Loading ...

Play interactive tourEdit tour

Analysis Report 5ITR2019 - Declaracao do Imposto sobre a Propriedade Territorial Rural.lnk

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:167256
Start date:25.08.2019
Start time:18:09:26
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 1m 19s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:5ITR2019 - Declaracao do Imposto sobre a Propriedade Territorial Rural.lnk
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:SUS
Classification:sus20.winLNK@0/0@0/0
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Unable to launch sample, stop analysis
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe
Errors:
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Corrupt sample or wrongly selected analyzer. Details: No application is associated with the specified file for this operation.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold200 - 100falsesuspicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample could not be started, try setting a correct file extension or analyse on different analysis machine



Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Signature Overview

Click to jump to signature section


System Summary:

barindex
Windows shortcut file (LNK) contains suspicious stringsShow sources
Source: 5ITR2019 - Declaracao do Imposto sobre a Propriedade Territorial Rural.lnkBinary or memory string: %SystemDrive%\Arquivos de Programas RFB\ITR2019\RFB.ico
Source: 5ITR2019 - Declaracao do Imposto sobre a Propriedade Territorial Rural.lnkBinary or memory string: %SystemDrive%\Arquivos de Programas RFB\ITR2019\RFB.ico%SystemDrive%\Arquivos de Programas RFB\ITR2019\RFB.ico`
Classification labelShow sources
Source: classification engineClassification label: sus20.winLNK@0/0@0/0

Malware Analysis System Evasion:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 167256 Sample: 5ITR2019 - Declaracao do Im... Startdate: 25/08/2019 Architecture: WINDOWS Score: 20 5 Windows shortcut file (LNK) contains suspicious strings 2->5

Simulations

Behavior and APIs

No simulations

Antivirus and Machine Learning Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

Static File Info

General

File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Aug 12 16:48:50 2019, mtime=Mon Aug 12 16:48:50 2019, atime=Wed Mar 13 11:18:12 2019, length=40960, window=hide
Entropy (8bit):3.207821450800954
TrID:
  • Windows Shortcut (20020/1) 100.00%
File name:5ITR2019 - Declaracao do Imposto sobre a Propriedade Territorial Rural.lnk
File size:1708
MD5:7c8c7f12a03493360dacb16a764d584a
SHA1:549d28078ac6d6ad7d5eb75995c0f259a4cf9723
SHA256:fb9f00227296260d45cf17a67fedebcaab8b82b7ac3b2fcb00b5893d030e7323
SHA512:bf9c5cad1d7f56bb2cfcfb9a3d6d06f20468c579256244775f9ca379854e95ecbe6ed9fdb68ffda495715ba2c01fe9860eb42224438db8a5eb184f1f3397ef7e
SSDEEP:24:8qd50DEb4ACp/0DOj0DV0DDlWSLh0DwhLy:8qd6DKCSDO4DuDDWD+Ly
File Content Preview:L..................F.@.. ....U-36Q.....26Q...Z..............................W....P.O. .:i.....+00.../C:\...................x.1......O....ARQUIV~2..`........J.S.O..*...e.....................A.r.q.u.i.v.o.s. .d.e. .P.r.o.g.r.a.m.a.s. .R.F.B.....R.1......O..

File Icon

Icon Hash:74f0e4e4e4e1e1ed

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly

Reset < >