Information Discovery
Reads data out of its own binary image Show sources
| api_process_name | process: c85530bfd84b61f2aaad539a348d3032b934f8a2.exe, pid: 2416, offset: 0x00431999, length: 0x00007c43 |
| api_process_name | process: c85530bfd84b61f2aaad539a348d3032b934f8a2.exe, pid: 2416, offset: 0x004399d6, length: 0x00041bfa |
Hooking and other Techniques for Hiding Protection
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |
Data Obfuscation
Drops a binary and executes it Show sources
| file_dropped | C:\Users\user\AppData\Local\Temp\is-F2R01.tmp\dotnetchk.exe |
| file_dropped | C:\Users\user\AppData\Local\Temp\is-GE8VP.tmp\c85530bfd84b61f2aaad539a348d3032b934f8a2.tmp |