What Is The Meaning Of The Word Gouttiãƒâ¨re?
Incident Response
Risk Assessment
- Fingerprint
- Reads the agile calculator proper noun
- Evasive
- Marks file for deletion
MITRE ATT&CK™ Techniques Detection
This report has viii indicators that were mapped to 8 assail techniques and 5 tactics. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Go your ain cloud service or the total version to view all details.
- External Systems
- Sample was identified as malicious by a trusted Antivirus engine
- details
- No specific details bachelor
- source
- External System
- relevance
- 5/10
- Sample was identified as malicious past at least one Antivirus engine
- details
- 10/72 Antivirus vendors marked sample as malicious (thirteen% detection rate)
4/23 Antivirus vendors marked sample every bit malicious (17% detection charge per unit) - source
- External System
- relevance
- eight/ten
- Sample was identified as malicious by a trusted Antivirus engine
- Environment Awareness
- Reads the active computer proper noun
- details
- "HSF_3.3.1_B.exe" (Path: "HKLM\Organisation\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Central: "COMPUTERNAME")
- source
- Registry Access
- relevance
- v/x
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Reads the active computer proper noun
- Full general
- Reads configuration files
- details
- "HSF_3.3.1_B.exe" read file "%WINDIR%\win.ini"
- source
- API Phone call
- relevance
- four/10
- Reads configuration files
- System Destruction
- Marks file for deletion
- details
- "C:\HSF_3.3.1_B.exe" marked "%COMMONPROGRAMFILES%\Adobe\__tmp_rar_sfx_access_check_2685609" for deletion
- source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1107 (Show technique in the MITRE ATT&CK™ matrix)
- Opens file with deletion access rights
- details
- "HSF_3.iii.1_B.exe" opened "%COMMONPROGRAMFILES%\Adobe\__tmp_rar_sfx_access_check_2685609" with delete access
- source
- API Call
- relevance
- vii/10
- Marks file for deletion
- Unusual Characteristics
- Imports suspicious APIs
- details
- FindFirstFileW
GetFileAttributesW
OpenFileMappingW
GetTempPathW
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
GetModuleFileNameA
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
CreateThread
TerminateProcess
GetModuleHandleExW
LoadLibraryW
GetVersionExW
GetTickCount
VirtualProtect
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
WriteFile
FindFirstFileExA
FindNextFileW
FindNextFileA
CreateFileW
LockResource
GetCommandLineW
GetCommandLineA
MapViewOfFile
GetModuleHandleW
FindResourceW
Sleep - source
- Static Parser
- relevance
- 1/x
- Installs hooks/patches the running procedure
- details
- "HSF_3.3.1_B.exe" wrote bytes "71117c017a3b7b01ab8b02007f950200fc8c0200729602006cc805001ecd78017d267801" to virtual accost "0x765E07E4" (role of module "USER32.DLL")
- source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Prove technique in the MITRE ATT&CK™ matrix)
- Reads data near supported languages
- details
- "HSF_3.3.1_B.exe" (Path: "HKLM\System\CONTROLSET001\Control\NLS\LOCALE"; Primal: "00000409")
- source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
- Imports suspicious APIs
- Hiding 2 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
- Full general
- Contains PDB pathways
- details
- "D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb"
- source
- String
- relevance
- 1/x
- Drops files marked as make clean
- details
- Antivirus vendors marked dropped file "ico-failed-load-261IbWP.svg" as make clean (type is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "ico-no-results-eq4glWE.svg" as clean (type is "ASCII text with very long lines")
Antivirus vendors marked dropped file "DVA_TeamProject.svg" as clean (blazon is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "product-rune-ILST.svg" as clean (type is "SVG Scalable Vector Graphics image")
Antivirus vendors marked dropped file "product-rune-PHXS.svg" as make clean (type is "SVG Scalable Vector Graphics image")
Antivirus vendors marked dropped file "ico-refresh-2KAV03j.svg" as clean (blazon is "HTML certificate ASCII text")
Antivirus vendors marked dropped file "product-rune-LIRM.svg" as make clean (type is "SVG Scalable Vector Graphics image")
Antivirus vendors marked dropped file "production-rune-DRWV.svg" every bit clean (type is "SVG Scalable Vector Graphics image")
Antivirus vendors marked dropped file "product-rune-MUSE.svg" as clean (type is "SVG Scalable Vector Graphics prototype")
Antivirus vendors marked dropped file "product-rune-FLPR.svg" as clean (type is "HTML certificate ASCII text with very long lines with no line terminators")
Antivirus vendors marked dropped file "ico-general-cc-3YZLMhW.svg" every bit make clean (blazon is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "ico-no-connection-2MLyDaE.svg" every bit make clean (type is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "product-rune-SIMU.svg" as clean (type is "SVG Scalable Vector Graphics image")
Antivirus vendors marked dropped file "CloudSync_Disconnected_light.svg" as clean (blazon is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "product-rune-IDSN.svg" as clean (type is "SVG Scalable Vector Graphics epitome")
Antivirus vendors marked dropped file "product-rune-AEFT.svg" every bit clean (type is "SVG Scalable Vector Graphics epitome")
Antivirus vendors marked dropped file "ico-alert-27UHQdP.svg" as clean (type is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "ico-empty-album-23OL13q.svg" as clean (blazon is "ASCII text with very long lines")
Antivirus vendors marked dropped file "CloudSync_Error_dark.svg" as make clean (type is "HTML document ASCII text with very long lines")
Antivirus vendors marked dropped file "CloudSync_Disconnected_dark.svg" every bit clean (type is "HTML document ASCII text with very long lines") - source
- Extracted File
- relevance
- x/ten
- Loads rich edit control libraries
- details
- "HSF_3.iii.1_B.exe" loaded module "%WINDIR%\SysWOW64\riched20.dll" at 747F0000
- source
- Loaded Module
- ATT&CK ID
- T1179 (Testify technique in the MITRE ATT&CK™ matrix)
- Overview of unique CLSIDs touched in registry
- details
- "HSF_3.three.1_B.exe" touched "Microsoft Multiple AutoComplete List Container" (Path: "HKCU\WOW6432NODE\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}")
"HSF_3.3.1_B.exe" touched "Microsoft Beat out Binder AutoComplete List" (Path: "HKCU\WOW6432NODE\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}")
"HSF_3.3.1_B.exe" touched "Microsoft AutoComplete" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}")
"HSF_3.iii.1_B.exe" touched "Microsoft TipAutoCompleteClient Command" (Path: "HKCU\WOW6432NODE\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\TREATAS") - source
- Registry Access
- relevance
- 3/10
- Scanning for window names
- details
- "HSF_3.3.1_B.exe" searching for form "EDIT"
- source
- API Call
- relevance
- x/10
- ATT&CK ID
- T1010 (Prove technique in the MITRE ATT&CK™ matrix)
- Contains PDB pathways
- Installation/Persistance
- Connects to LPC ports
- details
- "HSF_3.3.1_B.exe" connecting to "\ThemeApiPort"
- source
- API Telephone call
- relevance
- 1/10
- Dropped files
- details
- "ico-failed-load-261IbWP.svg" has type "HTML document ASCII text with very long lines"
"ico-no-results-eq4glWE.svg" has blazon "ASCII text with very long lines"
"DVA_TeamProject.svg" has type "HTML document ASCII text with very long lines"
"production-rune-ILST.svg" has type "SVG Scalable Vector Graphics image"
"production-rune-PHXS.svg" has type "SVG Scalable Vector Graphics image"
"ico-refresh-2KAV03j.svg" has type "HTML certificate ASCII text"
"product-rune-LIRM.svg" has type "SVG Scalable Vector Graphics epitome"
"product-rune-DRWV.svg" has type "SVG Scalable Vector Graphics image"
"product-rune-MUSE.svg" has type "SVG Scalable Vector Graphics image"
"product-rune-FLPR.svg" has type "HTML document ASCII text with very long lines with no line terminators"
"ico-general-cc-3YZLMhW.svg" has type "HTML document ASCII text with very long lines"
"ico-no-connectedness-2MLyDaE.svg" has type "HTML certificate ASCII text with very long lines"
"product-rune-SIMU.svg" has blazon "SVG Scalable Vector Graphics image"
"CloudSync_Disconnected_light.svg" has type "HTML certificate ASCII text with very long lines"
"product-rune-IDSN.svg" has type "SVG Scalable Vector Graphics epitome"
"product-rune-AEFT.svg" has type "SVG Scalable Vector Graphics image"
"ico-alert-27UHQdP.svg" has type "HTML document ASCII text with very long lines"
"ico-empty-album-23OL13q.svg" has type "ASCII text with very long lines"
"CloudSync_Error_dark.svg" has type "HTML certificate ASCII text with very long lines"
"CloudSync_Disconnected_dark.svg" has type "HTML document ASCII text with very long lines" - source
- Extracted File
- relevance
- 3/ten
- Touches files in the Windows directory
- details
- "HSF_3.3.1_B.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"HSF_3.3.1_B.exe" touched file "%WINDIR%\SysWOW64\en-US\user32.dll.mui"
"HSF_3.3.1_B.exe" touched file "%WINDIR%\Fonts\StaticCache.dat"
"HSF_3.iii.1_B.exe" touched file "%WINDIR%\SysWOW64\en-US\msctf.dll.mui" - source
- API Telephone call
- relevance
- 7/10
- Connects to LPC ports
- Network Related
- Found potential URL in binary/memory
- details
- Pattern match: "http://schemas.microsoft.com/SMI/2005/WindowsSettings"
Design lucifer: "http://world wide web.w3.org/2000/svg"
Pattern match: "http://world wide web.w3.org/Graphics/SVG/one.1/DTD/svg11.dtd" - source
- String
- relevance
- 10/10
- Found potential URL in binary/memory
- System Security
- Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
- "HSF_3.3.1_B.exe" opened "\Device\KsecDD"
- source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1215 (Show technique in the MITRE ATT&CK™ matrix)
- Opens the Kernel Security Device Driver (KsecDD) of Windows
- Unusual Characteristics
- Matched Compiler/Packer signature
- details
- "9fd657c12bab2898dca4fcb5a1f504e966cb77f176bdf492cad5afd88b671832.bin" was detected as "VC8 -> Microsoft Corporation"
- source
- Static Parser
- relevance
- x/ten
- ATT&CK ID
- T1045 (Testify technique in the MITRE ATT&CK™ matrix)
- Matched Compiler/Packer signature
File Details
All Details:
HSF_3.three.1_B.exe
- Filename
- HSF_3.iii.1_B.exe
- Size
- 7.7MiB (8042358 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- 9fd657c12bab2898dca4fcb5a1f504e966cb77f176bdf492cad5afd88b671832
- Compiler/Packer
- VC8 -> Microsoft Corporation
- PDB Timestamp
- 02/21/2019 10:16:42 (UTC)
- PDB Pathway
- D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
- PDB GUID
- DED73123587D485D8BD64AEB6744C610
Classification (TrID)
- 61.7% (.EXE) Win64 Executable (generic)
- 14.7% (.DLL) Win32 Dynamic Link Library (generic)
- x.0% (.EXE) Win32 Executable (generic)
- iv.five% (.EXE) OS/2 Executable (generic)
- 4.4% (.EXE) Generic Win/DOS Executable
File Sections
Details | |||||
---|---|---|---|---|---|
File Imports
Screenshots
Loading content, delight wait...
Hybrid Assay
Tip: Click an analysed procedure below to view more than details.
Analysed i process in full.
- HSF_3.3.1_B.exe (PID: 2840) 14/85
Network Assay
DNS Requests
No relevant DNS requests were fabricated.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Files
Displaying 20 extracted file(s). The remaining 252 file(south) are available in the full version and XML/JSON reports.
Notifications
- Not all sources for indicator ID "binary-0" are bachelor in the written report
- Non all sources for indicator ID "binary-16" are bachelor in the report
- Not all sources for indicator ID "string-64" are available in the report
Source: https://www.hybrid-analysis.com/sample/9fd657c12bab2898dca4fcb5a1f504e966cb77f176bdf492cad5afd88b671832/5ea82fbf7a9fa861ec5132b3
Posted by: vujume1956.blogspot.com
0 Response to "What Is The Meaning Of The Word Gouttiãƒâ¨re?"
Post a Comment