Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
script.exe

Overview

General Information

Sample name:script.exe
Analysis ID:1545843
MD5:106fee270f697c815627a275e9dac265
SHA1:5454bcb3e3d05b14b05100a6f72e35fd63017bcb
SHA256:b15d6c1f6c3d253e1da2ae272bd75746effe2c4fd238ae10a7d0ba7eac20de7c
Tags:exeuser-lontze7
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: unknown0.winEXE@0/0@0/0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
script.exe2%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1545843
Start date and time:2024-10-31 06:48:08 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 30s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:script.exe
Detection:UNKNOWN
Classification:unknown0.winEXE@0/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Unable to launch sample, stop analysis

Errors

  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, Sgrmuserer.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:MS-DOS executable
Entropy (8bit):6.116784304486836
TrID:
  • Generic Win/DOS Executable (2004/3) 49.94%
  • DOS Executable Generic (2002/1) 49.89%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.17%
File name:script.exe
File size:338'317 bytes
MD5:106fee270f697c815627a275e9dac265
SHA1:5454bcb3e3d05b14b05100a6f72e35fd63017bcb
SHA256:b15d6c1f6c3d253e1da2ae272bd75746effe2c4fd238ae10a7d0ba7eac20de7c
SHA512:00dc36102ee0df263ed0acf0d1e4408d85f9b2e7ac8b9124b006dd29ea84d1c0856f5e846460ac3136201c21f9701c710ad78f977dea80f86360ee4dadb8e355
SSDEEP:3072:kwX7csbr6M+OB1pd+Yr4Kk0/fjNlrbQRfORgpoAy41CYwZXmNXAPv8pmucdAzV6r:px3tB7dR4wTNiRfF0/BR
TLSH:6F746C82B784ACD6CE04473588AB836D2734EE9016C247135A347E763D27ED0EE7E636
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode...$.......PE..d.....!g.z..).....&....+.r.....................@.............................P............`... .............................

File Icon

Icon Hash:90cececece8e8eb0

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

No system behavior

Disassembly

No disassembly