Analysis Date2018-02-26 17:05:43
MD5452813620b0e182460919d178337bf2c
SHA1901bd680cfe44c7250ed942dba50da819d1fa6a7

Static Details:

File typePE32 executable (GUI) Intel 80386, for MS Windows
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\THX1138\AppData\Local\Temp\901bd680cfe44c7250ed942dba50da819d1fa6a7.exe

Creates FileC:\Users\THX1138\AppData\Local\Temp\901bd680cfe44c7250ed942dba50da819d1fa6a7.exe
Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\THX1138\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\THX1138
Creates FileC:\Users\THX1138\AppData
Creates FileC:\Users\THX1138\AppData\Local
Creates FileC:\Users\THX1138\AppData\Local\Temp
Creates FileC:\Users\THX1138\AppData\Local\Temp\901bd680cfe44c7250ed942dba50da819d1fa6a7.exe
Creates Mutex
Creates Mutex

Process
↳ C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

Creates Mutex
Creates Mutex
Creates FileC:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
Creates FileC:\Users\THX1138\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
Creates FileC:\Windows\assembly\NativeImages_v2.0.50727_32\index119.dat
Creates FileC:\Windows\System32\l_intl.nls
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Creates FileC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Creates FileC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.Config
Creates FileC:\Windows\assembly\pubpol4.dat
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.Config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
Creates FileC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .


Strings