Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- %APPDATA%\microsoft\windows\start menu\programs\startup\defendersecurity.vbs
Modifies file system
Creates the following files
- %TEMP%\setup.exe
- %APPDATA%\defendersecurity.exe
- %TEMP%\is-tk1sh.tmp\setup.tmp
- %TEMP%\is-lu9ti.tmp\_isetup\_setup64.tmp
- %TEMP%\is-lu9ti.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-lu9ti.tmp\idp.dll
- %TEMP%\is-lu9ti.tmp\isdone.dll
Modifies the following files
- %LOCALAPPDATA%\microsoft\penworkspace\discovercachedata.dat
Network activity
Connects to
- '5.###.159.153':1151
Miscellaneous
Creates and executes the following
- '%TEMP%\setup.exe'
- '%TEMP%\is-tk1sh.tmp\setup.tmp' /SL5="$B01C4,1484696,338944,%TEMP%\Setup.exe"
Restarts the analyzed sample
