Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exe

Overview

General Information

Sample name:1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exe
Analysis ID:1543221
MD5:17cd8cd72853143b09653fd5850b62db
SHA1:cf302714eb6fe986c6a816b32bbf76a709dbf280
SHA256:8f2e90a1faf005ce982231e5b973eff3e0865110f820279f5d7c063d547d2cae
Tags:base64-decodedexeuser-abuse_ch
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Sample file is different than original file name gathered from version info

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exeString found in binary or memory: http://www.chiark.greenend.org.uk/C
Source: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exeBinary or memory string: OriginalFilenamePuTTY: vs 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exe
Source: classification engineClassification label: unknown0.winEXE@0/0@0/0
Source: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exeString found in binary or memory: ssh.tunnels.portfwd.ipversion:config-ssh-portfwd-address-family
Source: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exeString found in binary or memory: connection.ipversion:config-address-family
Source: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exeString found in binary or memory: serial.stopbits:config-serial-stopbits
Source: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exeString found in binary or memory: DSR/DTRRTS/CTSXON/XOFFSpaceMarkEvenOddFlow controlserial.flow:config-serial-flowParityserial.parity:config-serial-parityStop bitsserial.stopbits:config-serial-stopbitsData bitsserial.databits:config-serial-databitsSpeed (baud)serial.speed:config-serial-speedsercfgConfigure the serial lineSerial line to connect toserial.line:config-serial-lineserlineSelect a serial lineConnection/SerialOptions controlling local serial linesSerial

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		Path InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.chiark.greenend.org.uk/C1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exefalse
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1543221
    Start date and time:2024-10-27 13:38:10 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 1m 52s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:0
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exe
    Detection:UNKNOWN
    Classification:unknown0.winEXE@0/0@0/0
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Unable to launch sample, stop analysis

    Errors

    • No process behavior to analyse as no analysis process or sample was found
    • Corrupt sample or wrongly selected analyzer. Details: The image file %1 is valid, but is for a machine type other than the current machine.

    Warnings

    • VT rate limit hit for: 1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exe

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:MS-DOS executable
    Entropy (8bit):6.6918508419920215
    TrID:
    • Generic Win/DOS Executable (2004/3) 49.94%
    • DOS Executable Generic (2002/1) 49.89%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.17%
    File name:1730032629a1045efd2ad4e4adac06966158f2f021a0f8bc87f6317324f45807d8121c0671809.dat-decoded.exe
    File size:506'446 bytes
    MD5:17cd8cd72853143b09653fd5850b62db
    SHA1:cf302714eb6fe986c6a816b32bbf76a709dbf280
    SHA256:8f2e90a1faf005ce982231e5b973eff3e0865110f820279f5d7c063d547d2cae
    SHA512:cb4fa21d97643cad9391edbcc65d5b93cbf9cdac82ed466ad3ccb139b88ffe8e487fb8f1f2bba8b6c6ae3d00e9e495c8379624c5723649eac7d5b4932be321cb
    SSDEEP:12288:uX/wQq4/fhXhNW2Hb0MADxP5tSZhO8UKy0NgVjE66:2oQ//f5hnHAdP52ny7Q6
    TLSH:21B4AE12B2608032D8EB4FB20B6B4F51BFF7A92016354D0B6BDC54F93DA16917728BC9
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..k)~.8)C.:..8)~.8:v.8+C.:..8,r.8+~.8,r...y82~.8:v.8+C.:..8.].8-~.8.v.88~.8)~.8...8,r.8.~.8.u.8(~.8,r.8(C.:..8Rich)~.8........

    File Icon

    Icon Hash:90cececece8e8eb0

    Network Behavior

    No network behavior found

    Statistics

    No statistics

    System Behavior

    No system behavior

    Disassembly

    No disassembly