Analysis Report ZHR2970.EXE
Overview
General Information
Sample Name: | ZHR2970.EXE |
Analysis ID: | 321438 |
MD5: | 796956fcf58ff688a2e8df96317ca2fb |
SHA1: | 6f2efcc9970286fe8931f038897cae0cd9e802f0 |
SHA256: | 4762bcdde5768b0d75bdbbd6c129f7301b87e902f54992821898d799596d92a5 |
Errors
|
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | System Information Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
2% | Metadefender | Browse | ||
3% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 321438 |
Start date: | 22.11.2020 |
Start time: | 05:54:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 1m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | ZHR2970.EXE |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 0 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown0.winEXE@0/0@0/0 |
Cookbook Comments: |
|
Errors: |
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.437933132842257 |
TrID: |
|
File name: | ZHR2970.EXE |
File size: | 2320 |
MD5: | 796956fcf58ff688a2e8df96317ca2fb |
SHA1: | 6f2efcc9970286fe8931f038897cae0cd9e802f0 |
SHA256: | 4762bcdde5768b0d75bdbbd6c129f7301b87e902f54992821898d799596d92a5 |
SHA512: | b69215341248db99481b60f2a99700c476d149c9bf2af6b5013e4d891f6640d8ba9f1db5538fe2b175537cd018bedaa79bb943ba4c2feb8c7931d799e0361677 |
SSDEEP: | 48:p58jE5riSZzdmWCJ01azopMIyfCMlreCEzFMgNRkBwDKK9:p5hrzzAWHaskmyg2OKs |
File Content Preview: | MZ....................r.....LZ09..Copyright (C) 1..986 by John Soch..a.....u..........#.....*.......0.......0.!......&....=.........Y.r..N..=.......L...?........PSQ.........+.............J..Y[X...P.....C.z#%.....~..R...s...............D.!.Z.Z...V...m..;.. |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
System Behavior |
---|
Disassembly |
---|