Windows
Analysis Report
SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe
Overview
General Information
Detection
Score: | 22 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe (PID: 7364 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Sus pectCRC.22 408.10876. exe" -inst all MD5: 70ECF035B9701551510FBEAE9D957F7E) - conhost.exe (PID: 7372 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe (PID: 7480 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Sus pectCRC.22 408.10876. exe" /inst all MD5: 70ECF035B9701551510FBEAE9D957F7E) - conhost.exe (PID: 7488 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe (PID: 7572 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Sus pectCRC.22 408.10876. exe" /load MD5: 70ECF035B9701551510FBEAE9D957F7E) - conhost.exe (PID: 7580 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary string: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 3_2_000000015D5FEE69 | |
Source: | Code function: | 3_2_000000015D5FD7C9 | |
Source: | Code function: | 5_2_00000077777FD609 | |
Source: | Code function: | 5_2_00000077777FECA9 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Binary or memory string: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Software Packing | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528521 |
Start date and time: | 2024-10-08 00:40:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Cmdline fuzzy |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe |
Detection: | SUS |
Classification: | sus22.winEXE@6/0@0/0 |
EGA Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Execution Graph export aborted for target SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe, PID 7364 because it is empty
- Execution Graph export aborted for target SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe, PID 7480 because there are no executed function
- Execution Graph export aborted for target SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe, PID 7572 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe
File type: | |
Entropy (8bit): | 6.919778296843017 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe |
File size: | 7'715'328 bytes |
MD5: | 70ecf035b9701551510fbeae9d957f7e |
SHA1: | 7a62fcabcc0fc9276eef23160d538c199b711f7b |
SHA256: | 3459a9a11a2d9e6b530107c8433c2c759d9f495d5f11fe7641180300df188150 |
SHA512: | e3884635eb6da8b87fb5b1e75f99b624aa197b28856a614e6e5333891d56d3eb7e1fab61537ac4948173b4e6b9f7a55e6cd6ef065340559e9ca7334c17eff579 |
SSDEEP: | 98304:nwqv85HmmIk6PE22NXs8V9r45z2jdo1NGZXCBR1x8f:wq0HmmIS22i5z25okyz8 |
TLSH: | 77767C47ECA555E9C0EAE230C9B29253BA717C445B3127D37B90F7382E72BD0AA79344 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........xp.......".......%......... .........@...............................|...........`... ............................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x468520 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x0 [Thu Jan 1 00:00:00 1970 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 1 |
File Version Major: | 6 |
File Version Minor: | 1 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 1 |
Import Hash: | 4f2f006e2ecf7172ad368f8289dc96c1 |
Instruction |
---|
jmp 00007F358CB34E60h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
pushfd |
cld |
dec eax |
sub esp, 000000E0h |
dec eax |
mov dword ptr [esp], edi |
dec eax |
mov dword ptr [esp+08h], esi |
dec eax |
mov dword ptr [esp+10h], ebp |
dec eax |
mov dword ptr [esp+18h], ebx |
dec esp |
mov dword ptr [esp+20h], esp |
dec esp |
mov dword ptr [esp+28h], ebp |
dec esp |
mov dword ptr [esp+30h], esi |
dec esp |
mov dword ptr [esp+38h], edi |
movups dqword ptr [esp+40h], xmm6 |
movups dqword ptr [esp+50h], xmm7 |
inc esp |
movups dqword ptr [esp+60h], xmm0 |
inc esp |
movups dqword ptr [esp+70h], xmm1 |
inc esp |
movups dqword ptr [esp+00000080h], xmm2 |
inc esp |
movups dqword ptr [esp+00000090h], xmm3 |
inc esp |
movups dqword ptr [esp+000000A0h], xmm4 |
inc esp |
movups dqword ptr [esp+000000B0h], xmm5 |
inc esp |
movups dqword ptr [esp+000000C0h], xmm6 |
inc esp |
movups dqword ptr [esp+000000D0h], xmm7 |
inc ebp |
xorps xmm7, xmm7 |
dec ebp |
xor esi, esi |
dec eax |
mov eax, dword ptr [004F1A86h] |
dec eax |
mov eax, dword ptr [eax] |
dec eax |
cmp eax, 00000000h |
je 00007F358CB38785h |
dec esp |
mov esi, dword ptr [eax] |
dec eax |
sub esp, 10h |
dec eax |
mov eax, ecx |
dec eax |
mov ebx, edx |
call 00007F358CB1B0BFh |
dec eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x760000 | 0x516 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x561000 | 0xd8cc | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x761000 | 0xabb8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x4c42a0 | 0x170 | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x25a2e6 | 0x25a400 | 7501273dc39f3ebf6a71307dff43cd45 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x25c000 | 0x2672f8 | 0x267400 | 87bc46d066549afcc203884d940c271d | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x4c4000 | 0x9ca50 | 0x40800 | 5a9a73a3e3d4034d07d2f0adeca4897d | False | 0.40529993338178294 | data | 5.116506232256746 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x561000 | 0xd8cc | 0xda00 | 30918ee299e273eaa2e088226cfaa282 | False | 0.40386682912844035 | data | 5.469077488023305 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.xdata | 0x56f000 | 0xa8 | 0x200 | 2a5152ffc3a52ca1d276acd572c41b9a | False | 0.19921875 | shared library | 1.6345075234569126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
/4 | 0x570000 | 0x129 | 0x200 | 17f62672c8506464ae13eccc2eb6cb94 | False | 0.623046875 | data | 5.081946473254993 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
/19 | 0x571000 | 0x6a39a | 0x6a400 | bfb01bb4edb3cd0cbb1e0c2390984079 | False | 1.0001677389705883 | data | 7.995561769151208 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
/32 | 0x5dc000 | 0x165d0 | 0x16600 | 21c292dbf12fbc3addd29c378e0295ee | False | 0.9981123428770949 | data | 7.938142495237925 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
/46 | 0x5f3000 | 0x30 | 0x200 | 40cca7c46fc713b4f088e5d440ca7931 | False | 0.103515625 | data | 0.8556848540171443 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
/65 | 0x5f4000 | 0xb7667 | 0xb7800 | bc3d28c69719f36061165ff520b725bb | False | 0.9988079019073569 | data | 7.997806431910047 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
/78 | 0x6ac000 | 0x8bc0a | 0x8be00 | 327a36dee4a0f20528ecfc4650d1f939 | False | 0.9925872011840929 | data | 7.995212635206349 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
/90 | 0x738000 | 0x27f02 | 0x28000 | 8d665fa4d4a1274351ca1a2b4f393817 | False | 0.973333740234375 | data | 7.80659240159944 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.idata | 0x760000 | 0x516 | 0x600 | 4fa3efd47865890435c08f1d88ebe489 | False | 0.3639322916666667 | data | 3.8400175988100966 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x761000 | 0xabb8 | 0xac00 | 197876f902ed3c191710af89882f69a2 | False | 0.2751408066860465 | data | 5.450004122092747 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.symtab | 0x76c000 | 0x541fa | 0x54200 | 37830674ec9d1a8733b86eeb7826732d | False | 0.23014661497028233 | data | 5.282562218693471 | IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
kernel32.dll | WriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:41:16 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x600000 |
File size: | 7'715'328 bytes |
MD5 hash: | 70ECF035B9701551510FBEAE9D957F7E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Go lang |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 18:41:16 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 18:41:18 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x600000 |
File size: | 7'715'328 bytes |
MD5 hash: | 70ECF035B9701551510FBEAE9D957F7E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Go lang |
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 18:41:18 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 18:41:20 |
Start date: | 07/10/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.SuspectCRC.22408.10876.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x600000 |
File size: | 7'715'328 bytes |
MD5 hash: | 70ECF035B9701551510FBEAE9D957F7E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Go lang |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 18:41:21 |
Start date: | 07/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Function 00668960 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00664DE0 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|