RE-DEMON(KFTC).exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 2, 2021, 9:54 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.MPRESS1
section	.MPRESS2

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\62E9.tmp\ic.bat

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW April 2, 2021, 9:54 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\62E9.tmp\ic.bat parameters: filepath: C:\Users\test22\AppData\Local\Temp\62E9.tmp\ic.bat	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section	{u'size_of_data': u'0x00004e00', u'virtual_address': u'0x00001000', u'entropy': 7.990990126390301, u'name': u'.MPRESS1', u'virtual_size': u'0x0000d000'}				entropy	7.99099012639				description	A section with a high entropy has been found
entropy	0.764705882353				description	Overall entropy of this PE file is high

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\62E9.tmp

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\62E9.tmp\ic.bat