Windows Analysis Report
DRAKETAX2023.EXE

Overview

General Information

Sample name: DRAKETAX2023.EXE
Analysis ID: 1523773
MD5: 5f78842863d480ceb757501585bbe0dd
SHA1: a3b6f8e2e7d32cfedc933b0b2a84832f81ab08cd
SHA256: 2a3d437535627175832dfbbfb27c678512835d9d36f5ef94e68373cac72c6ec9

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: DRAKETAX2023.EXE Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: DRAKETAX2023.EXE Static PE information: certificate valid
Source: DRAKETAX2023.EXE Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdbnnnGCTL source: DRAKETAX2023.EXE
Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdb source: DRAKETAX2023.EXE
Source: DRAKETAX2023.EXE String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: DRAKETAX2023.EXE String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: DRAKETAX2023.EXE String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: DRAKETAX2023.EXE String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: DRAKETAX2023.EXE String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: DRAKETAX2023.EXE String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: DRAKETAX2023.EXE String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: DRAKETAX2023.EXE String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: DRAKETAX2023.EXE String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: DRAKETAX2023.EXE String found in binary or memory: http://ocsp.digicert.com0
Source: DRAKETAX2023.EXE String found in binary or memory: http://ocsp.digicert.com0A
Source: DRAKETAX2023.EXE String found in binary or memory: http://ocsp.digicert.com0C
Source: DRAKETAX2023.EXE String found in binary or memory: http://ocsp.digicert.com0X
Source: DRAKETAX2023.EXE String found in binary or memory: http://www.digicert.com/CPS0
Source: DRAKETAX2023.EXE String found in binary or memory: https://aka.ms/dotnet-core-applaunch?
Source: DRAKETAX2023.EXE String found in binary or memory: https://aka.ms/dotnet-core-applaunch?Architecture:
Source: DRAKETAX2023.EXE String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
PE file contains strange resources
Source: DRAKETAX2023.EXE Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Sample file is different than original file name gathered from version info
Source: DRAKETAX2023.EXE, 00000000.00000002.1644002875.0000000000D3B000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameDrakeTax2023.dllF vs DRAKETAX2023.EXE
Source: DRAKETAX2023.EXE Binary or memory string: OriginalFilenameDrakeTax2023.dllF vs DRAKETAX2023.EXE
Uses 32bit PE files
Source: DRAKETAX2023.EXE Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean2.winEXE@1/0@0/0
Source: DRAKETAX2023.EXE Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\DRAKETAX2023.EXE Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: DRAKETAX2023.EXE String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
Source: C:\Users\user\Desktop\DRAKETAX2023.EXE Section loaded: kernel.appcore.dll Jump to behavior
Source: DRAKETAX2023.EXE Static PE information: certificate valid
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: DRAKETAX2023.EXE Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: DRAKETAX2023.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdbnnnGCTL source: DRAKETAX2023.EXE
Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdb source: DRAKETAX2023.EXE
Source: DRAKETAX2023.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: DRAKETAX2023.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: DRAKETAX2023.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: DRAKETAX2023.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: DRAKETAX2023.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1523773 Sample: DRAKETAX2023.EXE Startdate: 02/10/2024 Architecture: WINDOWS Score: 2 4 DRAKETAX2023.EXE 2->4         started       
No contacted IP infos