Edit tour
Windows
Analysis Report
07lwzQoOuP.exe
Overview
General Information
Sample name: | 07lwzQoOuP.exe (renamed file extension from bin to exe, renamed because original name is a hash value) |
Original sample name: | 5c06818c78b238c60419fae8f263c931f1982ae311a365bc824e0013229ade7b.bin |
Analysis ID: | 1431554 |
MD5: | 7ec9e3fc3f9f3cce7c965e09152726a4 |
SHA1: | f03293a7f7e9a1eb072e689d48c88b5f59858029 |
SHA256: | 5c06818c78b238c60419fae8f263c931f1982ae311a365bc824e0013229ade7b |
Infos: | |
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
.NET source code contains very large strings
Machine Learning detection for sample
Reads the Security eventlog
Reads the System eventlog
Allocates memory with a write watch (potentially for evading sandboxes)
Enables debug privileges
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Uses 32bit PE files
Classification
- System is w10x64
- 07lwzQoOuP.exe (PID: 7436 cmdline:
"C:\Users\ user\Deskt op\07lwzQo OuP.exe" MD5: 7EC9E3FC3F9F3CCE7C965E09152726A4) - conhost.exe (PID: 7444 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |
---|
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | String found in binary or memory: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
System Summary |
---|
Source: | Long String: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Base64 encoded string: |