Analysis Results For: owcovNrPCqmGjiP.exe_ On December 9th, 2014 15:04 the ThreatAnalyzer client taclient7_3 generated a report for analysis #169 with the following attributes: Threat Analyzer Client Windows 7. The sample analyzed had a file type of Win32Application and was 504 KB in size. The MD5 for this sample is a0cab18dda6eb37cc1fa78bb154782f9 According to the Malicious Determination Rules at the time of scan, we have determined this file to pose a High risk. 1/13 Copyright © 2014 ThreatTrack Security Determination Results High Risk: Deletes Original Sample The original file was deleted A Process modified the memory space of another process A Process modified the memory space of another process Medium Risk: Sleeps between 1 minute and 5 minutes Sleeps between 1 minute and 5 minutes Low Risk: Creates Mutex Creates a mutex Creates a Service A service was created Sleeps between 3 seconds and 1 minute Sleeps between 3 seconds and 1 minute Uses HTTP GET method Uses HTTP GET method 2/13 Copyright © 2014 ThreatTrack Security File Activity/Delete File File: C:\owcovNrPCqmGjiP.exe_ File: C:\Windows\TEMP\CabC848.tmp File: C:\Windows\TEMP\TarC849.tmp 3/13 Copyright © 2014 ThreatTrack Security File Activity/Stored Created File File: C:\Windows\IHPwOuluCqitvsQ.exe File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\Temp\CabC848.tmp File: C:\Windows\Temp\TarC849.tmp File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat File: C:\Windows\System32\config\systemprofile\AppData\Local\f5e83w4ef.dat 4/13 Copyright © 2014 ThreatTrack Security File Activity/Stored Modified File File: C:\Windows\AppCompat\Programs\RecentFileCache.bcf File: C:\Windows\AppCompat\Programs\RecentFileCache.bcf File: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 File: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 File: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 File: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 5/13 Copyright © 2014 ThreatTrack Security Registry Activity/Create Key Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications\HelloApp Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications\HelloApp\Recent File List Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications\HelloApp\Settings Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications\HelloApp\Recent File List Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Key Name: \REGISTRY\MACHINE\SOFTWARE\CLASSES Key Name: \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness 6/13 Copyright © 2014 ThreatTrack Security Registry Activity/Delete Key Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications\HelloApp\Recent File List Key Name: \REGISTRY\USER\S-1-5-21-3813451611-814228431-4184891017-1000\Software\Local AppWizard-Generated Applications\HelloApp\Recent File List 7/13 Copyright © 2014 ThreatTrack Security Registry Activity/Set Value Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Data: EnableFileTracing Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Data: EnableConsoleTracing Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Data: FileTracingMask Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Data: ConsoleTracingMask Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Data: MaxFileSize Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASAPI32 Data: FileDirectory Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Data: EnableFileTracing Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Data: EnableConsoleTracing Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Data: FileTracingMask Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Data: ConsoleTracingMask Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Data: MaxFileSize Key Name: \REGISTRY\MACHINE\Software\Microsoft\Tracing\svchost_RASMANCS Data: FileDirectory Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings Data: ProxyEnable Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections Data: SavedLegacySettings Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections Data: DefaultConnectionSettings Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ Data: UNCAsIntranet Key Name: \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ Data: AutoDetect Key Name: \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\5\52C64B7E Data: LanguageList 8/13 Copyright © 2014 ThreatTrack Security Mutex Activity/Create Mutex Mutex Name: \BaseNamedObjects\Global\5efw48e8re54 Mutex Name: \BaseNamedObjects\Local\_!MSFTHISTORY!_ Mutex Name: \BaseNamedObjects\Local\c:!windows!system32!config!systemprofile!appdata!local!microsoft!windows!temporary internet files!content.ie5! Mutex Name: \BaseNamedObjects\Local\c:!windows!system32!config!systemprofile!appdata!roaming!microsoft!windows!cookies! Mutex Name: \BaseNamedObjects\Local\c:!windows!system32!config!systemprofile!appdata!local!microsoft!windows!history!history.ie5! Mutex Name: \BaseNamedObjects\Local\WininetStartupMutex Mutex Name: \BaseNamedObjects\Local\WininetProxyRegistryMutex Mutex Name: \BaseNamedObjects\RasPbFile Mutex Name: \BaseNamedObjects\IESQMMUTEX_0_208 Mutex Name: \BaseNamedObjects\Local\ZonesCounterMutex Mutex Name: \BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex Mutex Name: \BaseNamedObjects\Local\ZonesCacheCounterMutex Mutex Name: \BaseNamedObjects\Local\ZonesLockedCacheCounterMutex Mutex Name: \BaseNamedObjects\Local\!IETld!Mutex 9/13 Copyright © 2014 ThreatTrack Security Network Activity/Network Events Remote IP: 74.125.137.102 (2 times) Remote IP: 8.8.8.8 (18 times) Remote IP: 217.10.68.152 (1 time) Remote IP: 224.0.0.252 (1 time) Remote IP: 109.228.17.158 (21 times) Remote IP: 23.73.181.50 Command: GET 2 times Remote IP: 174.121.8.162 Command: GET 2 times Remote IP: 217.23.8.69 (8 times) Remote IP: 162.159.246.97 Command: GET 18 times Remote IP: 162.159.245.97 Command: GET 14 times Remote IP: 0.0.0.0 (16 times) 10/13 Copyright © 2014 ThreatTrack Security Network Activity/Network Traffic Connection: 8.8.8.8:53 Transmitted: OUTGOING 706 Bytes Transmitted: INCOMING 1.14 KB Connection: 217.10.68.152:3478 Transmitted: OUTGOING 208 Bytes Transmitted: INCOMING 176 Bytes Connection: 224.0.0.252:5355 Transmitted: OUTGOING 44 Bytes Connection: 109.228.17.158:4443 Transmitted: OUTGOING 38.5 KB Transmitted: INCOMING 93.3 KB Connection: 23.73.181.50:80 Transmitted: OUTGOING 217 Bytes Transmitted: INCOMING 55.9 KB Connection: 174.121.8.162:80 Transmitted: OUTGOING 143 Bytes Transmitted: INCOMING 432 KB Connection: 217.23.8.69:443 Transmitted: OUTGOING 3.83 KB Transmitted: INCOMING 1.64 MB Connection: 162.159.246.97:80 Transmitted: OUTGOING 1017 Bytes Transmitted: INCOMING 4.22 KB Connection: 162.159.245.97:80 Transmitted: OUTGOING 791 Bytes Transmitted: INCOMING 3.28 KB 11/13 Copyright © 2014 ThreatTrack Security Network Activity/DNS Activity Requested: stun.sipgate.net, Result: 217.10.68.152 Requested: www.download.windowsupdate.com, Result: 23.73.181.50 Requested: google.com, Result: 74.125.137.102 Requested: google.com, Result: NONE Requested: stun.sipgate.net, Result: 217.10.68.152 Requested: stun.sipgate.net, Result: NONE Requested: user-PC, Result: NONE Requested: user-PC, Result: NONE Requested: user-PC, Result: 0.0.0.0 Requested: wpad, Result: NONE Requested: www.download.windowsupdate.com, Result: NONE Requested: arabian-star.com, Result: NONE Requested: arabian-star.com, Result: 0.0.0.0 Requested: 0.0.0.0, Result: a26.d.akamai.net Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: reseed.i2p-projekt.de, Result: 81.7.7.4 Requested: cowpuncher.drollette.com, Result: NONE Requested: cowpuncher.drollette.com, Result: 0.0.0.0 Requested: reseed.i2p-projekt.de, Result: NONE Requested: reseed.i2p-projekt.de, Result: 0.0.0.0 12/13 Copyright © 2014 ThreatTrack Security Screen Shots 13/13 Copyright © 2014 ThreatTrack Security
© Copyright 2024 ExpyDoc
