Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | String found in binary or memory: file:///c:/ |
Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | String found in binary or memory: file:///c:/1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe |
Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | String found in binary or memory: file:///c:/windows/assembly/gac_msil/microsoft.jscript/8.0.0.0__b03f5f7f11d50a3a/microsoft.jscript.d |
Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | String found in binary or memory: file:///c:/windows/microsoft.net/framework/v2.0.50727/ |
Source: initial sample | Static PE information: real checksum: 0x0 should be: 0x1c700 |
Source: initial sample | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll |
Source: initial sample | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Code function: 2_2_00402047 VirtualAlloc,GetCurrentProcessId,Sleep,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle, | 2_2_00402047 |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll |
Source: initial sample | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: unknown | Process created: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe |
Source: unknown | Process created: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process created: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Code function: 2_2_00404C61: CreateFileA,DeviceIoControl,ExitProcess,CloseHandle,GetModuleFileNameA,GetStartupInfoW, | 2_2_00404C61 |
Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Binary or memory string: Progman |
Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Binary or memory string: Program Manager |
Source: 1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Binary or memory string: Shell_TrayWnd |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Memory written: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe base: 400000 value starts with: 4D5A |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Thread register set: target process: 3100 |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Thread register set: 3100 76F83189 |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Memory allocated: page read and write and page guard |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Code function: 2_2_00402047 VirtualAlloc,GetCurrentProcessId,Sleep,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle, | 2_2_00402047 |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Code function: 2_2_00402047 VirtualAlloc,GetCurrentProcessId,Sleep,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle, | 2_2_00402047 |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Evasive API call chain: DeviceIoControl,DecisionNodes,ExitProcess |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe TID: 3136 | Thread sleep time: -80000ms >= -60000ms |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Code function: CreateFileMappingA,RtlGetLastWin32Error,ExitProcess,Sleep,GetForegroundWindow,Sleep,GetCursorPos,Sleep,GetCursorPos,GetForegroundWindow,CloseHandle,GetModuleFileNameA,GetStartupInfoW, | 2_2_00404B9D |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Code function: CreateFileMappingA,RtlGetLastWin32Error,ExitProcess,Sleep,GetForegroundWindow,Sleep,GetCursorPos,Sleep,GetCursorPos,GetForegroundWindow,CloseHandle,GetModuleFileNameA,GetStartupInfoW, | 2_2_00404B9D |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Sandbox detection routine: GetForegroundWindow, DecisionNode, Sleep |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Sandbox detection routine: GetCursorPos, DecisionNode, Sleep |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\1_reklamacja_forma_klienta_docx-3616a11fa463644fa20d2317c5971378.exe | Process information set: NOOPENFILEERRORBOX |