Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report New Text Document.exe

Overview

General Information

Sample Name:New Text Document.exe
Analysis ID:383843
MD5:4e79b531f4f6813cc8e21894a13c5537
SHA1:addcb0a2aac14befcb9f8c9185e365c47a86b40c
SHA256:9445838c51449888abaeac1c5d1953212a0205a6b4038e6a404ca752cbda3f2f
Infos:
Errors
  • Setup command "_JBInstrumentAPK" failed: Invalid APK

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Classification

Yara Overview

No yara matches

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: New Text Document.exeVirustotal: Detection: 14%Perma Link
Source: global trafficTCP traffic: 192.168.2.30:39602 -> 142.250.186.163:443
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.163
Source: unknownNetwork traffic detected: HTTP traffic on port 39602 -> 443
Source: classification engineClassification label: mal48.andEXE@0/0@0/0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
New Text Document.exe14%VirustotalBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public

IPDomainCountryFlagASNASN NameMalicious
142.250.186.163
unknownUnited States
15169GOOGLEUSfalse

General Information

Joe Sandbox Version:31.0.0 Emerald
Analysis ID:383843
Start date:08.04.2021
Start time:10:59:37
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 0m 38s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:New Text Document.exe
Cookbook file name:defaultandroidfilecookbook.jbs
Analysis system description:Android 9 (Pie)
Run name:No behavior, retry without instrumentation
Analysis Mode:default
APK Instrumentation enabled:false
Detection:MAL
Classification:mal48.andEXE@0/0@0/0
Warnings:
Show All
  • No dynamic data available
  • Static analyzation failed: null
Errors:
  • Setup command "_JBInstrumentAPK" failed: Invalid APK

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.662141005544995
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:New Text Document.exe
File size:894976
MD5:4e79b531f4f6813cc8e21894a13c5537
SHA1:addcb0a2aac14befcb9f8c9185e365c47a86b40c
SHA256:9445838c51449888abaeac1c5d1953212a0205a6b4038e6a404ca752cbda3f2f
SHA512:aae6406f2feedfbae51433a697bbaf3d7a80570c0f86a1f5f9e09ac2699651049fbd882d27de21ede2ffa215e28ed73d8b3a16aca003c2213ebcfe421a581cde
SSDEEP:24576:aAHnh+eWsN3skA4RV1Hom2KXMmHahxl5:th+ZkldoPK8YahV
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

Static APK Info

General

Label:
Version Code:
Version Name:
Package Name:
Is Activity:
Is Receiver:
Is Service:
Requests System Level Permissions:
Play Store Compatible:

Receivers

Permission Requested

Certificate

Name:
Issuer:
Subject:

Resources

NameTypeSize

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Apr 8, 2021 10:59:54.121563911 CEST39602443192.168.2.30142.250.186.163

APK Behavior

Installation

Miscellaneous

System Calls

By Permission (executed)

By Permission (non-executed)

Disassembly

0 Executed Methods

0 Non-Executed Methods