Source: task.exe |
Static PE information: certificate valid |
Source: task.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\task\task.pdb source: task.exe |
Source: task.exe |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: task.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
Source: task.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: task.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: task.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
Source: task.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: task.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: task.exe |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: task.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: task.exe |
String found in binary or memory: http://ocsp.sectigo.com0# |
Source: task.exe |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: classification engine |
Classification label: clean1.winEXE@2/0@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_03 |
Source: task.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\task.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\task.exe "C:\Users\user\Desktop\task.exe" |
Source: C:\Users\user\Desktop\task.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\task.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\task.exe |
Section loaded: libcrypto-3-x64.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\task.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\task.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: task.exe |
Static PE information: certificate valid |
Source: task.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: task.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: task.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\task\task.pdb source: task.exe |
Source: task.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: task.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: task.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: task.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: task.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: task.exe |
Static PE information: section name: _RDATA |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |