Windows Analysis Report
SaturdayNight.exe

Overview

General Information

Sample name: SaturdayNight.exe
Analysis ID: 1431507
MD5: 67bce1b3b40e27aea7b0b2c7ad5a689c
SHA1: 0c13e6d533c6aca87184b6f0d1fc0e6062094666
SHA256: 89e22471cada6ad8f4da2a73ed2bc168314d57606ba7f659384f1781c167cba7
Tags: exe
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Queries the volume information (name, serial number etc) of a device
Sigma detected: Execution of Suspicious File Type Extension
Spawns drivers
Uses 32bit PE files

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SaturdayNight.exe ReversingLabs: Detection: 28%
Source: SaturdayNight.exe Virustotal: Detection: 9% Perma Link
Machine Learning detection for sample
Source: SaturdayNight.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SaturdayNight.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SaturdayNight.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\DEV\source\repos\FIAP\FIAP-2023-Exercicios\Release\SaturdayNight.pdb'' source: SaturdayNight.exe
Source: Binary string: C:\Users\DEV\source\repos\FIAP\FIAP-2023-Exercicios\Release\SaturdayNight.pdb source: SaturdayNight.exe
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: api.msn.com
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B1B80 ShowWindow,memset,GetCurrentConsoleFontEx,SetCurrentConsoleFontEx,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,_invalid_parameter_noinfo_noreturn,OpenProcessToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,_invalid_parameter_noinfo_noreturn, 0_2_005B1B80
Detected potential crypto function
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B15B0 0_2_005B15B0
Spawns drivers
Source: unknown Driver loaded: C:\Windows\System32\cdd.dll
Uses 32bit PE files
Source: SaturdayNight.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal52.winEXE@12/1@1/0
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B1B80 ShowWindow,memset,GetCurrentConsoleFontEx,SetCurrentConsoleFontEx,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,_invalid_parameter_noinfo_noreturn,OpenProcessToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,_invalid_parameter_noinfo_noreturn, 0_2_005B1B80
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7132:120:WilError_03
Source: SaturdayNight.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SaturdayNight.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SaturdayNight.exe ReversingLabs: Detection: 28%
Source: SaturdayNight.exe Virustotal: Detection: 9%
Source: unknown Process created: C:\Users\user\Desktop\SaturdayNight.exe "C:\Users\user\Desktop\SaturdayNight.exe"
Source: C:\Users\user\Desktop\SaturdayNight.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x4 /state0:0xa3fbe055 /state1:0x41c64e6d
Source: unknown Process created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknown Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f48055 /state1:0x41c64e6d
Source: unknown Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f57855 /state1:0x41c64e6d
Source: unknown Process created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknown Process created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknown Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f60855 /state1:0x41c64e6d
Source: unknown Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f68055 /state1:0x41c64e6d
Source: unknown Process created: C:\Windows\System32\fontdrvhost.exe "fontdrvhost.exe"
Source: unknown Process created: C:\Windows\System32\LogonUI.exe "LogonUI.exe" /flags:0x2 /state0:0xa3f70055 /state1:0x41c64e6d
Source: C:\Users\user\Desktop\SaturdayNight.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SaturdayNight.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\SaturdayNight.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SaturdayNight.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\SaturdayNight.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: logoncontroller.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.ui.logon.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wincorlib.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.ui.xamlhost.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: languageoverlayutil.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: logoncontroller.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: logoncontroller.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: logoncontroller.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: logoncontroller.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: logoncontroller.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bdc6fc7-83e3-46a4-bfa0-1bc14dbf8b38}\InProcServer32 Jump to behavior
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SaturdayNight.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SaturdayNight.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\DEV\source\repos\FIAP\FIAP-2023-Exercicios\Release\SaturdayNight.pdb'' source: SaturdayNight.exe
Source: Binary string: C:\Users\DEV\source\repos\FIAP\FIAP-2023-Exercicios\Release\SaturdayNight.pdb source: SaturdayNight.exe
Source: SaturdayNight.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SaturdayNight.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SaturdayNight.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SaturdayNight.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SaturdayNight.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\LogonUI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cdd.dll System information queried: ModuleInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B3499 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_005B3499
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B315E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_005B315E
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B35FE SetUnhandledExceptionFilter, 0_2_005B35FE
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B3499 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_005B3499
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B32B5 cpuid 0_2_005B32B5
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\LogonUI.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Windows\System32\LogonUI.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SaturdayNight.exe Code function: 0_2_005B36E7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 0_2_005B36E7
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431507 Sample: SaturdayNight.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 52 17 api.msn.com 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Machine Learning detection for sample 2->21 7 SaturdayNight.exe 1 2->7         started        9 LogonUI.exe 2->9         started        11 LogonUI.exe 2->11         started        13 13 other processes 2->13 signatures3 process4 process5 15 conhost.exe 7->15         started       
No contacted IP infos

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.210.172 true
api.msn.com unknown unknown