Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

7.5RabbitFix_V9.exe

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	2.306381189642222
Filename:	7.5RabbitFix_V9.exe
Filesize:	215040
MD5:	7ec9e3fc3f9f3cce7c965e09152726a4
SHA1:	f03293a7f7e9a1eb072e689d48c88b5f59858029
SHA256:	5c06818c78b238c60419fae8f263c931f1982ae311a365bc824e0013229ade7b
SHA512:	188b73dfbfc455e016f22c9fdd38efc299e01a3ace6d63cdb44502c0d0427a3814a035400542b76e750753210d331760ce727778e8daa6da50dd0fe781d7da68
SSDEEP:	1536:guTnxtpihge85PbBVKx38ebscHWch0fp:zTnxvihgb5zTeb9/h0fp
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4.]................................. ........@.. ....................................@................................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
.NET source code contains potential unpacker	Data Obfuscation	Software Packing
.NET source code contains very large strings	System Summary
Reads the Security eventlog	Spam, unwanted Advertisements and Ransom Demands
Reads the System eventlog	Spam, unwanted Advertisements and Ransom Demands
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Uses 32bit PE files	Compliance, System Summary
.NET source code contains long base64-encoded strings	System Summary	Disable or Modify Tools Obfuscated Files or Information
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eb35rycq.bcr.psm1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eb35rycq.bcr.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_eb35rycq.bcr.psm1.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\7.5RabbitFix_V9.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Size:	60
Whitelisted:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
7.5RabbitFix_V9.exe

Files

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report7.5RabbitFix_V9.exe

Files

IOC Report
7.5RabbitFix_V9.exe