Analysis Date2018-06-05 11:20:36
MD5e4de109a9cef3e8ed6d8884ec9829a7e
SHA1040337506f5093ea29afdb40ee0ea647d66e785a

Static Details:

File typePE32 executable (console) Intel 80386, for MS Windows
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\040337506f5093ea29afdb40ee0ea647d66e785a.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\040337506f5093ea29afdb40ee0ea647d66e785a.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\040337506f5093ea29afdb40ee0ea647d66e785a.exe

Network Details:


Raw Pcap

Strings
NB10
bootvrfy.pdb
SUVW3
t$j h
Y_^[
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
msvcrt.dll
_controlfp
_except_handler3
SetServiceStatus
ControlService
OpenServiceW
OpenSCManagerW
NotifyBootConfigStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ADVAPI32.dll
GetLastError
SetEvent
ExitThread
WaitForSingleObject
ExitProcess
CreateEventA
GetModuleHandleA
KERNEL32.dll