Behavioral Report

Submit
Reports

Overview

overview

Static

static

08751be484...2d.dll

windows7_x64

08751be484...2d.dll

windows10_x64

0a9f79abd4...51.exe

windows7_x64

0a9f79abd4...51.exe

windows10_x64

0di3x.bin.exe

windows7_x64

0di3x.bin.exe

windows10_x64

1.bin/1.exe

windows7_x64

1.bin/1.exe

windows10_x64

4a30275f14...ab.dll

windows7_x64

4a30275f14...ab.dll

windows10_x64

2019-09-02...10.exe

windows7_x64

2019-09-02...10.exe

windows10_x64

2b5e50bc30...ba.dll

windows7_x64

2b5e50bc30...ba.dll

windows10_x64

2c01b00772...eb.exe

windows7_x64

2c01b00772...eb.exe

windows10_x64

31.exe

windows7_x64

31.exe

windows10_x64

3DMark 11 ...on.exe

windows7_x64

3DMark 11 ...on.exe

windows10_x64

42f9729255...61.exe

windows7_x64

42f9729255...61.exe

windows10_x64

42f9729255...1).exe

windows7_x64

42f9729255...1).exe

windows10_x64

5da0116af4...18.exe

windows7_x64

5da0116af4...18.exe

windows10_x64

69c56d12ed...6b.exe

windows7_x64

69c56d12ed...6b.exe

windows10_x64

6a9e7107c9...91.exe

windows7_x64

6a9e7107c9...91.exe

windows10_x64

905d572f23...50.exe

windows7_x64

905d572f23...50.exe

windows10_x64

Resubmissions

19-01-2021 19:24

210119-s26yznnqsn 10

19-11-2020 13:14

201119-s41ec6lt86 10

Analysis

max time kernel
113s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
19-01-2021 19:24

Sharing

Copy URL

Twitter E-mail

Report Files Registry Network Processes Mutex Misc

Static task

static1

Behavioral task

behavioral1

Sample

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll

Resource

win7v20201028

zloader main 26.02.2020 botnet persistence trojan

Behavioral task

behavioral2

Sample

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll

Resource

win10v20201028

zloader main 26.02.2020 botnet persistence trojan

Behavioral task

behavioral3

Sample

0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe

Resource

win7v20201028

Behavioral task

behavioral4

Sample

0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe

Resource

win10v20201028

Behavioral task

behavioral5

Sample

0di3x.bin.exe

Resource

win7v20201028

smokeloader backdoor trojan

Behavioral task

behavioral6

Sample

0di3x.bin.exe

Resource

win10v20201028

smokeloader backdoor trojan

Behavioral task

behavioral7

Sample

1.bin/1.exe

Resource

win7v20201028

agenttesla formbook qakbot raccoon spx129 1590734339 agilenet banker coreentity cryptone keylogger packer ransomware rat rezer0 spyware stealer trojan

Behavioral task

behavioral8

Sample

1.bin/1.exe

Resource

win10v20201028

agenttesla danabot dharma formbook qakbot raccoon spx129 1590734339 agilenet banker botnet coreentity cryptone evasion keylogger packer persistence ransomware rat rezer0 spyware stealer trojan

Behavioral task

behavioral9

Sample

4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll

Resource

win7v20201028

zloader googleaktualizacija googleaktualizacija1 botnet trojan

Behavioral task

behavioral10

Sample

4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll

Resource

win10v20201028

Behavioral task

behavioral11

Sample

2019-09-02_22-41-10.exe

Resource

win7v20201028

smokeloader backdoor trojan

Behavioral task

behavioral12

Sample

2019-09-02_22-41-10.exe

Resource

win10v20201028

smokeloader backdoor trojan

Behavioral task

behavioral13

Sample

2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba.dll

Resource

win7v20201028

zloader 07/04 botnet trojan

Behavioral task

behavioral14

Sample

2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba.dll

Resource

win10v20201028

zloader 07/04 botnet trojan

Behavioral task

behavioral15

Sample

2c01b007729230c415420ad641ad92eb.exe

Resource

win7v20201028

hawkeye nanocore keylogger persistence spyware stealer trojan

Behavioral task

behavioral16

Sample

2c01b007729230c415420ad641ad92eb.exe

Resource

win10v20201028

Behavioral task

behavioral17

Sample

31.exe

Resource

win7v20201028

agenttesla formbook qakbot raccoon spx129 1590734339 agilenet banker coreentity cryptone keylogger packer ransomware rat rezer0 spyware stealer trojan

Behavioral task

behavioral18

Sample

31.exe

Resource

win10v20201028

agenttesla danabot dharma formbook qakbot raccoon spx129 1590734339 agilenet banker botnet coreentity cryptone evasion keylogger packer persistence ransomware rat rezer0 spyware stealer trojan

Behavioral task

behavioral19

Sample

3DMark 11 Advanced Edition.exe

Resource

win7v20201028

Behavioral task

behavioral20

Sample

3DMark 11 Advanced Edition.exe

Resource

win10v20201028

Behavioral task

behavioral21

Sample

42f972925508a82236e8533567487761.exe

Resource

win7v20201028

asyncrat darkcomet warzonerat evasion infostealer persistence rat trojan

Behavioral task

behavioral22

Sample

42f972925508a82236e8533567487761.exe

Resource

win10v20201028

asyncrat darkcomet njrat warzonerat evasion infostealer persistence rat trojan

Behavioral task

behavioral23

Sample

42f972925508a82236e8533567487761(1).exe

Resource

win7v20201028

asyncrat darkcomet warzonerat evasion infostealer persistence rat trojan

Behavioral task

behavioral24

Sample

42f972925508a82236e8533567487761(1).exe

Resource

win10v20201028

asyncrat darkcomet njrat warzonerat evasion infostealer persistence rat trojan

Behavioral task

behavioral25

Sample

5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe

Resource

win7v20201028

discovery persistence upx

Behavioral task

behavioral26

Sample

5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe

Resource

win10v20201028

discovery persistence upx

Behavioral task

behavioral27

Sample

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe

Resource

win7v20201028

hakbit ransomware spyware

Behavioral task

behavioral28

Sample

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe

Resource

win10v20201028

hakbit ransomware spyware

Behavioral task

behavioral29

Sample

6a9e7107c97762eb1196a64baeadb291.exe

Resource

win7v20201028

zloader canadaloads nerino botnet trojan

Behavioral task

behavioral30

Sample

6a9e7107c97762eb1196a64baeadb291.exe

Resource

win10v20201028

zloader canadaloads nerino botnet trojan

Behavioral task

behavioral31

Sample

905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe

Resource

win7v20201028

Behavioral task

behavioral32

Sample

905d572f23883f5f161f920e53473989cf7dffc16643aa759f77842e54add550.exe

Resource

win10v20201028

General

Target

3DMark 11 Advanced Edition.exe
Size

11MB
MD5

236d7524027dbce337c671906c9fe10b
SHA1

7d345aa201b50273176ae0ec7324739d882da32e
SHA256

400b64f8c61623ead9f579b99735b1b0d9febe7c829e8bdafc9b3a3269bbe21c
SHA512

e5c2f87923b3331719261101b2f606298fb66442e56a49708199d8472c1ac4a72130612d3a9c344310f36fcb3cf39e4637f7dd8fb3841c61b01b95bb3794610a

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam ⋅ 1 IoCs

Processes:

3DMark 11 Advanced Edition.exe

pid process

1924 3DMark 11 Advanced Edition.exe

pid	process
1924	3DMark 11 Advanced Edition.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3DMark 11 Advanced Edition.exe

"C:\Users\Admin\AppData\Local\Temp\3DMark 11 Advanced Edition.exe"

Suspicious behavior: GetForegroundWindowSpam

PID:1924

Network

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

memory/1924-2-0x0000000075DE1000-0x0000000075DE3000-memory.dmp

Download
memory/1924-3-0x00000000007A0000-0x00000000007A1000-memory.dmp

Download

Loading data