Analysis Date2018-05-19 10:57:52
MD582e94638bd0e7caa1cc050820a0956f7
SHA11e415dce8117d39d0919fce8e1b8651a06441509

Static Details:

AVArcabit (arcavir)No Virus
AVAuthentiumW32/Alureon.D!Generic
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)No Virus
AVAd-AwareNo Virus
AVBitDefenderNo Virus
AVBullGuardNo Virus
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)No Virus
AVFortinetNo Virus
AVFrisk (f-prot)W32/Alureon.D!Generic
AVF-SecureNo Virus
AVIkarusNo Virus
AVK7Error Scanning File
AVKasperskyNo Virus
AVMalwareBytesNo Virus
AVMcafeeRDN/Generic.grp
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)Trojan.Diple
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\1e415dce8117d39d0919fce8e1b8651a06441509.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\68F1.tmp
Creates FileC:\Users\Phil\AppData\Local\Temp\68F1.tmp\La Sombra sobre Riva.BAT
Creates Mutex
Creates Mutex

Process
↳ C:\Windows\SysWOW64\cmd.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\68F1.tmp\La Sombra sobre Riva.BAT
Creates FileC:\Users\Phil\AppData\Local\Temp\68F1.tmp\La Sombra sobre Riva.BAT
Creates FileC:\Users\Phil\AppData\Local\Temp\68F1.tmp\La Sombra sobre Riva.BAT
Creates FileC:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\68F1.tmp\La Sombra sobre Riva.BAT

Network Details:


Raw Pcap

Strings