Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Dark and Darker A5 Installer.exe

Overview

General Information

Sample Name:Dark and Darker A5 Installer.exe
Analysis ID:847130
MD5:8e8a3101ca60288fe7af6e6f23319539
SHA1:be03cf046ed5b995725667937b2cf42d69156b7f
SHA256:0cb1f4ac2c534771fbd27956791ef93604974dbb19658fdb176f9e037ee1ba60

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Uses 32bit PE files
Program does not show much activity (idle)

Classification

  • System is w10x64_ra
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Dark and Darker A5 Installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Dark and Darker A5 Installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Dark and Darker A5 Installer.exe, 00000001.00000002.1519601790.00000000006A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.ne
Source: Dark and Darker A5 Installer.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Dark and Darker A5 Installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeFile read: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeJump to behavior
Source: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsb561B.tmpJump to behavior
Source: Dark and Darker A5 Installer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: clean1.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Dark and Darker A5 Installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\Dark and Darker A5 Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
File and Directory Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS Memory2
System Information Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.