Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report ZHR2970.EXE

Overview

General Information

Sample Name:ZHR2970.EXE
Analysis ID:321438
MD5:796956fcf58ff688a2e8df96317ca2fb
SHA1:6f2efcc9970286fe8931f038897cae0cd9e802f0
SHA256:4762bcdde5768b0d75bdbbd6c129f7301b87e902f54992821898d799596d92a5
Errors
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: unknown0.winEXE@0/0@0/0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSystem Information Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ZHR2970.EXE0%VirustotalBrowse
ZHR2970.EXE2%MetadefenderBrowse
ZHR2970.EXE3%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:31.0.0 Red Diamond
Analysis ID:321438
Start date:22.11.2020
Start time:05:54:35
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 1m 30s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:ZHR2970.EXE
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:0
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:UNKNOWN
Classification:unknown0.winEXE@0/0@0/0
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .EXE
  • Unable to launch sample, stop analysis
Errors:
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:MS-DOS executable, LZEXE v0.90 compressed
Entropy (8bit):7.437933132842257
TrID:
  • LZEXE compressed DOS executable (2015/5) 9.14%
  • Generic Win/DOS Executable (2004/3) 9.09%
  • Win64 Device Driver (generic) (2002/3) 9.08%
  • Win32 Device Driver (generic) (2002/3) 9.08%
  • DOS Executable Generic (2002/1) 9.08%
File name:ZHR2970.EXE
File size:2320
MD5:796956fcf58ff688a2e8df96317ca2fb
SHA1:6f2efcc9970286fe8931f038897cae0cd9e802f0
SHA256:4762bcdde5768b0d75bdbbd6c129f7301b87e902f54992821898d799596d92a5
SHA512:b69215341248db99481b60f2a99700c476d149c9bf2af6b5013e4d891f6640d8ba9f1db5538fe2b175537cd018bedaa79bb943ba4c2feb8c7931d799e0361677
SSDEEP:48:p58jE5riSZzdmWCJ01azopMIyfCMlreCEzFMgNRkBwDKK9:p5hrzzAWHaskmyg2OKs
File Content Preview:MZ....................r.....LZ09..Copyright (C) 1..986 by John Soch..a.....u..........#.....*.......0.......0.!......&....=.........Y.r..N..=.......L...?........PSQ.........+.............J..Y[X...P.....C.z#%.....~..R...s...............D.!.Z.Z...V...m..;..

File Icon

Icon Hash:00828e8e8686b000

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly

Reset < >