a4703d6a13
SHA256:	13aaab999e072463f83e6a7212f58d7a3b1120a9fafad8b55d2bd1569b78bbd0
SHA512:	2133db3530f8e78b23ef0737799bf89896f7a50eaeaccf8e0ca4bb3645f9feb19d5ab293b4416588dd6a7e5ac1daa5ba3e48fae08166c3911b2bdc83ee99c01e
SSDEEP:	196608:lC2U3LgMuzdcjfoZzovxz5vFka1+DpYNiPBQeWA2FG:wj3Lgdd6o2ZmDDeNiPB3J
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

Signature Hits	Behavior Group	Mitre Attack
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Reads software policies	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\digicall.chm (copy)
Category:	dropped
Dump:	is-9J441.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	MS Windows HtmlHelp Data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\digicall.exe (copy)
Category:	dropped
Dump:	is-O90AP.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\is-9J441.tmp
Category:	dropped
Dump:	is-9J441.tmp.5.dr
ID:	dr_15
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	MS Windows HtmlHelp Data
Entropy:	7.994742595762603
Encrypted:	true
Size:	1544586
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\is-E8BV7.tmp
Category:	dropped
Dump:	is-E8BV7.tmp.5.dr
ID:	dr_11
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.357462143517516
Encrypted:	false
Size:	2565965
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\is-O90AP.tmp
Category:	dropped
Dump:	is-O90AP.tmp.5.dr
ID:	dr_14
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Entropy:	6.745711671370481
Encrypted:	false
Size:	7615488
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\unins000.dat
Category:	dropped
Dump:	unins000.dat.5.dr
ID:	dr_21
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	InnoSetup Log Digicall, version 0x418, 6889 bytes, 760639\37\user\376\, C:\Program Files (x86)\SEPTAM\Digicall\376
Entropy:	3.6745611823304882
Encrypted:	false
Size:	6889
Whitelisted:	false

Details

File:	C:\Program Files (x86)\SEPTAM\Digicall\unins000.exe (copy)
Category:	dropped
Dump:	is-E8BV7.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\Fichiers communs\Borland Shared\BDE\BDEADMIN.TOC (copy)
Category:	dropped
Dump:	BLW32.DLL.9.dr
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Program Files\Fichiers communs\Borland Shared\BDE\IDAPI32.CFG
Category:	modified
Dump:	IDAPI32.CFG1.9.dr
ID:	dr_53
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	3.5747261412982008
Encrypted:	false
Size:	81
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEPTAM\Digicall\Digicall.lnk
Category:	dropped
Dump:	Digicall.lnk.5.dr
ID:	dr_19
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 14 11:20:42 2024, mtime=Mon Oct 14 11:20:42 2024, atime=Thu Sep 23 17:50:12 2021, length=7615488, window=hide
Entropy:	4.591292266101292
Encrypted:	false
Size:	1223
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\INI.DBF (copy)
Category:	dropped
Dump:	is-DMMT4.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 1 record * 30, update-date 120-2-14, codepage ID=0xd, at offset 193 1st record " USB N \032"
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\ADR_IP.DBF (copy)
Category:	dropped
Dump:	is-F6J2P.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 1 record * 88, update-date 120-2-14, at offset 225 1st record " 1025 L \032"
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\COD_ENT.DBF (copy)
Category:	dropped
Dump:	is-83ECB.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 8 records * 36, update-date 120-1-8, at offset 321 1st record "00 00 00 00 "
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\COD_INT.DBF (copy)
Category:	dropped
Dump:	is-BC6UC.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 12 records * 69, update-date 120-11-26, at offset 353 1st record "01 Test cyclique 02 Tension basse "
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\DEST.DBF (copy)
Category:	dropped
Dump:	is-JSQ3P.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 4 records * 85, update-date 119-11-8, at offset 385 1st record "PHONIQUE Public RTC Par d\351faut OOONN PHONIQUE Public RTC Par d\351faut"
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\ENTREE.DBF (copy)
Category:	dropped
Dump:	is-EQRN5.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 8 records * 45, update-date 120-11-25, at offset 257 1st record "11 Entree 1 20 299 21 Entree 2 20 299 31 Entree 3 2"
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\EXPORT.DBF (copy)
Category:	dropped
Dump:	is-58KH7.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	dBase IV, with memo .DBT DBF, no records * 258, update-date 120-6-29, codepage ID=0x57
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\EXPORT.DBT (copy)
Category:	dropped
Dump:	is-24CHN.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	dBase IV DBT of EXPORT.DBF, block length 1024, next free block index 1
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\RESEAU.DBF (copy)
Category:	dropped
Dump:	is-AIU0T.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 1 record * 234, update-date 120-12-15, at offset 1377 1st record "1800100:0000:0021800100:0000:00290 100:0000:002 N 255.255.255.0 "
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\SORTIE.DBF (copy)
Category:	dropped
Dump:	is-KANH1.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 4 records * 9, update-date 120-2-3, at offset 161 1st record "10 10 21 10 33 10 49 10 \032"
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-24CHN.tmp
Category:	dropped
Dump:	is-24CHN.tmp.5.dr
ID:	dr_10
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	dBase IV DBT of EXPORT.DBF, block length 1024, next free block index 1
Entropy:	0.10972292566270775
Encrypted:	false
Size:	1024
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-58KH7.tmp
Category:	dropped
Dump:	is-58KH7.tmp.5.dr
ID:	dr_9
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	dBase IV, with memo .DBT DBF, no records * 258, update-date 120-6-29, codepage ID=0x57
Entropy:	1.947580212430085
Encrypted:	false
Size:	610
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-83ECB.tmp
Category:	dropped
Dump:	is-83ECB.tmp.5.dr
ID:	dr_5
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 8 records * 36, update-date 120-1-8, at offset 321 1st record "00 00 00 00 "
Entropy:	2.0460658430958114
Encrypted:	false
Size:	610
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-AIU0T.tmp
Category:	dropped
Dump:	is-AIU0T.tmp.5.dr
ID:	dr_17
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 1 record * 234, update-date 120-12-15, at offset 1377 1st record "1800100:0000:0021800100:0000:00290 100:0000:002 N 255.255.255.0 "
Entropy:	2.8491180252926878
Encrypted:	false
Size:	1612
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-BC6UC.tmp
Category:	dropped
Dump:	is-BC6UC.tmp.5.dr
ID:	dr_6
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 12 records * 69, update-date 120-11-26, at offset 353 1st record "01 Test cyclique 02 Tension basse "
Entropy:	2.7875339766677105
Encrypted:	false
Size:	1181
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-EQRN5.tmp
Category:	dropped
Dump:	is-EQRN5.tmp.5.dr
ID:	dr_8
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 8 records * 45, update-date 120-11-25, at offset 257 1st record "11 Entree 1 20 299 21 Entree 2 20 299 31 Entree 3 2"
Entropy:	2.881991135093978
Encrypted:	false
Size:	618
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-F6J2P.tmp
Category:	dropped
Dump:	is-F6J2P.tmp.5.dr
ID:	dr_4
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 1 record * 88, update-date 120-2-14, at offset 225 1st record " 1025 L \032"
Entropy:	2.641155623352003
Encrypted:	false
Size:	314
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-JSQ3P.tmp
Category:	dropped
Dump:	is-JSQ3P.tmp.5.dr
ID:	dr_7
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 4 records * 85, update-date 119-11-8, at offset 385 1st record "PHONIQUE Public RTC Par d\351faut OOONN PHONIQUE Public RTC Par d\351faut"
Entropy:	3.1776869083163013
Encrypted:	false
Size:	726
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\Modele\is-KANH1.tmp
Category:	dropped
Dump:	is-KANH1.tmp.5.dr
ID:	dr_18
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 4 records * 9, update-date 120-2-3, at offset 161 1st record "10 10 21 10 33 10 49 10 \032"
Entropy:	2.4722980301131594
Encrypted:	false
Size:	198
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\SITE.DBF (copy)
Category:	dropped
Dump:	is-MKD3L.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III, with memo .DBT DBF, no records * 282, update-date 120-6-23
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\SITE.DBT (copy)
Category:	dropped
Dump:	is-JDG81.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\is-DMMT4.tmp
Category:	dropped
Dump:	is-DMMT4.tmp.5.dr
ID:	dr_3
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III DBF, 1 record * 30, update-date 120-2-14, codepage ID=0xd, at offset 193 1st record " USB N \032"
Entropy:	2.374210285169354
Encrypted:	false
Size:	224
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\is-JDG81.tmp
Category:	dropped
Dump:	is-JDG81.tmp.5.dr
ID:	dr_2
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	data
Entropy:	0.8112781244591328
Encrypted:	false
Size:	4
Whitelisted:	false

Details

File:	C:\Users\Public\Documents\SEPTAM\Digicall\Sites\is-MKD3L.tmp
Category:	dropped
Dump:	is-MKD3L.tmp.5.dr
ID:	dr_16
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	FoxBase+/dBase III, with memo .DBT DBF, no records * 282, update-date 120-6-23
Entropy:	1.9280936447631138
Encrypted:	false
Size:	610
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\BDEADMIN.CNT
Category:	dropped
Dump:	BDEADMIN.CNT.9.dr
ID:	dr_29
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	MS Windows help file Content, based "bdeadmin.hlp", ASCII text, with CRLF line terminators
Entropy:	4.978618003153403
Encrypted:	false
Size:	225
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\BDEADMIN.CPL
Category:	dropped
Dump:	BDEADMIN.CPL.9.dr
ID:	dr_27
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.449655646782206
Encrypted:	false
Size:	183808
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\BDEADMIN.EXE
Category:	dropped
Dump:	BDEADMIN.EXE.9.dr
ID:	dr_26
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.580180591426062
Encrypted:	false
Size:	989176
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\BDEADMIN.HLP
Category:	dropped
Dump:	BDEADMIN.HLP.9.dr
ID:	dr_28
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	MS Windows 3.1 help, Mon Jan 17 21:06:24 2000, 113107 bytes
Entropy:	5.926684908119327
Encrypted:	false
Size:	113107
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\BDEADMIN.TOC
Category:	dropped
Dump:	BDEADMIN.TOC.9.dr
ID:	dr_30
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	MS Windows help file Content, based "BDEADMIN.HLP", ASCII text, with CRLF line terminators
Entropy:	4.92765675838872
Encrypted:	false
Size:	2486
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\BLW32.DLL
Category:	dropped
Dump:	BLW32.DLL.9.dr
ID:	dr_34
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.89083661712598
Encrypted:	false
Size:	45568
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\CEEUROPE.BTL
Category:	dropped
Dump:	CEEUROPE.BTL.9.dr
ID:	dr_38
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	3.977708625391555
Encrypted:	false
Size:	122170
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\CHARSET.CVB
Category:	dropped
Dump:	CHARSET.CVB.9.dr
ID:	dr_42
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	2.541959072132026
Encrypted:	false
Size:	144454
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\DBCLIENT.DLL
Category:	dropped
Dump:	DBCLIENT.DLL.9.dr
ID:	dr_24
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.428101290967193
Encrypted:	false
Size:	210032
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\EUROPE.BTL
Category:	dropped
Dump:	EUROPE.BTL.9.dr
ID:	dr_37
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	3.5106082644295706
Encrypted:	false
Size:	250896
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\FAREAST.BTL
Category:	dropped
Dump:	FAREAST.BTL.9.dr
ID:	dr_39
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	7.851679424126019
Encrypted:	false
Size:	517810
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDAPI32.CFG
Category:	dropped
Dump:	IDAPI32.CFG0.9.dr
ID:	dr_52
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	4.333548170644314
Encrypted:	false
Size:	1602
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDAPI32.DLL
Category:	dropped
Dump:	IDAPI32.DLL.9.dr
ID:	dr_48
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.239138265438483
Encrypted:	false
Size:	589312
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDAPINST.DLL
Category:	dropped
Dump:	IDAPINST.DLL.9.dr
ID:	dr_31
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	6.3137864973394375
Encrypted:	false
Size:	114176
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDASCI32.DLL
Category:	dropped
Dump:	IDASCI32.DLL.9.dr
ID:	dr_45
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.5571551753064705
Encrypted:	false
Size:	116224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDBAT32.DLL
Category:	dropped
Dump:	IDBAT32.DLL.9.dr
ID:	dr_49
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.375782381126306
Encrypted:	false
Size:	139264
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDDA3532.DLL
Category:	dropped
Dump:	IDDA3532.DLL.9.dr
ID:	dr_23
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.391096074737303
Encrypted:	false
Size:	601600
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDDAO32.DLL
Category:	dropped
Dump:	IDDAO32.DLL.9.dr
ID:	dr_22
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.415811035888803
Encrypted:	false
Size:	647168
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDDBAS32.DLL
Category:	dropped
Dump:	IDDBAS32.DLL.9.dr
ID:	dr_44
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.641204694326186
Encrypted:	false
Size:	454144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDDR32.DLL
Category:	dropped
Dump:	IDDR32.DLL.9.dr
ID:	dr_51
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.283033291476495
Encrypted:	false
Size:	167936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDODBC32.DLL
Category:	dropped
Dump:	IDODBC32.DLL.9.dr
ID:	dr_25
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.165759866986007
Encrypted:	false
Size:	436224
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDPDX32.DLL
Category:	dropped
Dump:	IDPDX32.DLL.9.dr
ID:	dr_43
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.468644974676627
Encrypted:	false
Size:	255488
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDQBE32.DLL
Category:	dropped
Dump:	IDQBE32.DLL.9.dr
ID:	dr_46
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.399370498288742
Encrypted:	false
Size:	422400
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDR20009.DLL
Category:	dropped
Dump:	IDR20009.DLL.9.dr
ID:	dr_50
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.0037493787821505
Encrypted:	false
Size:	116736
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\IDSQL32.DLL
Category:	dropped
Dump:	IDSQL32.DLL.9.dr
ID:	dr_47
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	6.297174225153579
Encrypted:	false
Size:	464896
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\InstPak.dat
Category:	dropped
Dump:	InstPak.dat.9.dr
ID:	dr_33
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	7.998881203975629
Encrypted:	true
Size:	3548843
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\JAPAN.BTL
Category:	dropped
Dump:	JAPAN.BTL.9.dr
ID:	dr_40
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	3.222723583729495
Encrypted:	false
Size:	880364
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\OTHER.BTL
Category:	dropped
Dump:	OTHER.BTL.9.dr
ID:	dr_41
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	3.48285090719115
Encrypted:	false
Size:	59950
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\USA.BTL
Category:	dropped
Dump:	USA.BTL.9.dr
ID:	dr_36
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	3.56507279062085
Encrypted:	false
Size:	36458
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\BDED9FE.tmp\bantam.dll
Category:	dropped
Dump:	bantam.dll.9.dr
ID:	dr_35
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy:	5.4996719527661115
Encrypted:	false
Size:	101376
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\BDEF279.tmp (copy)
Category:	dropped
Dump:	IDAPI32.CFG0.9.dr
Target ID:	9
Process:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Category:	dropped
Dump:	Installe Digicall V1011.tmp.2.dr
ID:	dr_0
Target ID:	2
Process:	C:\Users\user\Desktop\Installe Digicall V1011.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.378725232145821
Encrypted:	false
Size:	2535424
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Stores files to the Windows start menu directory	Boot Survival	Registry Run Keys / Startup Folder
Creates files inside the program directory	System Summary	Masquerading
Creates files inside the user directory	System Summary	Masquerading
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Reads ini files	System Summary	File and Directory Discovery
Reads the Windows registered organization settings	System Summary	System Owner/User Discovery
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Executable creates window controls seldom found in malware	System Summary
Reads the Windows registered owner settings	System Summary	System Owner/User Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\BdeInst.dll (copy)
Category:	dropped
Dump:	is-E8GOV.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\MiniReg.exe (copy)
Category:	dropped
Dump:	is-7FACF.tmp.5.dr
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy:	0.0
Encrypted:	false
Size:	0
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading
Drops PE files	Persistence and Installation Behavior
Drops files with a non-matching file extension (content does not match file extension)	Persistence and Installation Behavior	Masquerading
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Enumerates the file system	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Parts of this applications are using Borland Delphi (Probably coded in Delphi)	System Summary
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading

Details

File:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\_isetup\_setup64.tmp
Category:	dropped
Dump:	_setup64.tmp.5.dr
ID:	dr_1
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	4.720366600008286
Encrypted:	false
Size:	6144
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\is-7FACF.tmp
Category:	dropped
Dump:	is-7FACF.tmp.5.dr
ID:	dr_12
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy:	6.3021524555472315
Encrypted:	false
Size:	171008
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Detected Delphi use of System.ParamCount	System Summary

Details

File:	C:\Users\user\AppData\Local\Temp\is-TBQK0.tmp\is-E8GOV.tmp
Category:	dropped
Dump:	is-E8GOV.tmp.5.dr
ID:	dr_13
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy:	7.974887824923143
Encrypted:	false
Size:	3853824
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\Desktop\Digicall.lnk
Category:	dropped
Dump:	Digicall.lnk0.5.dr
ID:	dr_20
Target ID:	5
Process:	C:\Users\user\AppData\Local\Temp\is-4P88U.tmp\Installe Digicall V1011.tmp
Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 14 11:20:42 2024, mtime=Mon Oct 14 11:20:42 2024, atime=Thu Sep 23 17:50:12 2021, length=7615488, window=hide
Entropy:	4.615239147800305
Encrypted:	false
Size:	1199
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Installe Digicall V1011.exe

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportInstalle Digicall V1011.exe

Files

IOC Report
Installe Digicall V1011.exe