Malware analysis MentalMentor.exe.zip Malicious activity

Add for printing

File name:	MentalMentor.exe.zip
Full analysis:	https://app.any.run/tasks/8102be77-b265-44b8-9dea-8d8d29f6e681
Verdict:	Malicious activity
Analysis date:	March 05, 2024, 10:21:38
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
MD5:	1F24E5D0B720BD1AF2C76FB449C7C4D7
SHA1:	F23B71A01B04C1C0FFB07A502D148A1B8C4A11C2
SHA256:	5B3027C7253EA33207521D30A3B7D20935D193DE8FDE140D43110660176FA56A
SSDEEP:	98304:0zca+7JHM7z+gsJpd5qryVD7xWQ01gq8jQVlisWy7zwU9k/EFTEC0dXWbj8R8UAC:RjJTlH7np

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 3536)
  - MentalMentor.exe (PID: 1836)
  - MentalMentor.tmp (PID: 1692)
  - MentalMentor.exe (PID: 2964)
  - 7z.exe (PID: 3400)
  - 7z.exe (PID: 3324)
  - 7z.exe (PID: 2168)
  - MentalMentor.exe (PID: 1636)
  - MentalMentor.exe (PID: 3100)
  - luminati.exe (PID: 1036)
  - MentalMentor.tmp (PID: 3192)
- Changes the autorun value in the registry
  - mentalmentor.exe (PID: 3088)
SUSPICIOUS
- Executable content was dropped or overwritten
  - MentalMentor.exe (PID: 2964)
  - MentalMentor.exe (PID: 1836)
  - 7z.exe (PID: 2168)
  - 7z.exe (PID: 3400)
  - 7z.exe (PID: 3324)
  - MentalMentor.exe (PID: 1636)
  - luminati.exe (PID: 1036)
  - MentalMentor.exe (PID: 3100)
  - MentalMentor.tmp (PID: 3192)
  - MentalMentor.tmp (PID: 1692)
- Reads the Windows owner or organization settings
  - MentalMentor.tmp (PID: 1692)
  - MentalMentor.tmp (PID: 3192)
- Drops 7-zip archiver for unpacking
  - MentalMentor.tmp (PID: 1692)
- Process drops legitimate windows executable
  - 7z.exe (PID: 2168)
  - luminati.exe (PID: 1036)
- The process drops C-runtime libraries
  - 7z.exe (PID: 2168)
  - luminati.exe (PID: 1036)
- Searches for installed software
  - MentalMentor.tmp (PID: 1692)
- Uses NETSH.EXE to add a firewall rule or allowed programs
  - MentalMentor.tmp (PID: 1692)
- Reads settings of System Certificates
  - mentalmentor.exe (PID: 3088)
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 2500)
- Reads the Internet Settings
  - mentalmentor.exe (PID: 3088)
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 2500)
- Reads security settings of Internet Explorer
  - mentalmentor.exe (PID: 3088)
  - luminati.exe (PID: 1036)
- Reads the date of Windows installation
  - mentalmentor.exe (PID: 3088)
- Detected use of alternative data streams (AltDS)
  - luminati.exe (PID: 1036)
- Adds/modifies Windows certificates
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 2500)
INFO
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 3536)
- Reads the computer name
  - MentalMentor.tmp (PID: 1692)
  - MentalMentor.tmp (PID: 3944)
  - mentalmentor.exe (PID: 3088)
  - MentalMentor.tmp (PID: 124)
  - test_wpf.exe (PID: 3128)
  - MentalMentor.tmp (PID: 3192)
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 2500)
- Create files in a temporary directory
  - MentalMentor.tmp (PID: 1692)
  - MentalMentor.exe (PID: 2964)
  - MentalMentor.exe (PID: 1836)
  - MentalMentor.exe (PID: 1636)
  - MentalMentor.exe (PID: 3100)
  - MentalMentor.tmp (PID: 3192)
  - QtWebEngineProcess.exe (PID: 2500)
- Checks supported languages
  - MentalMentor.tmp (PID: 1692)
  - 7z.exe (PID: 2168)
  - MentalMentor.tmp (PID: 3944)
  - MentalMentor.exe (PID: 1836)
  - 7z.exe (PID: 3400)
  - 7z.exe (PID: 980)
  - mentalmentor.exe (PID: 3088)
  - 7z.exe (PID: 3324)
  - MentalMentor.exe (PID: 1636)
  - luminati.exe (PID: 1036)
  - MentalMentor.tmp (PID: 124)
  - mentalmentor_crashpad_handler.exe (PID: 1780)
  - test_wpf.exe (PID: 3128)
  - MentalMentor.exe (PID: 3100)
  - MentalMentor.tmp (PID: 3192)
  - QtWebEngineProcess.exe (PID: 2500)
  - MentalMentor.exe (PID: 2964)
  - QtWebEngineProcess.exe (PID: 4012)
  - QtWebEngineProcess.exe (PID: 3408)
- Reads the machine GUID from the registry
  - MentalMentor.tmp (PID: 1692)
  - mentalmentor.exe (PID: 3088)
  - test_wpf.exe (PID: 3128)
  - luminati.exe (PID: 1036)
  - MentalMentor.tmp (PID: 3192)
  - QtWebEngineProcess.exe (PID: 2500)
- Creates a software uninstall entry
  - MentalMentor.tmp (PID: 1692)
- Manual execution by a user
  - MentalMentor.exe (PID: 1636)
  - MentalMentor.exe (PID: 2964)
- Creates files in the program directory
  - luminati.exe (PID: 1036)
- Reads Environment values
  - luminati.exe (PID: 1036)
- Reads the software policy settings
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 2500)
- Process checks computer location settings
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 4012)
  - QtWebEngineProcess.exe (PID: 3408)
- Creates files or folders in the user directory
  - luminati.exe (PID: 1036)
  - QtWebEngineProcess.exe (PID: 2500)
- Checks proxy server information
  - luminati.exe (PID: 1036)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	51
ZipBitFlag:	0x0009
ZipCompression:	Unknown (99)
ZipModifyDate:	2024:03:05 11:21:24
ZipCRC:	0xdf47e89b
ZipCompressedSize:	4294967295
ZipUncompressedSize:	4294967295
ZipFileName:	MentalMentor.exe

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

124

"C:\Users\admin\AppData\Local\Temp\is-65B4S.tmp\MentalMentor.tmp" /SL5="$130140,2483341,845312,C:\Users\admin\Desktop\MentalMentor.exe"

C:\Users\admin\AppData\Local\Temp\is-65B4S.tmp\MentalMentor.tmp

—

MentalMentor.exe

User:

admin

Company:

Mental Mentor

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-65b4s.tmp\mentalmentor.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

980

"C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\7z.exe" x "C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\zip_html.7z" -o"C:\Users\admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa

C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\7z.exe

—

MentalMentor.tmp

User:

admin

Company:

Igor Pavlov

Integrity Level:

HIGH

Description:

7-Zip Console

Exit code:

Version:

9.20

Modules

Images
c:\users\admin\appdata\local\temp\is-gc7av.tmp\7z.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

1036

"C:\Users\admin\mentalmentor\luminati\luminati.exe" switch_on

C:\Users\admin\mentalmentor\luminati\luminati.exe

mentalmentor.exe

User:

admin

Integrity Level:

HIGH

Exit code:

100

Modules

Images
c:\users\admin\mentalmentor\luminati\luminati.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\mentalmentor\luminati\lum_sdk32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll

1636

"C:\Users\admin\Desktop\MentalMentor.exe"

C:\Users\admin\Desktop\MentalMentor.exe

explorer.exe

User:

admin

Company:

Mental Mentor

Integrity Level:

MEDIUM

Description:

Mental Mentor Setup

Exit code:

Version:

1.1.0

Modules

Images
c:\users\admin\desktop\mentalmentor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

1692

"C:\Users\admin\AppData\Local\Temp\is-TQPD0.tmp\MentalMentor.tmp" /SL5="$1C01BC,2483341,845312,C:\Users\admin\Desktop\MentalMentor.exe" /SPAWNWND=$140180 /NOTIFYWND=$140158

C:\Users\admin\AppData\Local\Temp\is-TQPD0.tmp\MentalMentor.tmp

MentalMentor.exe

User:

admin

Company:

Mental Mentor

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-tqpd0.tmp\mentalmentor.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

1780

C:\Users\admin\mentalmentor\mentalmentor_crashpad_handler.exe --no-rate-limit --database=C:\Users\admin\mentalmentor\sentry --metrics-dir=C:\Users\admin\mentalmentor\sentry --url=https://o4505329939513344.ingest.sentry.io:443/api/4506451695239168/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=0cb1bfe551768937b10a49cd2122722e --attachment=C:/Users/admin/mentalmentor/sentry/log --attachment=C:\Users\admin\mentalmentor\sentry\67161360-7330-4247-8bc5-7997c029f906.run\__sentry-event --attachment=C:\Users\admin\mentalmentor\sentry\67161360-7330-4247-8bc5-7997c029f906.run\__sentry-breadcrumb1 --attachment=C:\Users\admin\mentalmentor\sentry\67161360-7330-4247-8bc5-7997c029f906.run\__sentry-breadcrumb2 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2b8,0x2f0,0x6d707b7c,0x6d707b90,0x6d707ba0

C:\Users\admin\mentalmentor\mentalmentor_crashpad_handler.exe

—

mentalmentor.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\mentalmentor\mentalmentor_crashpad_handler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll

1836

"C:\Users\admin\Desktop\MentalMentor.exe" /SPAWNWND=$140180 /NOTIFYWND=$140158

C:\Users\admin\Desktop\MentalMentor.exe

MentalMentor.tmp

User:

admin

Company:

Mental Mentor

Integrity Level:

HIGH

Description:

Mental Mentor Setup

Exit code:

Version:

1.1.0

Modules

Images
c:\users\admin\desktop\mentalmentor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2096

"netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\admin\mentalmentor\QtWebEngineProcess.exe" enable=yes

C:\Windows\System32\netsh.exe

—

MentalMentor.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Network Command Shell

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll

2168

"C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\7z.exe" x "C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\zip_libs.7z" -o"C:\Users\admin\mentalmentor\" * -r -aoa

C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\7z.exe

MentalMentor.tmp

User:

admin

Company:

Igor Pavlov

Integrity Level:

HIGH

Description:

7-Zip Console

Exit code:

Version:

9.20

Modules

Images
c:\users\admin\appdata\local\temp\is-gc7av.tmp\7z.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

2500

"C:\Users\admin\mentalmentor\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --application-name=mentalmentor --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2328 /prefetch:8

C:\Users\admin\mentalmentor\QtWebEngineProcess.exe

mentalmentor.exe

User:

admin

Company:

The Qt Company Ltd.

Integrity Level:

HIGH

Description:

C++ Application Development Framework

Exit code:

Version:

5.15.2.0

Modules

Images
c:\users\admin\mentalmentor\qtwebengineprocess.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\mentalmentor\qt5core.dll
c:\windows\system32\mpr.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\profapi.dll

Add for printing

Total events

31 767

Read events

31 424

Write events

320

Delete events

Modification events


(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtBMP
Value:
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtIcon
Value:
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\MentalMentor.exe.zip
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(3536) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120

Add for printing

Executable files

100

Suspicious files

159

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\zip_libs.7z		—
		MD5:—	SHA256:—
2168	7z.exe	C:\Users\admin\mentalmentor\resources\icudtl.dat		—
		MD5:—	SHA256:—
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\idp.dll		executable
		MD5:59FD376F6E67CF49BFB0AC6724140E72	SHA256:88D2DA3783C9EF9B2C9F20224A399FE3607581F338DAEA94F68606A760CC06D5
1836	MentalMentor.exe	C:\Users\admin\AppData\Local\Temp\is-TQPD0.tmp\MentalMentor.tmp		executable
		MD5:0D041F22D598F3A63BDF0E66C448BDAB	SHA256:E6B54015C403E3016B848B18FC488D4D281A752BC9AB2A3324BA4D8EFB642563
1692	MentalMentor.tmp	C:\Users\admin\mentalmentor\settings\temp\install_config		binary
		MD5:5ABCA47D93E0246B6FE1FC57E91202AD	SHA256:BB5FD26B5A16706020A433A0A5A8251ED6D357ED6C690D259E890DD2999EBFE9
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\mentor-inno-lib.dll		executable
		MD5:7D992DE7A01B53B3E243241D4A6DF978	SHA256:2F647A8DC42804459D6ACA834E532D407FD69F93A7FCD908E3BFDA5FAAFCD665
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\zip_lum.7z		compressed
		MD5:AAE7BD94DD15B8DFDCC9538D2005B86D	SHA256:E78C1B6693DBE7E9BC8C22865207269231BF34B68B2E3DF86C46A379A9C07C15
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\zip_bin.7z		compressed
		MD5:B9700977F094BD3B4062184854DD865C	SHA256:051A7C070A3A9A63462A2EF10EB840B959904D760B2D152657D4DD32D6C8213F
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\7z.dll		executable
		MD5:04AD4B80880B32C94BE8D0886482C774	SHA256:A1E1D1F0FFF4FCCCFBDFA313F3BDFEA4D3DFE2C2D9174A615BBC39A0A6929338
1692	MentalMentor.tmp	C:\Users\admin\AppData\Local\Temp\is-GC7AV.tmp\7z.exe		executable
		MD5:A51D90F2F9394F5EA0A3ACAE3BD2B219	SHA256:AC9674FEB8F2FAD20C1E046DE67F899419276AE79A60E8CC021A4BF472AE044F

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2500	QtWebEngineProcess.exe	GET	304	2.19.126.137:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d79921ad3983e44e	unknown	—	—	unknown
2500	QtWebEngineProcess.exe	GET	200	2.23.197.184:80	http://x1.c.lencr.org/	unknown	binary	717 b	unknown
2500	QtWebEngineProcess.exe	GET	200	2.19.126.137:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d7abcb9ae43a867	unknown	compressed	67.5 Kb	unknown
2500	QtWebEngineProcess.exe	GET	200	95.101.54.144:80	http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgMyVAe2n%2Fd3NWK4Oc%2Bri6f1Gg%3D%3D	unknown	binary	503 b	unknown
2500	QtWebEngineProcess.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D	unknown	binary	471 b	unknown
2500	QtWebEngineProcess.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEALtC3OVCOZWrA5DfhxZtQQ%3D	unknown	binary	471 b	unknown
2500	QtWebEngineProcess.exe	GET	200	142.250.186.67:80	http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCimReIRyQtphKmdTNhBzaE	unknown	binary	472 b	unknown
2500	QtWebEngineProcess.exe	GET	200	142.250.186.67:80	http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D	unknown	binary	724 b	unknown
2500	QtWebEngineProcess.exe	GET	200	142.250.186.67:80	http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D	unknown	binary	1.41 Kb	unknown
2500	QtWebEngineProcess.exe	GET	200	104.18.20.226:80	http://ocsp.globalsign.com/rootr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHUeP1PjGFkz6V8I7O6tApc%3D	unknown	binary	1.41 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1692	MentalMentor.tmp	51.158.210.166:443	web.mymentalmentor.net	Online S.a.s.	FR	unknown
3088	mentalmentor.exe	142.250.185.206:443	www.google-analytics.com	GOOGLE	US	whitelisted
3088	mentalmentor.exe	51.158.210.166:443	web.mymentalmentor.net	Online S.a.s.	FR	unknown
3192	MentalMentor.tmp	51.158.210.166:443	web.mymentalmentor.net	Online S.a.s.	FR	unknown
1036	luminati.exe	159.223.133.120:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown
1036	luminati.exe	3.228.177.90:443	—	AMAZON-AES	US	unknown
1036	luminati.exe	161.35.48.195:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown

DNS requests

Domain	IP	Reputation
web.mymentalmentor.net	51.158.210.166	unknown
www.google-analytics.com	142.250.185.206	whitelisted
perr.lum-sdk.io	159.223.133.120 206.189.231.23 192.81.214.145 161.35.48.195	unknown
perr.l-err.biz	159.223.133.120 192.81.214.145 161.35.48.195 206.189.231.23	unknown
web.mentor-staging.mymentalmentor.net	195.154.71.230	unknown
ctldl.windowsupdate.com	2.19.126.137 2.19.126.163	whitelisted
x1.c.lencr.org	2.23.197.184	whitelisted
r3.o.lencr.org	95.101.54.144 95.101.54.139 95.101.54.138 95.101.54.195 95.101.54.107 95.101.54.114 2.16.202.120 95.101.54.145 95.101.54.194	shared
mc.yandex.ru	87.250.250.119 87.250.251.119 93.158.134.119 77.88.21.119	whitelisted
top-fwz1.mail.ru	95.163.52.67	whitelisted

Threats

PID	Process	Class	Message
1080	svchost.exe	Potentially Bad Traffic	ET INFO Observed DNS Query to .biz TLD

Add for printing

Process	Message
mentalmentor.exe	QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
mentalmentor.exe	QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available

General Info

MentalMentor.exe.zip

1F24E5D0B720BD1AF2C76FB449C7C4D7

F23B71A01B04C1C0FFB07A502D148A1B8C4A11C2

5B3027C7253EA33207521D30A3B7D20935D193DE8FDE140D43110660176FA56A

98304:0zca+7JHM7z+gsJpd5qryVD7xWQ01gq8jQVlisWy7zwU9k/EFTEC0dXWbj8R8UAC:RjJTlH7np

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Changes the autorun value in the registry

SUSPICIOUS

Executable content was dropped or overwritten

Reads the Windows owner or organization settings

Drops 7-zip archiver for unpacking

Process drops legitimate windows executable

The process drops C-runtime libraries

Searches for installed software

Uses NETSH.EXE to add a firewall rule or allowed programs

Reads settings of System Certificates

Reads the Internet Settings

Reads security settings of Internet Explorer

Reads the date of Windows installation

Detected use of alternative data streams (AltDS)

Adds/modifies Windows certificates

INFO

Executable content was dropped or overwritten

Reads the computer name

Create files in a temporary directory

Checks supported languages

Reads the machine GUID from the registry

Creates a software uninstall entry

Manual execution by a user

Creates files in the program directory

Reads Environment values

Reads the software policy settings

Process checks computer location settings

Creates files or folders in the user directory

Checks proxy server information

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats