Analysis Report Cxvdv.txt

Overview

General Information

Sample Name: Cxvdv.txt
Analysis ID: 297601
MD5: 59d0ef2352bb73f774f7ff37ce757203
SHA1: 5841c64d1c0a29c99ee6b3e4384ba6c267f1e9a0
SHA256: 435fb59379dcbbc4831926f93196705de81fa9ee6c7e106fe99d4ffd58f8fd28
Tags: dllIcedIDshathakTA551

Most interesting Screenshot:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: Cxvdv.txt Virustotal: Detection: 10% Perma Link
Machine Learning detection for sample
Source: Cxvdv.txt Joe Sandbox ML: detected

System Summary:

barindex
Sample file is different than original file name gathered from version info
Source: Cxvdv.txt Binary or memory string: OriginalFilenamefull.dllL vs Cxvdv.txt
Source: classification engine Classification label: mal52.winTXT@1/0@0/0
Source: Cxvdv.txt Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Cxvdv.txt Virustotal: Detection: 10%
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Cxvdv.txt Static PE information: DYNAMIC_BASE, NX_COMPAT
Source: Cxvdv.txt Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: e:\67\block\call\81\Ease\87\38\Sign\Run\Branch\Done\64\full.pdb source: notepad.exe, 00000000.00000002.513911719.0000025E24A68000.00000004.00000020.sdmp
Source: Binary string: e:\67\block\call\81\Ease\87\38\Sign\Run\Branch\Done\64\full.pdb source: Cxvdv.txt
Source: Cxvdv.txt Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Cxvdv.txt Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Cxvdv.txt Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Cxvdv.txt Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Cxvdv.txt Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: initial sample Static PE information: section name: .text entropy: 6.90771843646

Malware Analysis System Evasion:

barindex
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: notepad.exe, 00000000.00000002.515085694.0000025E24F80000.00000002.00000001.sdmp Binary or memory string: uProgram Manager
Source: notepad.exe, 00000000.00000002.515085694.0000025E24F80000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: notepad.exe, 00000000.00000002.515085694.0000025E24F80000.00000002.00000001.sdmp Binary or memory string: Progman
Source: notepad.exe, 00000000.00000002.515085694.0000025E24F80000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\Cxvdv.txt VolumeInformation Jump to behavior