Edit tour
Windows
Analysis Report
SecuriteInfo.com.FileRepMalware.7704.21109.exe
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops PE files with benign system names
Extracts suspicious resources from PE file (packer detected)
Machine Learning detection for sample
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to upload files via FTP
Detected potential crypto function
Drops PE files
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
- SecuriteInfo.com.FileRepMalware.7704.21109.exe (PID: 7120 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. FileRepMal ware.7704. 21109.exe" MD5: 00A1B2DDC402CA4B20CC5F82F68092E6) - svchost.exe (PID: 4896 cmdline:
"C:\Users\ user\AppDa ta\Local\w indows upd ate\svchos t.exe" MD5: D759329B5FA8220EFE1161BFF8B9C5EB)
- svchost.exe (PID: 5708 cmdline:
"C:\Users\ user\AppDa ta\Local\w indows upd ate\svchos t.exe" MD5: D759329B5FA8220EFE1161BFF8B9C5EB)
- svchost.exe (PID: 3020 cmdline:
"C:\Users\ user\AppDa ta\Local\w indows upd ate\svchos t.exe" MD5: D759329B5FA8220EFE1161BFF8B9C5EB)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |
---|
Source: | Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: vburov: |
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: |