Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:22.0.0
Analysis ID:56477
Start time:20:27:40
Joe Sandbox Product:CloudBasic
Start date:24.04.2018
Overall analysis duration:0h 1m 2s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:suppoie
Cookbook file name:default.jbs
Analysis system description:Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal52.mine.win@0/0@0/0
Cookbook Comments:
  • Adjust boot time
  • Correcting counters for adjusted boot time
  • Unable to launch sample, stop analysis
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe
Errors:
  • Nothing to analyse, Joe Sandbox has not found any analysis process or sample
  • Unable to start the sample

Detection

StrategyScoreRangeReportingDetection
Threshold520 - 100Report FP / FNmalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample could not be started, try setting a correct file extension or analyse on different analysis machine



Signature Overview

Click to jump to signature section


AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: suppoievirustotal: Detection: 37%Perma Link

Bitcoin Miner:

barindex
Found strings related to Crypto-MiningShow sources
Source: suppoieString found in binary or memory: stratum+tcp://
Source: suppoieString found in binary or memory: stratum+tcp://
Source: suppoieString found in binary or memory: _ZN11CryptoNight4initEii
Source: suppoieString found in binary or memory: Usage: xmrig [OPTIONS]

Networking:

barindex
Urls found in memory or binary dataShow sources
Source: suppoieString found in binary or memory: https://gcc.gnu.org/bugs

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal52.mine.win@0/0@0/0
Sample is known by Antivirus (Virustotal or Metascan)Show sources
Source: suppoieVirustotal: hash found

Anti Debugging:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Malware Analysis System Evasion:

barindex
Program does not show much activity (idle)Show sources
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 signatures2 2 Behavior Graph ID: 56477 Sample: suppoie Startdate: 24/04/2018 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Found strings related to Crypto-Mining 2->7

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
suppoie37%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Contacted Domains/Contacted IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

Static File Info

General

File type:ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=adb2fb2e1f0d6c360671827dcadfeff82300758c, stripped
Entropy (8bit):6.402497253731424
TrID:
  • ELF Executable and Linkable format (Linux) (4029/14) 42.26%
  • ELF Executable and Linkable format (generic) (4004/1) 42.00%
  • Java Script embedded in Visual Basic Script (1500/0) 15.73%
File name:suppoie
File size:807400
MD5:d9531f405d7231ac1e518e5bc3d1da8c
SHA1:f372af41de4b026c11089ec896d82ee960887e9c
SHA256:eb508c2a4e1c7e109c5571b2fae879c8bd7a92b958aeaa8c6d2baf2b1b1585f6
SHA512:85053e405a5de17a152f1bfe5bfdef4eba0f101bb3167c59e2da95a5f3aed9b89084913c81cd98ba3ec910ca85b6e888a99db89536f3525f8c690090f5984fd6
File Content Preview:.ELF..............>.....p.A.....@........I..........@.8...@.!. .........@.......@.@.....@.@.....0.......0.......................p.......p.@.....p.@...............................................@.......@....................... ..............+.......+l....

File Icon

Network Behavior

No network behavior found

Code Manipulations

Statistics

System Behavior

Disassembly

Reset < >