Pyongyang stores low on foreign goods amid North Korean COVID-19 paranoia.doc
Created 4 years ago
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "11 minutes" to "1 minute, 50 seconds" to reveal dormant functionality.
Virtual Machine Information
Name | win10_64_rs2_japanese |
Description | Windows 10 x64 Japanese |
Architecture | x86 64-bit |
Operating System | Windows 10 Redstone 2 |
Kernel Version | 10.0.15063.540 (f6f48955-5489-4b24-b4df-942361f0730d) |
Network Scheme Name | Local Gateway |
Network Config Name | Local Gateway |
Analyzer Information
Analyzer Version | 3.2.2 |
Dynamic Engine Version | 3.2.2 / 2020-06-03 06:06 (UTC+) |
Static Engine Version | 1.3.0 / 2020-06-03 06:06 (UTC+) |
Local AV Version | AVCORE v2.1 Linux/x86_64 11.0.1.19 (January 14, 2020) |
Local AV Database Update Release Date | 2020-12-23 13:43:55+00:00 |
VTI Ruleset Version | 3.6 |
YARA Built-in Ruleset Version | 1.5 |
Analysis Report Layout Version | 7 |
Software Information
Adobe Acrobat Reader Version | 18.009.20050 |
Microsoft Office | Microsoft Office |
Microsoft Office Version | 16.0.12228.20364 |
Internet Explorer Version | 11.540.15063.0 |
Chrome Version | 61.0.3163.79 |
Firefox Version | 71.0 |
Flash Version | 25.0.0.148 |
Java Version | 8.0.1440.1 |
System Information
Sample Directory | C:\Users\FD1HVy\Desktop |
Computer Name | NQDPDE |
User Domain | NQDPDE |
User Name | FD1HVy |
User Profile | C:\Users\FD1HVy |
Temp Directory | C:\Users\FD1HVy\AppData\Local\Temp |
System Root | C:\WINDOWS |
Randomly Created Artifacts
This section provides information about processes and files that were created before the analysis was started. This is one of many steps designed to make the analysis system look more realistic and prevent evasion by environment aware malware. The number of randomly generated artifacts can be changed in the configuration.