Automated Malware Analysis IOC Report for

Details

Filetype:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	7.9898143767353496
Filename:	main.exe
Filesize:	7518347
MD5:	0365c26cf424fc16eb09ac463ebc5b40
SHA1:	3368585d33818bc4fb4599f9a91c9fdcc0903554
SHA256:	2c818ce90a45ce6ae4a445a996713781507881fb3c5826f2a601d16d79f24b38
SHA512:	3c3948a1a4aa6c4ee0b117f9c50fa275a0cd85c8bb61cd198c189b851fee7c6c46d4a1b9740fa71440e7b0199015ab584cdbc6da8d20ef9962f2798550722c26
SSDEEP:	196608:ZFiVhxIqICteEroXxWNE+sKsXXg5SEHkOmJl8F/hUu:uInEroXOsKkXgQh5EJP
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rh.X6...6...6...}q..1...}q......}q..<...&.W.4...&...?...&...'...&.......}q..1...6.......~.../...~...7...Rich6...........PE..d..

Signature Hits	Behavior Group	Mitre Attack
Found pyInstaller with non standard icon	Persistence and Installation Behavior
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Drops PE files	Persistence and Installation Behavior
Enables debug privileges	Anti Debugging
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection
Creates temporary files	System Summary
PE file has an executable .text section and no other executable section	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads software policies	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

Details

File:	C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Category:	dropped
Dump:	qmgr.db.6.dr
ID:	dr_61
Target ID:	6
Process:	C:\Windows\System32\svchost.exe
Type:	Extensible storage engine DataBase, version 0x620, checksum 0xb69c7c6d, page size 16384, DirtyShutdown, Windows version 10.0
Entropy:	0.786469070744569
Encrypted:	false
Size:	1310720
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Category:	dropped
Dump:	StartupProfileData-NonInteractive.4.dr
ID:	dr_60
Target ID:	4
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	data
Entropy:	5.575072935637318
Encrypted:	false
Size:	15200
Whitelisted:	false

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\VCRUNTIME140.dll
Category:	dropped
Dump:	VCRUNTIME140.dll.0.dr
ID:	dr_26
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.424686954579329
Encrypted:	false
Size:	97168
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_bz2.pyd
Category:	dropped
Dump:	_bz2.pyd.0.dr
ID:	dr_27
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.430958049258642
Encrypted:	false
Size:	80112
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_ctypes.pyd
Category:	dropped
Dump:	_ctypes.pyd.0.dr
ID:	dr_28
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.950384810500538
Encrypted:	false
Size:	119024
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_decimal.pyd
Category:	dropped
Dump:	_decimal.pyd.0.dr
ID:	dr_29
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.507382866512779
Encrypted:	false
Size:	247024
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_hashlib.pyd
Category:	dropped
Dump:	_hashlib.pyd.0.dr
ID:	dr_30
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.086945167584943
Encrypted:	false
Size:	59120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_lzma.pyd
Category:	dropped
Dump:	_lzma.pyd.0.dr
ID:	dr_31
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.798408534093874
Encrypted:	false
Size:	153328
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_queue.pyd
Category:	dropped
Dump:	_queue.pyd.0.dr
ID:	dr_32
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.1823978416668455
Encrypted:	false
Size:	26856
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_socket.pyd
Category:	dropped
Dump:	_socket.pyd.0.dr
ID:	dr_33
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.115609697426734
Encrypted:	false
Size:	74480
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\_ssl.pyd
Category:	dropped
Dump:	_ssl.pyd.0.dr
ID:	dr_34
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.9267866538347596
Encrypted:	false
Size:	155888
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-console-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-console-l1-1-0.dll.0.dr
ID:	dr_35
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.744270711412692
Encrypted:	false
Size:	22112
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-datetime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-datetime-l1-1-0.dll.0.dr
ID:	dr_10
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.602255667966723
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-debug-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-debug-l1-1-0.dll.0.dr
ID:	dr_12
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.606873381830854
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-errorhandling-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
ID:	dr_14
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.65169290018864
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-file-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-1-0.dll.0.dr
ID:	dr_16
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.866487428274293
Encrypted:	false
Size:	26216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-file-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l1-2-0.dll.0.dr
ID:	dr_18
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.619913450163593
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-file-l2-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-file-l2-1-0.dll.0.dr
ID:	dr_20
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	7.054510010549814
Encrypted:	false
Size:	18696
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-handle-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-handle-l1-1-0.dll.0.dr
ID:	dr_22
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.625331165566263
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-heap-l1-1-0.dll.0.dr
ID:	dr_23
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.737397647066978
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-interlocked-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-interlocked-l1-1-0.dll.0.dr
ID:	dr_24
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.6569647133331316
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-libraryloader-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
ID:	dr_25
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.882042129450427
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-louserzation-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-louserzation-l1-2-0.dll.0.dr
ID:	dr_36
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.355894399765837
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-memory-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-memory-l1-1-0.dll.0.dr
ID:	dr_37
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.771309314175772
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-namedpipe-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
ID:	dr_38
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.7115212149950185
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-processenvironment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
ID:	dr_39
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.893761152454321
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-processthreads-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-0.dll.0.dr
ID:	dr_40
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.231196901820079
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-processthreads-l1-1-1.dll
Category:	dropped
Dump:	api-ms-win-core-processthreads-l1-1-1.dll.0.dr
ID:	dr_41
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.799245167892134
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-profile-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-profile-l1-1-0.dll.0.dr
ID:	dr_42
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.587063911311469
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-rtlsupport-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
ID:	dr_43
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.754374422741657
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-string-l1-1-0.dll.0.dr
ID:	dr_44
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.664553499673792
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-synch-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-1-0.dll.0.dr
ID:	dr_45
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.146069394118203
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-synch-l1-2-0.dll
Category:	dropped
Dump:	api-ms-win-core-synch-l1-2-0.dll.0.dr
ID:	dr_46
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.834520503429805
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-sysinfo-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
ID:	dr_47
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.916367637528538
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-timezone-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-timezone-l1-1-0.dll.0.dr
ID:	dr_48
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.829681745003914
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-core-util-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-core-util-l1-1-0.dll.0.dr
ID:	dr_49
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.612408827336625
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-conio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-conio-l1-1-0.dll.0.dr
ID:	dr_50
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.918215004381039
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-convert-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-convert-l1-1-0.dll.0.dr
ID:	dr_51
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.882777558752248
Encrypted:	false
Size:	26216
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-environment-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-environment-l1-1-0.dll.0.dr
ID:	dr_52
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.738587310329139
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-filesystem-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
ID:	dr_53
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.202163846121633
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-heap-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-heap-l1-1-0.dll.0.dr
ID:	dr_54
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.866983142029453
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-locale-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-locale-l1-1-0.dll.0.dr
ID:	dr_55
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.828044267819929
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-math-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-math-l1-1-0.dll.0.dr
ID:	dr_56
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.14173409150951
Encrypted:	false
Size:	30328
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-process-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-process-l1-1-0.dll.0.dr
ID:	dr_57
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.883012715268179
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-runtime-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-runtime-l1-1-0.dll.0.dr
ID:	dr_58
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.023753175006074
Encrypted:	false
Size:	26208
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-stdio-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-stdio-l1-1-0.dll.0.dr
ID:	dr_59
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.289041983400337
Encrypted:	false
Size:	26232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-string-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-string-l1-1-0.dll.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.284932479906984
Encrypted:	false
Size:	26232
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-time-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-time-l1-1-0.dll.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	5.253102285412285
Encrypted:	false
Size:	22120
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\api-ms-win-crt-utility-l1-1-0.dll
Category:	dropped
Dump:	api-ms-win-crt-utility-l1-1-0.dll.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	4.810971823417463
Encrypted:	false
Size:	22136
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\base_library.zip
Category:	dropped
Dump:	base_library.zip.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	Zip archive data, at least v2.0 to extract, compression method=store
Entropy:	5.683524985151458
Encrypted:	false
Size:	879278
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\certifi\cacert.pem
Category:	dropped
Dump:	cacert.pem.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	ASCII text
Entropy:	6.047872935262006
Encrypted:	false
Size:	299427
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\charset_normalizer\md.cp310-win_amd64.pyd
Category:	dropped
Dump:	md.cp310-win_amd64.pyd.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	4.82516630102953
Encrypted:	false
Size:	10752
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\charset_normalizer\md__mypyc.cp310-win_amd64.pyd
Category:	dropped
Dump:	md__mypyc.cp310-win_amd64.pyd.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.903697891709302
Encrypted:	false
Size:	122368
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\libcrypto-1_1.dll
Category:	dropped
Dump:	libcrypto-1_1.dll.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.093870626224665
Encrypted:	false
Size:	3429624
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\libffi-7.dll
Category:	dropped
Dump:	libffi-7.dll.0.dr
ID:	dr_8
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.3566777719925565
Encrypted:	false
Size:	32792
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\libssl-1_1.dll
Category:	dropped
Dump:	libssl-1_1.dll.0.dr
ID:	dr_9
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.528361289023932
Encrypted:	false
Size:	695032
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\psutil\_psutil_windows.pyd
Category:	dropped
Dump:	_psutil_windows.pyd.0.dr
ID:	dr_11
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.909456553599775
Encrypted:	false
Size:	67072
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\python3.dll
Category:	dropped
Dump:	python3.dll.0.dr
ID:	dr_13
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.923125956498207
Encrypted:	false
Size:	61680
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\python310.dll
Category:	dropped
Dump:	python310.dll.0.dr
ID:	dr_15
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.4570242533143904
Encrypted:	false
Size:	4471024
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\select.pyd
Category:	dropped
Dump:	select.pyd.0.dr
ID:	dr_17
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.263553120406061
Encrypted:	false
Size:	25320
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\ucrtbase.dll
Category:	dropped
Dump:	ucrtbase.dll.0.dr
ID:	dr_19
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Entropy:	6.669319438805479
Encrypted:	false
Size:	1016584
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\_MEI64762\unicodedata.pyd
Category:	dropped
Dump:	unicodedata.pyd.0.dr
ID:	dr_21
Target ID:	0
Process:	C:\Users\user\Desktop\main.exe
Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	5.373590441522219
Encrypted:	false
Size:	1117936
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Found dropped PE file which has not been started or loaded	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0yqzkk2w.m1k.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_0yqzkk2w.m1k.psm1.7.dr
ID:	dr_62
Target ID:	7
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Size:	60
Whitelisted:	false

Details

File:	C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Category:	dropped
Dump:	Download-1.tmp.6.dr
ID:	dr_63
Target ID:	6
Process:	C:\Windows\System32\svchost.exe
Type:	JSON data
Entropy:	4.306461250274409
Encrypted:	false
Size:	55
Whitelisted:	false

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the system directory	System Summary	Masquerading

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
main.exe

Files

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmain.exe

Files

IPs

IOC Report
main.exe