Windows Analysis Report
UemxXC3jyR.exe

Overview

General Information

Sample name: UemxXC3jyR.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name: a541aab0fa72cab0ec779e8723d8353d66bdf31e
Analysis ID: 1532987
MD5: 880dd88211726b1862495b9482e348ef
SHA1: a541aab0fa72cab0ec779e8723d8353d66bdf31e
SHA256: 51d0e120e55826acc35dfb80f57b4bf33043e99b7a23f4c68ede601d4066c989

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: UemxXC3jyR.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: UemxXC3jyR.exe String found in binary or memory: http://IasWS.samur.sgicntt
Source: UemxXC3jyR.exe String found in binary or memory: http://correo.ws.emergencias.munimadrid.es/
Source: UemxXC3jyR.exe String found in binary or memory: http://dgegis.emergencias.munimadrid.es/intervencionesencurso/inicio.html?colectivo=samur&intervenci
Source: UemxXC3jyR.exe String found in binary or memory: http://maps.googleapis.com/maps/api/distancematrix/xml?origins=
Source: UemxXC3jyR.exe String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: UemxXC3jyR.exe String found in binary or memory: http://www.madrid.es/UnidadesDescentralizadas/Emergencias/Samur/aqui.html?li=
Source: UemxXC3jyR.exe String found in binary or memory: https://cardiomad.desarrollo.emtmadrid.es/cardioapi/v1/alarms/pcr/
Source: UemxXC3jyR.exe String found in binary or memory: https://cardiomad.desarrollo.emtmadrid.es/visor/Nhttps://encuesta.com/survey/P6gm6cW1J4/
Source: UemxXC3jyR.exe String found in binary or memory: https://maps.google.com/maps?saddr=
Sample file is different than original file name gathered from version info
Source: UemxXC3jyR.exe, 00000000.00000000.1726937098.0000000000AE5000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameNUEVO STE.EXE vs UemxXC3jyR.exe
Source: UemxXC3jyR.exe Binary or memory string: OriginalFilenameNUEVO STE.EXE vs UemxXC3jyR.exe
Uses 32bit PE files
Source: UemxXC3jyR.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean1.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Mutant created: NULL
Source: C:\Users\user\Desktop\UemxXC3jyR.exe File created: C:\Users\user\AppData\Local\Temp\~DF8E8EEF2E32582658.TMP Jump to behavior
Source: UemxXC3jyR.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: UemxXC3jyR.exe String found in binary or memory: chrome.exe -start-maximized -url https://maps.google.com/maps?saddr=
Source: UemxXC3jyR.exe String found in binary or memory: chrome.exe -start -maximized -url https://maps.google.com/maps?saddr= ImgRuta_DragDrop\UPDATE PROTOCOLO SET COD_PDI = 2 WHERE PKID = FUPDATE PROTOCOLO SET COD_ESQUINA = NUPDATE PROTOCOLO_2_1 SET COD_ESQUINA =
Source: UemxXC3jyR.exe String found in binary or memory: chrome.exe --start-maximized -url https://maps.google.com/maps?saddr=
Source: UemxXC3jyR.exe String found in binary or memory: respuestaDchrome.exe --start-maximized -url VEleja hora de entrada o quitarsela para la
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: vb6zz.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: vb6es.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Section loaded: wintypes.dll Jump to behavior
Source: UemxXC3jyR.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: UemxXC3jyR.exe Static file information: File size 7110656 > 1048576
Source: UemxXC3jyR.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x6c5000
Source: C:\Users\user\Desktop\UemxXC3jyR.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1532987 Sample: UemxXC3jyR Startdate: 14/10/2024 Architecture: WINDOWS Score: 1 4 UemxXC3jyR.exe 1 2->4         started       
No contacted IP infos