Loading ...

Play interactive tourEdit tour

Windows Analysis Report JZ3FrTU0tJ.exe

Overview

General Information

Sample Name:JZ3FrTU0tJ.exe
Analysis ID:528760
MD5:57c919f3cc2729eef0f8cbf72aa712a9
SHA1:28c18e298d8a579db4cbfa459c35bdde29de58ac
SHA256:b6de619c9469226aef6d9af08b03d51e7d200d53a9acffc6adcd975e0d48e3d9
Tags:exe

Most interesting Screenshot:

Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Machine Learning detection for sample
PE file has nameless sections
PE file contains section with special chars
PE file does not import any functions
PE file overlay found
PE file contains sections with non-standard names
Binary contains a suspicious time stamp

Classification

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: JZ3FrTU0tJ.exeVirustotal: Detection: 20%Perma Link
Machine Learning detection for sampleShow sources
Source: JZ3FrTU0tJ.exeJoe Sandbox ML: detected
Source: JZ3FrTU0tJ.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA

System Summary:

barindex
PE file has nameless sectionsShow sources
Source: JZ3FrTU0tJ.exeStatic PE information: section name:
PE file contains section with special charsShow sources
Source: JZ3FrTU0tJ.exeStatic PE information: section name: [`MOak
Source: JZ3FrTU0tJ.exeStatic PE information: No import functions for PE file found
Source: JZ3FrTU0tJ.exeStatic PE information: Data appended to the last section found
Source: JZ3FrTU0tJ.exeStatic PE information: Section: [`MOak ZLIB complexity 1.00044157609
Source: JZ3FrTU0tJ.exeVirustotal: Detection: 20%
Source: classification engineClassification label: mal60.winEXE@0/0@0/0
Source: JZ3FrTU0tJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: JZ3FrTU0tJ.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: JZ3FrTU0tJ.exeStatic PE information: section name: [`MOak
Source: JZ3FrTU0tJ.exeStatic PE information: section name:
Source: JZ3FrTU0tJ.exeStatic PE information: 0xD261EA71 [Thu Nov 6 05:26:09 2081 UTC]
Source: initial sampleStatic PE information: section name: [`MOak entropy: 7.99738998665

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionSoftware Packing2OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsTimestomp1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.