Try VMRay Platform
Malicious
Classifications

Backdoor

Threat Names

-

Dynamic Analysis Report

Created on 2024-02-13T20:59:44+00:00

83741e7578d11053fd5cbbf15ed253b3.exe

Windows Exe (x86-64)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "21 minutes, 26 seconds" to "30 seconds" to reveal dormant functionality.

Remarks

(0x0200005D): 1959 additional dumps with the reason "Content Changed" and a total of 24426 MB were skipped because the respective maximum limit was reached.

(0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 512 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\83741e7578d11053fd5cbbf15ed253b3.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.16 MB
MD5 83741e7578d11053fd5cbbf15ed253b3 Copy to Clipboard
SHA1 e95948bdfcf0355afc81e913caeb319b7fb1318c Copy to Clipboard
SHA256 beb1e444d4a7e27ca6cb5fe55e9eaa3ecf880c044755d72f7724e7fea8371cd5 Copy to Clipboard
SSDeep 98304:x4RhOygpdPL0UH+TI8zm/tlF2IREpF9MBeE7eUxhx1u:uRhDw+IWQtD2ldJG Copy to Clipboard
ImpHash 9aebf3da4677af9275c461261e5abde3 Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x140C76650
Size Of Code 0x0042B000
Size Of Initialized Data 0x00001000
Size Of Uninitialized Data 0x0084B000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 1970-01-01 00:00 (UTC)
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x140001000 0x0084B000 0x00000000 0x00000200 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x14084C000 0x0042B000 0x0042AA00 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.93
.rsrc 0x140C77000 0x00001000 0x00000600 0x0042AC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.18
Imports (2)
»
KERNEL32.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA - 0x140C77528 0x00C77528 0x0042B128 0x00000000
ExitProcess - 0x140C77530 0x00C77530 0x0042B130 0x00000000
GetProcAddress - 0x140C77538 0x00C77538 0x0042B138 0x00000000
VirtualProtect - 0x140C77540 0x00C77540 0x0042B140 0x00000000
msvcrt.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
exit - 0x140C77550 0x00C77550 0x0042B150 0x00000000
Memory Dumps (30)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF First Execution False 64-bit 0x1403668A0 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Content Changed False 64-bit 0x13FE7E5C0 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Content Changed False 64-bit 0x13F6F14E0 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Content Changed False 64-bit 0x13F749D60 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Content Changed False 64-bit 0x13F733D60 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Content Changed False 64-bit 0x13F71F000 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Content Changed False 64-bit 0x13F726000 False
...
buffer 1 0x2878E000 0x2878FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x2844D000 0x2844FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x280AE000 0x280AFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x27DEE000 0x27DEFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x27B6E000 0x27B6FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x0028D000 0x0028FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00070000 0x0008FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00290000 0x0029FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00410000 0x0044FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00450000 0x00461FFF First Network Behavior False 64-bit - False
...
buffer 1 0x00470000 0x0047FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01CD0000 0x01D0FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01D10000 0x01D4FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01E30000 0x01F2FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x01F30000 0x0272FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x04760000 0x04760FFF First Network Behavior False 64-bit - False
...
buffer 1 0x168B0000 0x168B0FFF First Network Behavior False 64-bit - False
...
buffer 1 0x26730000 0x26F2FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x26F30000 0x2772FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x27730000 0x2782FFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000000000 0xC0003FFFFF First Network Behavior False 64-bit - False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF First Network Behavior False 64-bit 0x13F71EB40 False
...
83741e7578d11053fd5cbbf15ed253b3.exe 1 0x13F6F0000 0x140367FFF Process Termination False 64-bit - False
...
C:\Users\KEECFM~1\AppData\Local\Temp\zTmOZs75.zip Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 443 Bytes
MD5 2ed49e4f1754e952c7b86117ed6e1cb7 Copy to Clipboard
SHA1 9ec791c7a4389634ffd0da200b4af133d1eca5b5 Copy to Clipboard
SHA256 8aade8e26fc302b5381d0dc5a87a6e48b55de08ef9f8d2dd4f534757927aa2b8 Copy to Clipboard
SSDeep 12:5jMPQp5NkKbGqcoXQtM2vpDOwWlZw0gAZATu8xeV1aS/:9UyzSqcoXQtx+7LZGu8xEp/ Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 1
Number of Folders 0
Size of Packed Archive Contents 309 Bytes
Size of Unpacked Archive Contents 542 Bytes
File Format zip
Contents (1)
»
File Name Packed Size Unpacked Size Compression Is Encrypted Modify Time Verdict Recursively Submitted Actions
system.txt 309 Bytes 542 Bytes Deflate False -
Clean
-
...
C:\Users\KEECFM~1\AppData\Local\Temp\system.txt Dropped File Text
Clean
...
»
Also Known As system.txt (Archive File, Miscellaneous File)
Parent File C:\Users\KEECFM~1\AppData\Local\Temp\zTmOZs75.zip
MIME Type text/plain
File Size 542 Bytes
MD5 1f0564f7ddd06c6dae72f9def22335e4 Copy to Clipboard
SHA1 1ce6c8f59bdd04aead26bc222cb924684679304f Copy to Clipboard
SHA256 93e602b729a215adc44335bed89dd55d82f7d0d3c243a6fd8b53aa8e2cc94498 Copy to Clipboard
SSDeep 12:0b3XTHP/h2oQIIdEOFfqo6Bjju9MoJDWYFm:0bnTvZ2oQIEj6BPuxJDxw Copy to Clipboard
ImpHash -
5a12da61bd2003783ac3ce61601020101bb55139664141b171e1030a96e44e34 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 1.09 KB
MD5 8e5d3f008bf624378f6174bb6a28eb6b Copy to Clipboard
SHA1 1b14cdd4a0937706cb1e8b98218bbdf2219338de Copy to Clipboard
SHA256 5a12da61bd2003783ac3ce61601020101bb55139664141b171e1030a96e44e34 Copy to Clipboard
SSDeep 24:YKKn1UD2ZxoqbbYeDAXJOY+dLjvajdSGJn:YED2Zx12VkCjjJn Copy to Clipboard
ImpHash -
02f37f485cfe3f36477c15d029c0628860486227b23e33befed306d302353124 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 313 Bytes
MD5 314212e0199b1b3e80e7ee7b80e0fa54 Copy to Clipboard
SHA1 e317d9392338ae459bbc4f9d1be8aadfe5a518ef Copy to Clipboard
SHA256 02f37f485cfe3f36477c15d029c0628860486227b23e33befed306d302353124 Copy to Clipboard
SSDeep 6:WA7xJV9rxExxZgC1H0//fwLjxoWYINhJjF/W35jY:WA7NP8HHUXUychJJA5k Copy to Clipboard
ImpHash -
41574f1b81210bbe34bd40d6639cffbd29284f21f9c11fe729dad7df069909c4 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 184 Bytes
MD5 ba004b0fe3dd1477556dc07f5c453e42 Copy to Clipboard
SHA1 1d206b0ea04c34d7be5882fb9c93325f34989561 Copy to Clipboard
SHA256 41574f1b81210bbe34bd40d6639cffbd29284f21f9c11fe729dad7df069909c4 Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUaAWqE7uJVIwWAX+wy4kEkD5xAkPMNMBFRfl:YArLob1HKUaAWq5WDwnNkDv5E65fl Copy to Clipboard
ImpHash -
b6c9a83b72bff4e5f2b419f48f86abdd6f862f962385bfe67ee62e53ae083608 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 182 Bytes
MD5 57e84800698b275100fbe665c1c758f0 Copy to Clipboard
SHA1 90502cdd8c52add3b22d645b0fd3dd362f2e94e8 Copy to Clipboard
SHA256 b6c9a83b72bff4e5f2b419f48f86abdd6f862f962385bfe67ee62e53ae083608 Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUaAWqE7uJVIwWAX+wy4kEkD5xAktbRfl:YArLob1HKUaAWq5WDwnNkDv5rfl Copy to Clipboard
ImpHash -
534f40067436a35d1f9b71b6a5c40d5274588967e6edaeda6bd7b9be19d8dc17 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 177 Bytes
MD5 20534ed1999c80fcc806082ceec05f60 Copy to Clipboard
SHA1 0e208185e3742b4675adf9513d11f5c028b444c6 Copy to Clipboard
SHA256 534f40067436a35d1f9b71b6a5c40d5274588967e6edaeda6bd7b9be19d8dc17 Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUaAWqE7uJVIwWAX+wy4kEkD5xAkAcJWHwRfl:YArLob1HKUaAWq5WDwnNkDv5NYHqfl Copy to Clipboard
ImpHash -
9651e33df1b7b22f0dc0990778a4cdcb263471968a72db27dac07867c7d13d00 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 177 Bytes
MD5 8c2c0a76903a11e34f2da9e99781c4dd Copy to Clipboard
SHA1 43947c420f355e20fd741a4e69745a70b671fb3b Copy to Clipboard
SHA256 9651e33df1b7b22f0dc0990778a4cdcb263471968a72db27dac07867c7d13d00 Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUaAWqE7uJVIwWAX+wy4kEkD5xAkpKXBFRfl:YArLob1HKUaAWq5WDwnNkDv5pKX5fl Copy to Clipboard
ImpHash -
00da859b1a29d0428acd3a560e736bffc6b49d8002badc3947f2616da768353f Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 177 Bytes
MD5 b8c938498006d66c87306415ebf8d054 Copy to Clipboard
SHA1 a988bbe012305fde762dbbf3d7123027fcd184b0 Copy to Clipboard
SHA256 00da859b1a29d0428acd3a560e736bffc6b49d8002badc3947f2616da768353f Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUaAWqE7uJVIwWAX+wy4kEkD5xAk0i+fiRfl:YArLob1HKUaAWq5WDwnNkDv5r+f0fl Copy to Clipboard
ImpHash -
b42fbaba331fe0d4db4179ac4b596ea0a3e4df58cb1225f9dffe8eaacb49f892 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 173 Bytes
MD5 3e0648f342b5505758fac610a5652261 Copy to Clipboard
SHA1 c3309b3883a356045048025996d10494baf5c75f Copy to Clipboard
SHA256 b42fbaba331fe0d4db4179ac4b596ea0a3e4df58cb1225f9dffe8eaacb49f892 Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUaAWqE7uJVIwWAX+wy4kEkD5xAk5O8Rfl:YArLob1HKUaAWq5WDwnNkDv555fl Copy to Clipboard
ImpHash -
17eb6a2db6a8f5c8db878efb9c13ad022f3059f2d95291d471c35a314fbfcb62 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 66 Bytes
MD5 bedea9a1bb26ca641307206910ea2b50 Copy to Clipboard
SHA1 deaf103c4f85ae4d0554c6c8467cba4c73c6200f Copy to Clipboard
SHA256 17eb6a2db6a8f5c8db878efb9c13ad022f3059f2d95291d471c35a314fbfcb62 Copy to Clipboard
SSDeep 3:YDUIQPLpKbq0HfyUj:YArLob1HKUj Copy to Clipboard
ImpHash -
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Downloaded File Unknown
Clean
Known to be clean.
...
»
MIME Type application/json
File Size 16 Bytes
MD5 7363e85fe9edee6f053a4b319588c086 Copy to Clipboard
SHA1 a15e2127145548437173fc17f3e980e3f3dee2d0 Copy to Clipboard
SHA256 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Copy to Clipboard
SSDeep 3:YWQRAW64:YWQmq Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 4 Bytes
MD5 37a6259cc0c1dae299a7866489dff0bd Copy to Clipboard
SHA1 2be88ca4242c76e8253ac62474851065032d6833 Copy to Clipboard
SHA256 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b Copy to Clipboard
SSDeep 3:s:s Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image