Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:22.0.0
Analysis ID:50182
Start time:22:59:08
Joe Sandbox Product:CloudBasic
Start date:13.03.2018
Overall analysis duration:0h 1m 2s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:f_04fbd8_
Cookbook file name:default.jbs
Analysis system description:Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal52.mine.win@0/0@0/0
Cookbook Comments:
  • Adjust boot time
  • Correcting counters for adjusted boot time
  • Unable to launch sample, stop analysis
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe
Errors:
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Unable to start the sample


Detection

StrategyScoreRangeReportingDetection
Threshold520 - 100Report FP / FNmalicious


Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample could not be started, try setting a correct file extension or analyse on different analysis machine



Signature Overview

Click to jump to signature section


AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: f_04fbd8_virustotal: Detection: 31%Perma Link
Source: f_04fbd8_metadefender: Detection: 25%Perma Link

Bitcoin Miner:

barindex
Found strings related to Crypto-MiningShow sources
Source: f_04fbd8_String found in binary or memory: _cryptonight_hash

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal52.mine.win@0/0@0/0
Sample is known by Antivirus (Virustotal or Metascan)Show sources
Source: f_04fbd8_Virustotal: hash found

Anti Debugging:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Malware Analysis System Evasion:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 signatures2 2 Behavior Graph ID: 50182 Sample: f_04fbd8_ Startdate: 13/03/2018 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Found strings related to Crypto-Mining 2->7

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
f_04fbd8_31%virustotalBrowse
f_04fbd8_25%metadefenderBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Contacted Domains/Contacted IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

Static File Info

General

File type:data
Entropy (8bit):6.123454598337236
TrID:
    File name:f_04fbd8_
    File size:68803
    MD5:30f0c89e93ffa0a16c4aabd41099af0b
    SHA1:99e5c6e9bd5ffebf7afe070fb53ee08f10cc707f
    SHA256:8ebf4e44c47b6b61d313bd2580bd788a1daa029541fe210cccfa13d1bb66cc89
    SHA512:a70437a8937af4a223aa526a0064682059e428a69c15810ac0804cc6834e131315597b925d77dd01d40a0a55746a0f1d6aa916d618d058fdbdb52626bfbfedb0
    File Content Preview:.asm.....S.`.....`......`....`...`...`.....`......`....`...~.`..~..`...~...`.......`.~~..~`.......env.DYNAMICTOP_PTR....env.STACKTOP....env.STACK_MAX....env.abort...env.enlargeMemory...env.getTotalMemory...env.abortOnCannotGrowMemory...env._gmtime...env._

    File Icon

    Network Behavior

    No network behavior found

    Code Manipulations

    Statistics

    System Behavior

    Disassembly

    Reset < >