Click to jump to signature section
Source: DRAKETAX2023.EXE | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: DRAKETAX2023.EXE | Static PE information: certificate valid |
Source: DRAKETAX2023.EXE | Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdbnnnGCTL source: DRAKETAX2023.EXE |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdb source: DRAKETAX2023.EXE |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://ocsp.digicert.com0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://ocsp.digicert.com0A |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://ocsp.digicert.com0C |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://ocsp.digicert.com0X |
Source: DRAKETAX2023.EXE | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: DRAKETAX2023.EXE | String found in binary or memory: https://aka.ms/dotnet-core-applaunch? |
Source: DRAKETAX2023.EXE | String found in binary or memory: https://aka.ms/dotnet-core-applaunch?Architecture: |
Source: DRAKETAX2023.EXE | String found in binary or memory: https://aka.ms/dotnet/app-launch-failed |
Source: DRAKETAX2023.EXE | Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4" |
Source: DRAKETAX2023.EXE, 00000000.00000002.1644002875.0000000000D3B000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameDrakeTax2023.dllF vs DRAKETAX2023.EXE |
Source: DRAKETAX2023.EXE | Binary or memory string: OriginalFilenameDrakeTax2023.dllF vs DRAKETAX2023.EXE |
Source: DRAKETAX2023.EXE | Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine | Classification label: clean2.winEXE@1/0@0/0 |
Source: DRAKETAX2023.EXE | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\DRAKETAX2023.EXE | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: DRAKETAX2023.EXE | String found in binary or memory: https://aka.ms/dotnet/app-launch-failed |
Source: C:\Users\user\Desktop\DRAKETAX2023.EXE | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: DRAKETAX2023.EXE | Static PE information: certificate valid |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: DRAKETAX2023.EXE | Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: DRAKETAX2023.EXE | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdbnnnGCTL source: DRAKETAX2023.EXE |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdb source: DRAKETAX2023.EXE |
Source: DRAKETAX2023.EXE | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: DRAKETAX2023.EXE | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: DRAKETAX2023.EXE | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: DRAKETAX2023.EXE | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: DRAKETAX2023.EXE | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: all processes | Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |