Edit tour
Windows
Analysis Report
http://kale.amwebsolution.com/revada/66e4638fb0392_otrrac.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for dropped file
Machine Learning detection for dropped file
Binary contains a suspicious time stamp
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
PE file overlay found
Stores files to the Windows start menu directory
Classification
- System is w10x64
- chrome.exe (PID: 2612 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4764 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1680 --fi eld-trial- handle=202 8,i,105708 3867202538 9486,24365 7621984628 8201,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5808 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=5668 --field-tr ial-handle =2028,i,10 5708386720 25389486,2 4365762198 46288201,2 62144 --di sable-feat ures=Optim izationGui deModelDow nloading,O ptimizatio nHints,Opt imizationH intsFetchi ng,Optimiz ationTarge tPredictio n /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6508 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://kale.a mwebsoluti on.com/rev ada/66e463 8fb0392_ot rrac.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | HTTP traffic detected: |