Edit tour
Windows
Analysis Report
http://malw.esalesin.com/yuop/66e5f96b41510_GageEpa.exe
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for dropped file
Machine Learning detection for dropped file
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Stores files to the Windows start menu directory
Classification
- System is w10x64
- chrome.exe (PID: 6816 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 1712 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2056 --fi eld-trial- handle=202 0,i,752605 7001849238 134,136047 7571914487 1455,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 5104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= chrome.moj om.UtilRea dIcon --la ng=en-US - -service-s andbox-typ e=icon_rea der --mojo -platform- channel-ha ndle=5604 --field-tr ial-handle =2020,i,75 2605700184 9238134,13 6047757191 44871455,2 62144 --di sable-feat ures=Optim izationGui deModelDow nloading,O ptimizatio nHints,Opt imizationH intsFetchi ng,Optimiz ationTarge tPredictio n /prefetc h:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- chrome.exe (PID: 5996 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://malw.e salesin.co m/yuop/66e 5f96b41510 _GageEpa.e xe" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: |