Edit tour
Windows
Analysis Report
https://github.com/Ultimaker/Cura/releases/download/5.9.0/UltiMaker-Cura-5.9.0-win64-X64.exe
Overview
General Information
| Sample URL: | https://github.com/Ultimaker/Cura/releases/download/5.9.0/UltiMaker-Cura-5.9.0-win64-X64.exe |
| Analysis ID: | 1559301 |
| Infos: |  |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Drops large PE files
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Binary contains a suspicious time stamp
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
- System is w10x64
cmd.exe (PID: 6720 cmdline: C:\Windows \system32\ cmd.exe /c wget -t 2 -v -T 60 -P "C:\Use rs\user\De sktop\down load" --no -check-cer tificate - -content-d isposition --user-ag ent="Mozil la/5.0 (Wi ndows NT 6 .1; WOW64; Trident/7 .0; AS; rv :11.0) lik e Gecko" " https://gi thub.com/U ltimaker/C ura/releas es/downloa d/5.9.0/Ul tiMaker-Cu ra-5.9.0-w in64-X64.e xe" > cmdl ine.out 2> &1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 6672 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
wget.exe (PID: 3844 cmdline: wget -t 2 -v -T 60 - P "C:\User s\user\Des ktop\downl oad" --no- check-cert ificate -- content-di sposition --user-age nt="Mozill a/5.0 (Win dows NT 6. 1; WOW64; Trident/7. 0; AS; rv: 11.0) like Gecko" "h ttps://git hub.com/Ul timaker/Cu ra/release s/download /5.9.0/Ult iMaker-Cur a-5.9.0-wi n64-X64.ex e" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
UltiMaker-Cura-5.9.0-win64-X64.exe (PID: 5864 cmdline: "C:\Users\ user\Deskt op\downloa d\UltiMake r-Cura-5.9 .0-win64-X 64.exe" MD5: E867C2A9D4708BC6FD4AD11A9A09A9DF)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Jonathan Cheong, oscd.community: | ||
| Source: | Author: Jonathan Cheong, oscd.community: | ||
| Source: | Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | Window detected: | ||