Windows
Analysis Report
maidenhair.exe
Overview
General Information
Sample name: | maidenhair.exe |
Analysis ID: | 1483431 |
MD5: | 451049d3ac526f1abdd704c3b1fed580 |
SHA1: | f0fa21249e2414831b59a038334fd659c94361f6 |
SHA256: | 931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6 |
Tags: | CrowdstrikeMalwareexe |
Errors
|
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Classification label: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Static file information: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win32.Trojan.HijackLoader | ||
38% | Virustotal | Browse |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1483431 |
Start date and time: | 2024-07-27 13:27:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 0 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | maidenhair.exe |
Detection: | MAL |
Classification: | mal48.winEXE@0/0@0/0 |
Cookbook Comments: |
|
- No process behavior to analyse as no analysis process or sample was found
- Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.
File type: | |
Entropy (8bit): | 7.736712904346033 |
TrID: |
|
File name: | maidenhair.exe |
File size: | 1'085'137 bytes |
MD5: | 451049d3ac526f1abdd704c3b1fed580 |
SHA1: | f0fa21249e2414831b59a038334fd659c94361f6 |
SHA256: | 931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6 |
SHA512: | 0c1c8b81116bc4b9a3ec640ff37c668b7efe729aa2e4a58d14fc78fa679b51f15baf6fa7d473e30d44abb4bbbe83f1ccc9d5f519dc6a254fbbcca53244596421 |
SSDEEP: | 24576:gk39+FD860iMNjUhVckT2wynPc+rM/zU2UhbVXThLX7RXg/3r/B:gk3+D8lFUULnPc+ruY2Ud1hLX7Bg/7/B |
TLSH: | 3E3512A167AE2E4AF563BD7D9580B5279589BA662767C0D9ED430B0F403C980CF70B33 |
File Content Preview: | ..LTt.B\W._.Ry.ct....Ga.aRuDr..YF.v..i..TehGa\V..A...[iL.FjE.PN.bu.w...A....qE..LZ..WaHj...[.X.TUC.ja.......t..]VE.`.T.^..Bd.D.VkxaT...ini......K[QJGZxy..M.AD..dM[..kIVCJ.ddGX.i.F.J.....uI..SoAPs..e.n..My._.EweQ.l.o]..Tn....WK..jE..o.s.h.PUkr..gNo...A..PC |
Icon Hash: | 90cececece8e8eb0 |