Windows Analysis Report
OneDrive_1_25-11-2024.zip

Overview

General Information

Sample name: OneDrive_1_25-11-2024.zip
Analysis ID: 1562269
MD5: 35f5af664863b514eea4870ad0b3a493
SHA1: 8c8630bbba23d64dd1b63fe726982ea2e0fed098
SHA256: fa9e09e1cc1e240440ca21d233841eb0611bc9664bedc9e27f55fc30573dfbb1

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Program does not show much activity (idle)
Sample file is different than original file name gathered from version info

Classification

Source: OneDrive_1_25-11-2024.zip String found in binary or memory: http://www.eci.org/eci/en/eciRGB.php
Source: OneDrive_1_25-11-2024.zip String found in binary or memory: http://www.eci.org/eci/en/eciRGB.phpdesc
Sample file is different than original file name gathered from version info
Source: OneDrive_1_25-11-2024.zip Binary or memory string: OriginalFilenameKRoMX2011.exep( vs OneDrive_1_25-11-2024.zip
Source: OneDrive_1_25-11-2024.zip Binary or memory string: OriginalFilenameKRoMX2018.exep( vs OneDrive_1_25-11-2024.zip
Source: classification engine Classification label: clean1.winZIP@1/0@0/0
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: KRoMX2011.exe String found in binary or memory: NATS-SEFI-ADD
Source: KRoMX2011.exe String found in binary or memory: NATS-DANO-ADD
Source: KRoMX2011.exe String found in binary or memory: JIS_C6229-1984-b-add
Source: KRoMX2011.exe String found in binary or memory: jp-ocr-b-add
Source: KRoMX2011.exe String found in binary or memory: JIS_C6229-1984-hand-add
Source: KRoMX2011.exe String found in binary or memory: jp-ocr-hand-add
Source: KRoMX2011.exe String found in binary or memory: ISO_6937-2-add
Source: KRoMX2011Test.exe String found in binary or memory: NATS-SEFI-ADD
Source: KRoMX2011Test.exe String found in binary or memory: NATS-DANO-ADD
Source: KRoMX2011Test.exe String found in binary or memory: JIS_C6229-1984-b-add
Source: KRoMX2011Test.exe String found in binary or memory: jp-ocr-b-add
Source: KRoMX2011Test.exe String found in binary or memory: JIS_C6229-1984-hand-add
Source: KRoMX2011Test.exe String found in binary or memory: jp-ocr-hand-add
Source: KRoMX2011Test.exe String found in binary or memory: ISO_6937-2-add
Source: OneDrive_1_25-11-2024.zip Static file information: File size 53451478 > 1048576
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1562269 Sample: OneDrive_1_25-11-2024.zip Startdate: 25/11/2024 Architecture: WINDOWS Score: 1 4 rundll32.exe 2->4         started       
No contacted IP infos