Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
maidenhair.exe

Overview

General Information

Sample name:maidenhair.exe
Analysis ID:1483431
MD5:451049d3ac526f1abdd704c3b1fed580
SHA1:f0fa21249e2414831b59a038334fd659c94361f6
SHA256:931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6
Tags:CrowdstrikeMalwareexe
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: maidenhair.exeReversingLabs: Detection: 34%
Source: maidenhair.exeVirustotal: Detection: 38%Perma Link
Source: classification engineClassification label: mal48.winEXE@0/0@0/0
Source: maidenhair.exeReversingLabs: Detection: 34%
Source: maidenhair.exeVirustotal: Detection: 38%
Source: maidenhair.exeStatic file information: File size 1085137 > 1048576

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
maidenhair.exe34%ReversingLabsWin32.Trojan.HijackLoader
maidenhair.exe38%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1483431
Start date and time:2024-07-27 13:27:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 20s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:0
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:maidenhair.exe
Detection:MAL
Classification:mal48.winEXE@0/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Unable to launch sample, stop analysis

Errors

  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:data
Entropy (8bit):7.736712904346033
TrID:
  • MacBinary 2 header (1003/3) 100.00%
File name:maidenhair.exe
File size:1'085'137 bytes
MD5:451049d3ac526f1abdd704c3b1fed580
SHA1:f0fa21249e2414831b59a038334fd659c94361f6
SHA256:931308cfe733376e19d6cd2401e27f8b2945cec0b9c696aebe7029ea76d45bf6
SHA512:0c1c8b81116bc4b9a3ec640ff37c668b7efe729aa2e4a58d14fc78fa679b51f15baf6fa7d473e30d44abb4bbbe83f1ccc9d5f519dc6a254fbbcca53244596421
SSDEEP:24576:gk39+FD860iMNjUhVckT2wynPc+rM/zU2UhbVXThLX7RXg/3r/B:gk3+D8lFUULnPc+ruY2Ud1hLX7Bg/7/B
TLSH:3E3512A167AE2E4AF563BD7D9580B5279589BA662767C0D9ED430B0F403C980CF70B33
File Content Preview:..LTt.B\W._.Ry.ct....Ga.aRuDr..YF.v..i..TehGa\V..A...[iL.FjE.PN.bu.w...A....qE..LZ..WaHj...[.X.TUC.ja.......t..]VE.`.T.^..Bd.D.VkxaT...ini......K[QJGZxy..M.AD..dM[..kIVCJ.ddGX.i.F.J.....uI..SoAPs..e.n..My._.EweQ.l.o]..Tn....WK..jE..o.s.h.PUkr..gNo...A..PC

File Icon

Icon Hash:90cececece8e8eb0

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

No system behavior

Disassembly

No disassembly