Windows Analysis Report
9Aa8t2BpXw.exe

Overview

General Information

Sample name:	9Aa8t2BpXw.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	e311311e87b139aba78af0501e1efccfc1b2a892e8527a8f424bfca2504041ae
Analysis ID:	1466765
MD5:	7dace8a768bac984b85cef1ed5876d10
SHA1:	39decd456c18d95d36d23f644ae9eaccef10b125
SHA256:	e311311e87b139aba78af0501e1efccfc1b2a892e8527a8f424bfca2504041ae

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

PE file has a writeable .text section

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 9Aa8t2BpXw.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: 9Aa8t2BpXw.exe	Virustotal: Detection: 14%			Perma Link
Source: 9Aa8t2BpXw.exe	ReversingLabs: Detection: 21%

Uses 32bit PE files

Source: 9Aa8t2BpXw.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

System Summary

PE file has a writeable .text section

Source: 9Aa8t2BpXw.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Sample file is different than original file name gathered from version info

Source: 9Aa8t2BpXw.exe, 00000000.00000000.1632805996.0000000000405000.00000080.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamepConfigLanguage.EXEJ vs 9Aa8t2BpXw.exe
Source: 9Aa8t2BpXw.exe	Binary or memory string: OriginalFilenamepConfigLanguage.EXEJ vs 9Aa8t2BpXw.exe

Uses 32bit PE files

Source: 9Aa8t2BpXw.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal60.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 9Aa8t2BpXw.exe	Virustotal: Detection: 14%
Source: 9Aa8t2BpXw.exe	ReversingLabs: Detection: 21%

Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: mfc42.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9Aa8t2BpXw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1466765
Product:	CloudBasic
Start time:	11:16:27
Start date:	03.07.2024
Sample:	9Aa8t2BpXw
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	7dace8a768bac984b85cef1ed5876d10
SHA1:	39decd456c18d95d36d23f644ae9eaccef10b125
SHA256:	e311311e87b139aba78af0501e1efccfc1b2a892e8527a8f424bfca2504041ae
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
9Aa8t2BpXw.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report 9Aa8t2BpXw.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
9Aa8t2BpXw.exe