Windows Analysis Report
Spud.exe

Overview

General Information

Sample name:	Spud.exe
Analysis ID:	1562487
MD5:	4a86c8af56b2a9b448b93433ff7fcf41
SHA1:	b0136ca3b4e04b3203f15b3947f96abbcd033237
SHA256:	d52355666006d9cfae423c9f4eb8e8600c720baaf4b7aba37127e0f7854ab212

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Program does not show much activity (idle)

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: Spud.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Uses 32bit PE files

Source: Spud.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean1.winEXE@1/0@0/0

Source: Spud.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Spud.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\Spud.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: spudmfc.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\Spud.exe	Section loaded: wintypes.dll

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Network Map

⊘No contacted IP infos

ID:	1562487
Product:	CloudBasic
Start time:	16:15:52
Start date:	25.11.2024
Sample:	Spud.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	4a86c8af56b2a9b448b93433ff7fcf41
SHA1:	b0136ca3b4e04b3203f15b3947f96abbcd033237
SHA256:	d52355666006d9cfae423c9f4eb8e8600c720baaf4b7aba37127e0f7854ab212
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
Spud.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Malware Analysis System Evasion

Anti Debugging

Screenshots

Network Map

Windows Analysis Report Spud.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Malware Analysis System Evasion

Anti Debugging

Screenshots

Network Map

Windows Analysis Report
Spud.exe