Malicious
Classifications
Backdoor
Threat Names
Netwire C2/Generic-A Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T09:42:06+00:00
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 minutes, 30 seconds" to "20 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x004D4CF2 |
Size Of Code | 0x000D2E00 |
Size Of Initialized Data | 0x0006A400 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2096-07-01 22:36 (UTC+2) |
Version Information (11)
»
Comments | |
CompanyName | |
FileDescription | Lib Mang Sys |
FileVersion | 1.0.0.0 |
InternalName | BinaryWri.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | |
OriginalFilename | BinaryWri.exe |
ProductName | Lib Mang Sys |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x000D2D10 | 0x000D2E00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.59 |
.rsrc | 0x004D6000 | 0x0006A034 | 0x0006A200 | 0x000D3000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.18 |
.reloc | 0x00542000 | 0x0000000C | 0x00000200 | 0x0013D200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x000D4CC8 | 0x000D2EC8 | 0x00000000 |
Memory Dumps (31)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe | 1 | 0x00400000 | 0x00543FFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x04730000 | 0x0473FFFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x04760000 | 0x04762FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x020A0000 | 0x02131FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe | 1 | 0x00400000 | 0x00543FFF | Final Dump | 32-bit | - |
...
|
||
buffer | 1 | 0x0A7A0000 | 0x0A7E8FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | First Execution | 32-bit | 0x0041AE7B |
...
|
||
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe | 1 | 0x00400000 | 0x00543FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x0041C02E |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x0042407F |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x00427B47 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x0042D69F |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x0041D59D |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x0041FD85 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x004216EF |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x004056D0 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x004088A0 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x0040FFB0 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x00402000 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x00413590 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x00411B60 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x00426FE8 |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | Content Changed | 32-bit | 0x004049A0 |
...
|
||
buffer | 7 | 0x00195000 | 0x0019FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 7 | 0x00400000 | 0x0044FFFF | First Network Behavior | 32-bit | 0x004076AA |
...
|
||
buffer | 7 | 0x006740A0 | 0x0067412F | First Network Behavior | 32-bit | - |
...
|
||
buffer | 7 | 0x006775D8 | 0x00677657 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 7 | 0x0067B198 | 0x0067B3B7 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 7 | 0x00681090 | 0x006813F3 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 7 | 0x00681400 | 0x006821FF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 7 | 0x00682208 | 0x00682A07 | First Network Behavior | 32-bit | - |
...
|
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB163.tmp | Dropped File | Text |
Clean
|
...
|
»