Edit tour
Windows
Analysis Report
https://bambulab.com/en-eu/download/studio
Overview
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 0% |
Signatures
Drops PE files
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Stores files to the Windows start menu directory
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
- System is w10x64_ra
- chrome.exe (PID: 6264 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// bambulab.c om/en-eu/d ownload/st udio MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6448 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2060 --fi eld-trial- handle=196 8,i,196707 4810348638 714,790121 9109166008 217,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5996 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=5660 --field-tr ial-handle =1968,i,19 6707481034 8638714,79 0121910916 6008217,26 2144 --dis able-featu res=Optimi zationGuid eModelDown loading,Op timization Hints,Opti mizationHi ntsFetchin g,Optimiza tionTarget Prediction /prefetch :8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - Bambu_Studio_win_public-v01.08.04.51-20240117164301.exe (PID: 7764 cmdline:
"C:\Users\ user\Downl oads\Bambu _Studio_wi n_public-v 01.08.04.5 1-20240117 164301.exe " MD5: DFD4A19DE50A68477EDAC8DBB25FAF9A) - MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 6888 cmdline:
"C:\Progra m Files\Ba mbu Studio \plugin\Mi crosoftEdg eWebView2R untimeInst allerX64.e xe" /silen t /install MD5: 8D32A91401F3C062EE93502BD79D28D8)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | Window detected: |