Try VMRay Platform
Malicious
Classifications

-

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2023-04-22T15:54:03+00:00

78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x02000046): The maximum binlog size was reached. The analysis was terminated prematurely.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes, 10 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 119.50 KB
MD5 fa8117afd2dbd20513522f2f8e991262 Copy to Clipboard
SHA1 f7b876edb8fc0c83fd8b665d3c5a1050d4396302 Copy to Clipboard
SHA256 78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff Copy to Clipboard
SSDeep 3072:KW5yc3Y4SMQwuOekD96R928AN+/uSxo+HHz/bs/k4OS:K83Y5BAxa92KrxTnz/Y/k4O Copy to Clipboard
ImpHash 95c9dbd11f21d2c0fa6c3dccccbdebb5 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00401160
Size Of Code 0x00000600
Size Of Initialized Data 0x0001D400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-07-24 13:21 (UTC)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x000005EC 0x00000600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x00402000 0x00000216 0x00000400 0x00000A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.77
enc 0x00403000 0x0001CE00 0x0001CE00 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.reloc 0x00420000 0x00000040 0x00000200 0x0001DC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.0
Imports (1)
»
KERNEL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCommandLineA - 0x00402000 0x00002180 0x00000B80 0x000001D6
ExitProcess - 0x00402004 0x00002184 0x00000B84 0x0000015E
LoadLibraryA - 0x00402008 0x00002188 0x00000B88 0x000003C1
GetProcAddress - 0x0040200C 0x0000218C 0x00000B8C 0x000002AE
GetCurrentProcessId - 0x00402010 0x00002190 0x00000B90 0x00000218
GetModuleHandleA - 0x00402014 0x00002194 0x00000B94 0x00000275
Memory Dumps (10)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff.exe 1 0x002C0000 0x002E0FFF Relevant Image False 32-bit - False
...
buffer 1 0x00020000 0x0003FFFF First Execution False 32-bit 0x00023ED1 False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x000214ED False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x0002AE74 False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x00029000 False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x000226F1 False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x00028012 False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x00029000 False
...
buffer 1 0x00020000 0x0003FFFF Content Changed False 32-bit 0x00027AE8 False
...
78b592a2710d81fa91235b445f674ee804db39c8cc34f7e894b4e7b7f6eacaff.exe 1 0x002C0000 0x002E0FFF Final Dump False 32-bit - False
...
\\?\C:\EDGEWATER-README.txt Dropped File Stream
Malicious
...
»
Also Known As \\?\c:\program files (x86)\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\program files (x86)\microsoft sql server\110\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\program files (x86)\microsoft sql server\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\program files\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\recovery\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\contacts\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\desktop\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\documents\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\downloads\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\favorites\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\links\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\music\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\pictures\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\saved games\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\searches\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\default\videos\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\contacts\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\desktop\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\documents\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\downloads\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\favorites\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\links\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\keecfmwgj\music\EDGEWATER-README.txt (Dropped File, Accessed File)
\\?\c:\users\public\EDGEWATER-README.txt (Dropped File, Accessed File)
MIME Type application/octet-stream
File Size 5.94 KB
MD5 d256223fdf5617d2d98f4c36618a99db Copy to Clipboard
SHA1 3e5e837dfe29530bbdc49db7446a0703e991b93c Copy to Clipboard
SHA256 8b6acd9b09006c0e62fb7c7bb041aae962d4d3b19bff2d5f1301dc976603fc67 Copy to Clipboard
SSDeep 96:Y//QWroNXhW8mvaGBFvyvWsGhBg5+S12Kh82Re0mCdQ0+4dRKg3dA2cFd:Y//QHOBgsp2Lr+ck Copy to Clipboard
ImpHash -
\\?\c:\recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\boot.sdi.mb8g3x4139 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 3.02 MB
MD5 d02930c7ccd878629e26a30d022b20c6 Copy to Clipboard
SHA1 9ff0a9993e711370344503f487f23f4ec554fb40 Copy to Clipboard
SHA256 57d8efc140e71432c902ee747f206db99e522c5421a019d07f9eb506e1fbf993 Copy to Clipboard
SSDeep 49152:OWNw8Cc0QVF3KVDYAUSYxG8RmKDGA8TqLL1XEeRaLnByN9r9TjkCS:OWNpC3QepUr//DGA1VXMLnBi9r9sCS Copy to Clipboard
ImpHash -
\\?\c:\users\default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.mb8g3x4139 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 512.22 KB
MD5 70f19057565a7b46fab7680adc4f92ff Copy to Clipboard
SHA1 ad2120a60edee5a8d7ab4c3fe189b1adc640e6c2 Copy to Clipboard
SHA256 51a65bf7824ef1fd58c83622da81961422a08455c2b2258ccbfc5818c36fc08d Copy to Clipboard
SSDeep 12288:7iE36Pt+gmCx8PCiy7azODcLXwvyMQnU1Q0X7PLWdQTx1R0SGutr:7ZqwgmvCiy7aWWv0X7T22x1L5x Copy to Clipboard
ImpHash -
\\?\c:\users\default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.mb8g3x4139 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 512.22 KB
MD5 ee944f01dfa00432458915d63fb1ae9e Copy to Clipboard
SHA1 a5b00e5495bb4f3b85b3797516e96ff89cdeca6a Copy to Clipboard
SHA256 46b6334c232d8626ec064fe7ccecc1b111a2df1ca7703b6ac74de303dc0bc127 Copy to Clipboard
SSDeep 12288:OkunlfE88vcBPWjcfw62L7SI8G9ieceRFfz:Oku28jPWnFHSI8G9BceLfz Copy to Clipboard
ImpHash -
\\?\c:\bootmgr.mb8g3x4139 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 375.01 KB
MD5 4a5816247663fb1f55b6752c700a52f9 Copy to Clipboard
SHA1 a2b6c648f1b87e55b9f279ac0bbf00ceab524d13 Copy to Clipboard
SHA256 314f6478d6734e2fe3fa87a05450527233f38e10584d3f90be5a14c0f7a5b66f Copy to Clipboard
SSDeep 6144:hpa1X/KJzfM/K8i80pQY/TNKvEzoRyr3BwLHMOzf6CievIuwdW+orcFran6y4SRA:h4KlMi8inie6EmyrxwLHMiHNIuwjorcf Copy to Clipboard
ImpHash -
\\?\c:\users\default\NTUSER.DAT.LOG1.mb8g3x4139 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 185.22 KB
MD5 7ddafa2146d48a461b7ed2591fa67a21 Copy to Clipboard
SHA1 aa66decc7f8e8c1892c587bd8fbf6df5022e3b04 Copy to Clipboard
SHA256 bb1ae6c23cc592094267d934cc64ea6efec786054fa9605f371b253471d59f1c Copy to Clipboard
SSDeep 3072:mDwctDMb9XvXMG9LfffjbWA1xHzhgfKvQO+smyWDk7+Nx15cCZw6WcbzyV:x+MbNvDLfn+Av/YLyliNx15JVWlV Copy to Clipboard
ImpHash -
\\?\c:\users\default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.mb8g3x4139 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 64.22 KB
MD5 746988a59f5136a80d3eacce15181a43 Copy to Clipboard
SHA1 8874f7093dbdbe66e1f4ff69f5ee857f7aa7ffd0 Copy to Clipboard
SHA256 95cc883f0be118675dc205fced0ffeedbe9168b5fde021354d1c5a74fbeebf2a Copy to Clipboard
SSDeep 1536:oqb5uyWkenIOlM7Ef8fqaHdvkM1YTQwrahOqmHmxFNtOj//Y7:Kb6fqaHdvsGOq9qz/A Copy to Clipboard
ImpHash -
\\?\c:\recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\Winre.wim Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 10.00 MB
MD5 e61954b3316774d5657b752435863b1a Copy to Clipboard
SHA1 49370db4428d66a89800304f8b1db781130cc4be Copy to Clipboard
SHA256 e481a6b6eeefa50475f22daee6bb442bb1e1a26c2cb56fed25043fecfab8775e Copy to Clipboard
SSDeep 196608:eJ/RpTJyvbIxX9kpvFSV6xqojQRljrffo1feRTC+JO7MAVgqBpiTGWs:ePjp59EkV6ZjeljrffowRxMMGciWs Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image