Source: C:\Users\u ser\AppDat a\Local\Te mp\is-UMA0 J.tmp\Shar eMouseSetu p.tmp Infects executable files (exe, dll, sys, html)
#Restart sharemouse windows#
Behaviorgraph top1 signatures2 2 Behavior Graph ID: 82245 URL: Startdate: Architecture: WINDOWS Score: 68 56 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 2->56 58 PE file contains more sections than normal 2->58 60 Uses netsh to modify the Windows network and firewall settings 2->60 62 Modifies the windows firewall 2->62 8 ShareMouseSetup.exe 2 2->8 started 11 smService.exe 2->11 started 13 cmd.exe 1 2->13 started process3 file4 34 C:\Users\HERBBL~1\.\ShareMouseSetup.tmp, PE32 8->34 dropped 15 ShareMouseSetup.tmp 29 32 8->15 started 19 ShareMouse.exe 10 11->19 started 21 ShareMouse.exe 8 11->21 started 24 wget.exe 1 13->24 started process5 dnsIp6 36 C:\Program Files\ShareMouse\is-PSD58.tmp, PE32 15->36 dropped 38 C:\Program Files\ShareMouse\is-NJSO4.tmp, PE32 15->38 dropped 40 C:\Program Files\ShareMouse\is-D5OB4.tmp, PE32 15->40 dropped 44 9 other files (4 malicious) 15->44 dropped 50 Infects executable files (exe, dll, sys, html) 15->50 26 net.exe 15->26 started 28 netsh.exe 16 15->28 started 30 smService.exe 15->30 started 52 Creates files in the system32 config directory 19->52 54 Installs a global keyboard hook 19->54 46 255.255.255.255, 1046 unknown Reserved 21->46 48 217.160.0.74, 49161, 80 ONEANDONE-ASBrauerstrasse48DE Germany 24->48 42 C:\Users\user\Desktop\.\ShareMouseSetup.exe, PE32 24->42 dropped file7 signatures8 process9 process10 32 net1.exe 26->32 started
0 kommentar(er)
