Windows Analysis Report
download

Overview

General Information

Sample Name: download
Analysis ID: 580248
MD5: 4842e206e4cfff2954901467ad54169e
SHA1: 80c9820ff2efe8aa3d361df7011ae6eee35ec4f0
SHA256: 2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Found detection on Joe Sandbox Cloud Basic

Classification

Source: download Joe Sandbox Cloud Basic: Detection: suspicious Score: 22 Perma Link
Source: C:\Windows\System32\WaaSMedicAgent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B91D5831-B1BD-4608-8198-D72E155020F7}\InProcServer32
Source: C:\Windows\System32\WaaSMedicAgent.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\Settings
Source: classification engine Classification label: clean1.win@2/0@0/0
Source: unknown Process created: C:\Windows\System32\WaaSMedicAgent.exe C:\Windows\System32\WaaSMedicAgent.exe 355dc96661d9005cd453302c33619d95 IggQ2QzsV0Si9oeB.0.0.0
Source: C:\Windows\System32\WaaSMedicAgent.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Windows\System32\WaaSMedicAgent.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package041021~31bf3856ad364e35~amd64~~10.0.18362.418.cat VolumeInformation
Source: C:\Windows\System32\WaaSMedicAgent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
⊘No contacted IP infos