Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MDE_File_Sample_4e3ac7a53f0f368b9218bf717162d5e073a0f7df.zip

Overview

General Information

Sample name:MDE_File_Sample_4e3ac7a53f0f368b9218bf717162d5e073a0f7df.zip
Analysis ID:1446151
MD5:05d4307c0410d0f2ba15858d0300d7ab
SHA1:64d44f0112f8e1a3cb3a2c76d10c796aad8f5165
SHA256:7634ab3dd7c6dfb1678aa1ff24049f5d39261d71c6aaf63ba635b1026d0df9a4

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 3952 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: clean0.winZIP@1/0@0/0
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: MDE_File_Sample_4e3ac7a53f0f368b9218bf717162d5e073a0f7df.zipStatic file information: File size 1699270 > 1048576
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Rundll32		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1446151
Start date and time:2024-05-22 23:39:48 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:14
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:MDE_File_Sample_4e3ac7a53f0f368b9218bf717162d5e073a0f7df.zip
Detection:CLEAN
Classification:clean0.winZIP@1/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .zip

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: MDE_File_Sample_4e3ac7a53f0f368b9218bf717162d5e073a0f7df.zip

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):7.999900497559722
TrID:
  • ZIP compressed archive (8000/1) 100.00%
File name:MDE_File_Sample_4e3ac7a53f0f368b9218bf717162d5e073a0f7df.zip
File size:1'699'270 bytes
MD5:05d4307c0410d0f2ba15858d0300d7ab
SHA1:64d44f0112f8e1a3cb3a2c76d10c796aad8f5165
SHA256:7634ab3dd7c6dfb1678aa1ff24049f5d39261d71c6aaf63ba635b1026d0df9a4
SHA512:a36fc04be582f966c613b37ced80ab69a761ed876ce66bcb4ae8af47d61ca81b59ac37092a64b2d1a390554c9afd7cfd06d47af31213c5c5875397579a32b52f
SSDEEP:49152:pLqRXWkBj1BuJ0uhRj83+fvFmSpXfgdkgNoZGH6qztlFr9:pLqRXWkBW1P83aESpvR0H6qZlFr9
TLSH:E175336F5963C35CFC1FB64D03A2864988A2941580C1FB26DCD78E57FA9A3D84E3CE58
File Content Preview:PK...........XWg/......5..(.$.Greenshot-INSTALLER-1.2.10.6-RELEASE.exe.. ..........-ya.....-ya.....-ya.....i...d..g...Px)_./?..[b...........}S.....K9..(.X5.K.0..L0)n......m...@.G....R.pG.o.u.=`.,.......+.....l.S....z.+...K...zGcX...PI......+ad(R..X1OB....

File Icon

Icon Hash:1c1c1e4e4ececedc