Source: 0.0.xuy1.exe.400000.0.unpack | Joe Sandbox ML: detected |
Source: 0.1.xuy1.exe.400000.0.unpack | Joe Sandbox ML: detected |
Source: 0.2.xuy1.exe.3ff0000.2.unpack | Joe Sandbox ML: detected |
Source: unknown | TCP traffic detected without corresponding DNS query: 215.56.245.0 |
Source: unknown | TCP traffic detected without corresponding DNS query: 215.56.245.0 |
Source: unknown | TCP traffic detected without corresponding DNS query: 215.56.245.0 |
Source: unknown | TCP traffic detected without corresponding DNS query: 174.60.72.9 |
Source: unknown | TCP traffic detected without corresponding DNS query: 174.60.72.9 |
Source: unknown | TCP traffic detected without corresponding DNS query: 174.60.72.9 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.18.28.52 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.18.28.52 |
Source: unknown | TCP traffic detected without corresponding DNS query: 87.18.28.52 |
Source: unknown | TCP traffic detected without corresponding DNS query: 150.132.134.24 |
Source: global traffic | TCP traffic: 192.168.1.81:49216 -> 215.56.245.0:443 |
Source: global traffic | TCP traffic: 192.168.1.81:49217 -> 174.60.72.9:443 |
Source: global traffic | TCP traffic: 192.168.1.81:49218 -> 87.18.28.52:443 |
Source: global traffic | TCP traffic: 192.168.1.81:49219 -> 150.132.134.24:443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49218 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49219 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49217 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49216 -> 443 |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\\rundll32.exe C:\Users\user~1\Desktop\xuy1.dll,f0 |
Source: xuy1.exe | Static PE information: section name: |
Source: xuy1.exe | Static PE information: Resource name: RT_STRING type: ump; DOS executable (COM) |
Source: C:\Windows\System32\regsvr32.exe | Section loaded: f1.dll |
Source: xuy1.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: classification engine | Classification label: mal68.evad.winEXE@5/1@0/4 |
Source: C:\Users\user\Desktop\xuy1.exe | File created: C:\Users\user\Desktop\xuy1.dll | Jump to behavior |
Source: xuy1.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\xuy1.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Users\user\Desktop\xuy1.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | |
Source: C:\Windows\System32\regsvr32.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | |
Source: C:\Windows\System32\rundll32.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | |
Source: C:\Windows\System32\rundll32.exe | Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | |
Source: C:\Users\user\Desktop\xuy1.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\\rundll32.exe C:\Users\user~1\Desktop\xuy1.dll,f0 |
Source: unknown | Process created: C:\Users\user\Desktop\xuy1.exe 'C:\Users\user\Desktop\xuy1.exe' | |
Source: unknown | Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -s C:\Users\user~1\Desktop\xuy1.dll f1 C:\Users\user~1\Desktop\xuy1.exe@224 | |
Source: unknown | Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\\rundll32.exe C:\Users\user~1\Desktop\xuy1.dll,f0 | |
Source: C:\Users\user\Desktop\xuy1.exe | Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -s C:\Users\user~1\Desktop\xuy1.dll f1 C:\Users\user~1\Desktop\xuy1.exe@224 | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\\rundll32.exe C:\Users\user~1\Desktop\xuy1.dll,f0 | |
Source: xuy1.exe | Static PE information: section name: .newIT |
Source: xuy1.exe | Static PE information: section name: |
Source: xuy1.dll.0.dr | Static PE information: section name: .didata |
Source: unknown | Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -s C:\Users\user~1\Desktop\xuy1.dll f1 C:\Users\user~1\Desktop\xuy1.exe@224 |
Source: initial sample | Static PE information: section name: .text entropy: 7.29911063566 |
Source: C:\Users\user\Desktop\xuy1.exe | File created: C:\Users\user\Desktop\xuy1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\xuy1.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\xuy1.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\regsvr32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\regsvr32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\regsvr32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\regsvr32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\regsvr32.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\System32\rundll32.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Users\user\Desktop\xuy1.exe | Window / User API: threadDelayed 420 | Jump to behavior |
Source: C:\Users\user\Desktop\xuy1.exe | Window / User API: threadDelayed 420 | Jump to behavior |
Source: C:\Users\user\Desktop\xuy1.exe | Dropped PE file which has not been started: C:\Users\user\Desktop\xuy1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\xuy1.exe TID: 2712 | Thread sleep count: 420 > 30 | Jump to behavior |
Source: C:\Users\user\Desktop\xuy1.exe TID: 2588 | Thread sleep count: 420 > 30 | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Process information queried: ProcessInformation |
Source: C:\Users\user\Desktop\xuy1.exe | System information queried: KernelDebuggerInformation |
Source: C:\Windows\System32\rundll32.exe | Network Connect: 87.18.28.52 443 |
Source: C:\Windows\System32\rundll32.exe | Network Connect: 150.132.134.24 443 |
Source: C:\Windows\System32\rundll32.exe | Network Connect: 215.56.245.0 443 |
Source: C:\Windows\System32\rundll32.exe | Network Connect: 174.60.72.9 443 |
Source: C:\Users\user\Desktop\xuy1.exe | Process created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe -s C:\Users\user~1\Desktop\xuy1.dll f1 C:\Users\user~1\Desktop\xuy1.exe@224 | Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe | Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\\rundll32.exe C:\Users\user~1\Desktop\xuy1.dll,f0 | |
Source: rundll32.exe, 00000003.00000002.1645767935.00600000.00000002.sdmp | Binary or memory string: Program Manager |
Source: rundll32.exe, 00000003.00000002.1645767935.00600000.00000002.sdmp | Binary or memory string: Progman |
Source: rundll32.exe, 00000003.00000002.1645767935.00600000.00000002.sdmp | Binary or memory string: Shell_TrayWnd |
Source: C:\Windows\System32\regsvr32.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Users\user\Desktop\xuy1.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid | Jump to behavior |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.