Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
17280510201784775850d23bd558ec024e3250b5315ffa4fe93a8080528c0d0b1d2256a805656.dat-decoded.exe

Overview

General Information

Sample name:17280510201784775850d23bd558ec024e3250b5315ffa4fe93a8080528c0d0b1d2256a805656.dat-decoded.exe
Analysis ID:1525922
MD5:90d879a8942148ec889045a1d45a1652
SHA1:81ed6a4c530c1f9b1b0fbdaa9d38d7b18da28a97
SHA256:2c83051e7db512a79affd3a6571738c5f7aeddfa59a43f57252862f8fa4171d1
Tags:base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: unknown0.winEXE@0/0@0/0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
17280510201784775850d23bd558ec024e3250b5315ffa4fe93a8080528c0d0b1d2256a805656.dat-decoded.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1525922
Start date and time:2024-10-04 16:37:19 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:17280510201784775850d23bd558ec024e3250b5315ffa4fe93a8080528c0d0b1d2256a805656.dat-decoded.exe
Detection:UNKNOWN
Classification:unknown0.winEXE@0/0@0/0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Unable to launch sample, stop analysis

Errors

  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • VT rate limit hit for: 17280510201784775850d23bd558ec024e3250b5315ffa4fe93a8080528c0d0b1d2256a805656.dat-decoded.exe

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:MS-DOS executable
Entropy (8bit):6.94625914600276
TrID:
  • Generic Win/DOS Executable (2004/3) 49.94%
  • DOS Executable Generic (2002/1) 49.89%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.17%
File name:17280510201784775850d23bd558ec024e3250b5315ffa4fe93a8080528c0d0b1d2256a805656.dat-decoded.exe
File size:271'030 bytes
MD5:90d879a8942148ec889045a1d45a1652
SHA1:81ed6a4c530c1f9b1b0fbdaa9d38d7b18da28a97
SHA256:2c83051e7db512a79affd3a6571738c5f7aeddfa59a43f57252862f8fa4171d1
SHA512:3a223be6084ba2dc8039b5f65d192fe5b28ffcc28115bb1abc6ffafe61fdbd932de8bdec0db6d23385e733d00dac2bf75fd1dc2da1446ad5737ef8b1831a3837
SSDEEP:6144:82AmY38ZLe04vQVMIETPZtel2sZhByJY6fC7wSROBoz:TvY2LeHvyTWMhZhBEhC7BRp
TLSH:C6446D02B147E282E8DF5FB6A32B5BF24B73353174140C8BDB0E6D3639B94913265A5B
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...0.N....?...?...0.N....?..U ...0.N...>#...?...0.N....?...V...0.N...Rich.?..........................PE..L......f............

File Icon

Icon Hash:90cececece8e8eb0

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

No system behavior

Disassembly

No disassembly