Dynamic Analysis Report
Created on 2022-01-09T18:09:00
08a6dfeb7adf5eb90703abfab6c1f24a9f93c79e6287213f695c44f0181644ec.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 hours, 3 minutes, 43 seconds" to "27 seconds" to reveal dormant functionality.
(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.
Remarks
(0x0200004A): 7 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 39 MB.
(0x0200005D): 456 additional dumps with the reason "Content Changed" and a total of 2251 MB were skipped because the respective maximum limit was reached.
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\08a6dfeb7adf5eb90703abfab6c1f24a9f93c79e6287213f695c44f0181644ec.exe | Sample File | Binary |
malicious
|
|
| Also Known As | C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Dropped File) |
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 292.00 KB |
| MD5 |
246b41453b996bfa14f60d4785e598ac
|
| SHA1 |
977b7d8cc4237ca4c8a2268aedfff4d83c7d0a86
|
| SHA256 |
08a6dfeb7adf5eb90703abfab6c1f24a9f93c79e6287213f695c44f0181644ec
|
| SSDeep |
6144:Sgs+Lk1QNJlgD6g++0MGnyIh41uzbgwuJ2:SO8QNJlK6g++eh41unnb
|
| ImpHash |
09aef69c73de8322563f63d55badb1aa
|
Memory Dumps (7)
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 1 | 0x02C50000 | 0x02C58FFF | First Execution |
|
32-bit | 0x02C50000 |
|
|
| buffer | 1 | 0x02C60000 | 0x02C68FFF | First Execution |
|
32-bit | 0x02C60000 |
|
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402F47 |
|
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x0040283D |
|
|
| buffer | 2 | 0x01E40000 | 0x01E55FFF | Marked Executable |
|
32-bit | - |
|
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Process Termination |
|
32-bit | - |
|
|
| buffer | 2 | 0x004F0000 | 0x004F5FFF | Process Termination |
|
32-bit | - |
|
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\6951.exe | Downloaded File | Binary |
malicious
|
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 982.00 KB |
| MD5 |
8d5156fdabb28dc8146237b8b8e34758
|
| SHA1 |
029e58f616c8a51c060458de32a302bb2bf59b57
|
| SHA256 |
4b879bc589e17a5e6f70b1aa7b757435eaca9d96fd0e4123c92e5b072df2276e
|
| SSDeep |
12288:WwspTk05ZjoqRCJPUnyQbIkW79mQ3Cezr7aQq/O6j:PZStPCJPijtGmeznhaj
|
| ImpHash |
f34d5f2d4577ed6d9ceec516c1f5a744
|
Memory Dumps (1)
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 6951.exe | 7 | 0x00400000 | 0x004FBFFF | Relevant Image |
|
32-bit | - |
|
|
| C:\Users\RDHJ0C~1\AppData\Local\Temp\6951.tmp | Dropped File | Unknown |
clean
|
|
| MIME Type | - |
| File Size | 0 Bytes |
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SSDeep |
3::
|
| ImpHash | - |
| C:\Users\RDHJ0C~1\AppData\Local\Temp\AA17.exe | Downloaded File | Binary |
clean
|
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 1.76 MB |
| MD5 |
42998272cc32a403814ec2ce7a60b8c5
|
| SHA1 |
28447cc003a78bffc96a067dd5ac907a5abe4b6f
|
| SHA256 |
c3745ed5450b57bc96b753d6f782eca7f48b2b53d0c881b3164d0dcacd4b941e
|
| SSDeep |
49152:RUNx4tTPILbykKH/L8tSgiw5A83hjb/Z:2NxSTPxkeD8oGRtZ
|
| ImpHash |
6ed4f5f04d62b18d96b26d6db7c18840
|
Memory Dumps (25)
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | First Execution |
|
64-bit | 0x008FE9A0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00440D60 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00447DC0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00403E70 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00445830 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00444F10 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00451CB0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00428A30 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x0040D1C0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00408710 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x004360D0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x004166B0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00420F60 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x0045FA10 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00427EE0 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x00421090 |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Content Changed |
|
64-bit | 0x0045A6D3 |
|
|
| buffer | 6 | 0x00160000 | 0x0019FFFF | Final Dump |
|
64-bit | - |
|
|
| buffer | 6 | 0x001A0000 | 0x001C1FFF | Final Dump |
|
64-bit | - |
|
|
| buffer | 6 | 0x001D0000 | 0x001DFFFF | Final Dump |
|
64-bit | - |
|
|
| buffer | 6 | 0x001E0000 | 0x001EFFFF | Final Dump |
|
64-bit | - |
|
|
| buffer | 6 | 0x00B00000 | 0x00B3FFFF | Final Dump |
|
64-bit | - |
|
|
| buffer | 6 | 0x039D0000 | 0x03A0FFFF | Final Dump |
|
64-bit | - |
|
|
| buffer | 6 | 0xC000000000 | 0xC0003FFFFF | Final Dump |
|
64-bit | - |
|
|
| aa17.exe | 6 | 0x00400000 | 0x008FFFFF | Final Dump |
|
64-bit | - |
|
|
