Windows Analysis Report
Project1.exe

Overview

General Information

Sample name: Project1.exe
Analysis ID: 1428645
MD5: a98614ff6f0fee1d5a158fb077e9784b
SHA1: ae98f356c63118507e02e5c8a671f06b8bc0c18e
SHA256: c90808bf9349b6abeca3b81ce2c5b69331503a231bbd54d03e1816c708e47176
Infos:

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Uses Windows timers to delay execution
Potential time zone aware malware
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: Project1.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Sample file is different than original file name gathered from version info
Source: Project1.exe, 00000000.00000000.1157857916.0000000000485000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilename, vs Project1.exe
Source: Project1.exe Binary or memory string: OriginalFilename, vs Project1.exe
Uses 32bit PE files
Source: Project1.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: sus22.evad.winEXE@5/0@0/0
Source: Project1.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Project1.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Desktop\Project1.exe "C:\Users\user\Desktop\Project1.exe"
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Desktop\Project1.exe "C:\Users\user\Desktop\Project1.exe"
Source: unknown Process created: C:\Users\user\Desktop\Project1.exe "C:\Users\user\Desktop\Project1.exe"
Source: unknown Process created: C:\Users\user\Desktop\Project1.exe "C:\Users\user\Desktop\Project1.exe"
Source: C:\Users\user\Desktop\Project1.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe Window found: window name: TButton Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Uses Windows timers to delay execution
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 60ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 500ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 125ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 125ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 125ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 125ms Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe User Timer Set: Timeout: 125ms Jump to behavior
Potential time zone aware malware
Source: C:\Users\user\Desktop\Project1.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Source: C:\Users\user\Desktop\Project1.exe System information queried: CurrentTimeZoneInformation Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428645 Sample: Project1.exe Startdate: 19/04/2024 Architecture: WINDOWS Score: 22 4 Project1.exe 2->4         started        7 Project1.exe 2->7         started        9 Project1.exe 2->9         started        11 2 other processes 2->11 signatures3 13 Uses Windows timers to delay execution 4->13
No contacted IP infos