Windows Analysis Report
task.exe

Overview

General Information

Sample name: task.exe
Analysis ID: 1429064
MD5: 8a02bf22f75fbf6a3c9172238717ba4c
SHA1: 78543f6ea51a8f49fec95d4ac7631ca0c06be645
SHA256: 5c6c61de91323d8bb5027333b75e9ebfca4e42c5141fd440daed5011943c2545
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)

Classification

Source: task.exe Static PE information: certificate valid
Source: task.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\task\task.pdb source: task.exe
Source: task.exe String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: task.exe String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: task.exe String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: task.exe String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: task.exe String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: task.exe String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: task.exe String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: task.exe String found in binary or memory: http://ocsp.comodoca.com0
Source: task.exe String found in binary or memory: http://ocsp.sectigo.com0
Source: task.exe String found in binary or memory: http://ocsp.sectigo.com0#
Source: task.exe String found in binary or memory: https://sectigo.com/CPS0
Source: classification engine Classification label: clean1.winEXE@2/0@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_03
Source: task.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\task.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\task.exe "C:\Users\user\Desktop\task.exe"
Source: C:\Users\user\Desktop\task.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\task.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\task.exe Section loaded: libcrypto-3-x64.dll Jump to behavior
Source: C:\Users\user\Desktop\task.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\task.exe Section loaded: wtsapi32.dll Jump to behavior
Source: task.exe Static PE information: certificate valid
Source: task.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: task.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: task.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\jenkins\Workspace\BUILD\GitRepos\dca-infra\build_windows_mainline\task\task.pdb source: task.exe
Source: task.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: task.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: task.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: task.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: task.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: task.exe Static PE information: section name: _RDATA
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1429064 Sample: task.exe Startdate: 20/04/2024 Architecture: WINDOWS Score: 1 5 task.exe 1 2->5         started        process3 7 conhost.exe 5->7         started       
No contacted IP infos