Malware analysis 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe Malicious activity

Add for printing

File name:	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe
Full analysis:	https://app.any.run/tasks/1f799208-0e7f-4bbc-a596-72fdf3ad91a7
Verdict:	Malicious activity
Analysis date:	October 19, 2023, 11:47:29
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 64 bit)
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:	DC6F55B6CE634ECD409DC535053EBDBC
SHA1:	2CB8CCF33E22B46B3EA722548EC34A8167A38A67
SHA256:	387E3C8F0F29348AFCC2D36AF37D6FD81A5A8DDE21C8B46F41DBE879679CB2CA
SSDEEP:	49152:RJJJJJJJJJJJJJJJJJfb33333333333333EaS2W846rFddbt/mT/zDU1aXEOB445:832rFdtE/zDU1POB4NN+3U5D0wyCRVCp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.18860 KB4052978
Adobe Acrobat Reader DC MUI (15.007.20033)
Adobe Flash Player 27 ActiveX (27.0.0.187)
Adobe Flash Player 27 NPAPI (27.0.0.187)
Adobe Flash Player 27 PPAPI (27.0.0.187)
CCleaner (5.35)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.33.23)
Java 8 Update 92 (64-bit) (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.1 (4.7.02558)
Microsoft .NET Framework 4.7.1 (4.7.02558)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.177.11)
Microsoft Office Access MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Office 32-bit Components 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.4763.1000)
Microsoft Office Proof (French) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared 32-bit MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Single Image 2010 (14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2005 Redistributable (x64) (8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (11.0.61030.0)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (11.0.61030)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (64-bit x64) (7.5.1)
PowerShell 7-x64 (7.2.11.0)
Skype version 8.100 (8.100)
Update for Microsoft .NET Framework 4.7.1 (KB4054852) (1)
VLC media player (2.2.6)
WinRAR 5.60 (64-bit) (5.60.0)

Add for printing

MALICIOUS
- Loads dropped or rewritten executable
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)
- Drops the executable file immediately after the start
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)
SUSPICIOUS
- Malware-specific behavior (creating "System.dll" in Temp)
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)
- The process creates files with name similar to system file names
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)
INFO
- Reads the computer name
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)
- Checks supported languages
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)
- Create files in a temporary directory
  - 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe (PID: 1492)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2016:04:03 22:18:56+02:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	25088
InitializedDataSize:	141824
UninitializedDataSize:	2048
EntryPoint:	0x33b6
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	3.0.0.0
ProductVersionNumber:	3.0.0.0
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Windows, Latin1
Comments:	Healthsouth Corp
FileVersion:	3.0.0.0
OriginalFileName:	doorward buddhisternes.exe
ProductName:	W.R. Grace & Co

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1492

"C:\Users\admin\AppData\Local\Temp\23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe"

C:\Users\admin\AppData\Local\Temp\23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe

—

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Version:

3.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\23ik-1799-ref09nsep-germamy-tbilis.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\syswow64\kernel32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\user32.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernelbase.dll

Add for printing

Total events

679

Read events

674

Write events

Delete events

Modification events


(PID) Process:	(1492) 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	Key:	HKEY_CURRENT_USER\Software\89
Operation:	write	Name:	Start
Value: user32::ShowWindow(i r3, i 0)
(PID) Process:	(1492) 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	Key:	HKEY_CURRENT_USER\Software\89
Operation:	write	Name:	Start
Value: KERNEL32::CreateFileA(m r4 , i 0x80000000, i 0, p 0, i 4, i 0x80, i 0)i.r5
(PID) Process:	(1492) 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	Key:	HKEY_CURRENT_USER\Software\89
Operation:	write	Name:	Start
Value: KERNEL32::VirtualAlloc(i0,i 79585280, i 0x3000, i 0x40)p.r1
(PID) Process:	(1492) 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	Key:	HKEY_CURRENT_USER\Software\89
Operation:	write	Name:	Start
Value: KERNEL32::SetFilePointer(i r5, i 800 , i 0,i 0)i.r3
(PID) Process:	(1492) 23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	Key:	HKEY_CURRENT_USER\Software\89
Operation:	write	Name:	Start
Value: KERNEL32::ReadFile(ir5, i r1, i 79585280,*i 0, i 0)i.r3

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Deltaerne140\Suborders\Bibelkritikker\lascivious.Und		binary
		MD5:0BD07D5786BC3B47220DF84E051F3C99	SHA256:0D2E1DECDBC885ADE27C255EB12396B4DA48DBD665254A3638AC84D4720FA1FF
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Flyvestationers117\Invigilating\Nivicolous.uli		binary
		MD5:5429E173B67566B34C5EC2D304C8E643	SHA256:07EA7EF9409DBF095A9AE4D8830C9876FC082D4EE7D53E49C95DB79B1172CCE0
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Laciniate245\Storkenbbet\Unthrobbing32\Hungrify\himmelstrgenes.sol		binary
		MD5:8DFE9EF473292D10BDECA94DCEE140BF	SHA256:BDFC2A0FAC80AE8D3D5934AA935B536578BDBD76BA7B3B22A7F55F61DD9A98FF
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\transferotype\Miliolitic\Vraltendes\fritnkernes.kan		binary
		MD5:43426EEA245974FCE1B1D4D312AC0143	SHA256:E65DA0C7574EB717A53E61604E9CA39BAF84E2D2B85BFCD42DF13090BE819823
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\dobbeltdoeren\imperial\Starrify\chromamamin.txt		text
		MD5:52B8AF9E8E24418EBB502C576D5FC9BC	SHA256:8BB8C7C4FB6AC8F17C065AF758351430C0840D16C06FEC4862A570C3BB234478
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Laciniate245\Storkenbbet\Unthrobbing32\Hungrify\raserings.eye		binary
		MD5:9D2E480A6BF409D3BFA58B80EE33A354	SHA256:89C51A6A4C923809461191410D4839E2A9A7CB6B6DB6EFDFE7F4075F3DB224BF
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Laciniate245\Storkenbbet\Unthrobbing32\Hungrify\kbestddet.hun		binary
		MD5:0BBD794777600C79332A0D22227399A5	SHA256:122DE122FDF253BA4610F2038A0017F667C4D56032CE83CECF2DAC0527B7D5BC
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Flyvestationers117\Invigilating\Tilsjoflingers.snu		binary
		MD5:8595AC357E2FCFCC94747DE9C865B8EA	SHA256:C39337580EC390630E7186CB4BCD5074F82BA111C637D088B3A975B1F7E9BA35
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\Flyvestationers117\Invigilating\Jenvrnene.zer		binary
		MD5:A5A3304436A5B30C0D39B217AC000E92	SHA256:B5EFA940818F0069B0DC903A126644A281564501F76E6E27CAD4CB957B0035E7
1492	23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe	C:\Users\admin\vinsort\Mokkerne206\rigsgreves\dobbeltdoeren\imperial\Starrify\Udgangspositionens.non		binary
		MD5:B160D4DCE38CDD43D3143249794F64AE	SHA256:5D760850C41E2717B1997FA8D636273C29EE4A27F60B92008D3E67AB72F78B0E

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1956	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
324	svchost.exe	224.0.0.252:5355	—	—	—	unknown

DNS requests

No data

Threats

No threats detected

Add for printing

No debug info

General Info

23IK-1799-REF09NSEP-GERMAMY-TBILIS.exe

DC6F55B6CE634ECD409DC535053EBDBC

2CB8CCF33E22B46B3EA722548EC34A8167A38A67

387E3C8F0F29348AFCC2D36AF37D6FD81A5A8DDE21C8B46F41DBE879679CB2CA

49152:RJJJJJJJJJJJJJJJJJfb33333333333333EaS2W846rFddbt/mT/zDU1aXEOB445:832rFdtE/zDU1POB4NN+3U5D0wyCRVCp

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Loads dropped or rewritten executable

Drops the executable file immediately after the start

SUSPICIOUS

Malware-specific behavior (creating "System.dll" in Temp)

The process creates files with name similar to system file names

INFO

Reads the computer name

Checks supported languages

Create files in a temporary directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings