Windows Analysis Report
ada_sec2vep.exe

Overview

General Information

Sample name: ada_sec2vep.exe
Analysis ID: 1528215
MD5: b895e8e9a05f32670b728fe042d4d70b
SHA1: 520969de78995e685d9044048b1efd3621f6d10c
SHA256: 7895ca50cad8e6497a4ec9f46a38a914ef631ae723779c4f5f0e7e3ac59a44eb
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Machine Learning detection for sample
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses 32bit PE files

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: ada_sec2vep.exe Joe Sandbox ML: detected
Source: ada_sec2vep.exe, 00000000.00000000.1111280894.0000000000A9C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_eaa96626-5
Uses 32bit PE files
Source: ada_sec2vep.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: ada_sec2vep.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Config\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\ Jump to behavior
Source: ada_sec2vep.exe String found in binary or memory: http://www.essen.ihk24.de
Source: ada_sec2vep.exe String found in binary or memory: http://www.gesetze-im-internet.de
Source: ada_sec2vep.exe String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Uses 32bit PE files
Source: ada_sec2vep.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: mal48.winEXE@2/0@0/0
Source: C:\Users\user\Desktop\ada_sec2vep.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\ada_sec2vep.exe "C:\Users\user\Desktop\ada_sec2vep.exe"
Source: unknown Process created: C:\Users\user\Desktop\ada_sec2vep.exe "C:\Users\user\Desktop\ada_sec2vep.exe"
Source: C:\Users\user\Desktop\ada_sec2vep.exe Section loaded: odbc32.dll Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe Section loaded: odbc32.dll Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe Section loaded: dpapi.dll Jump to behavior
Source: ada_sec2vep.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: ada_sec2vep.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ada_sec2vep.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ada_sec2vep.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ada_sec2vep.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ada_sec2vep.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
PE file contains sections with non-standard names
Source: ada_sec2vep.exe Static PE information: section name: .code
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Config\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\ Jump to behavior
Source: C:\Users\user\Desktop\ada_sec2vep.exe File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\ Jump to behavior
Source: ada_sec2vep.exe, 00000000.00000002.1728831671.0000000000EE8000.00000004.00000020.00020000.00000000.sdmp, ada_sec2vep.exe, 00000009.00000002.1729050500.0000000000B98000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1528215 Sample: ada_sec2vep.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 48 9 Machine Learning detection for sample 2->9 11 AI detected suspicious sample 2->11 5 ada_sec2vep.exe 2->5         started        7 ada_sec2vep.exe 2->7         started        process3
No contacted IP infos