ScreenShot
| Created | 2023.10.11 13:57 | Machine | s1_win7_x6401 |
| Filename | LogonFile.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 50 detected (Common, Cobalt, GenericKD, CobaltStrike, malicious, confidence, 100%, ABRisk, UEHU, Attribute, HighConfidence, high confidence, WinGo, score, jyttuy, PatchedWinSwrort, idayd, COBEACON, YXDG1Z, GenKD, Malware@#13d7cvk2kiz72, Cobaltstrikebeacon, Detected, Artemis, ai score=81, unsafe, Iajl, susgen, Behavior, FileRepMalware, Misc) | ||
| md5 | bff3120685dafe9e31206887df290c02 | ||
| sha256 | 848323f362252e7704f024c82b362f1c512974b462e1bf8e9e4595464f074bde | ||
| ssdeep | 49152:JM2fECg63nOYO1rrb/TXvO90d7HjmAFd4A64nsfJvlTUWpGBwCRMq0O4kdgYg9j4:n37D+WzmC8saFioUhvlE1ui5wOM | ||
| imphash | ff9f3a86709796c17211f9df12aae74d | ||
| impfuzzy | 24:UbVjhNwO+jX13uT2oLtXOr6kwmDruMztxdD1tr6tP:KwO+jX13AXOmGxp1ZoP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xe02780 WriteFile
0xe02788 WriteConsoleW
0xe02790 WaitForMultipleObjects
0xe02798 WaitForSingleObject
0xe027a0 VirtualQuery
0xe027a8 VirtualFree
0xe027b0 VirtualAlloc
0xe027b8 SwitchToThread
0xe027c0 SuspendThread
0xe027c8 SetWaitableTimer
0xe027d0 SetUnhandledExceptionFilter
0xe027d8 SetThreadPriority
0xe027e0 SetProcessPriorityBoost
0xe027e8 SetEvent
0xe027f0 SetErrorMode
0xe027f8 SetConsoleCtrlHandler
0xe02800 ResumeThread
0xe02808 PostQueuedCompletionStatus
0xe02810 LoadLibraryA
0xe02818 LoadLibraryW
0xe02820 SetThreadContext
0xe02828 GetThreadContext
0xe02830 GetSystemInfo
0xe02838 GetSystemDirectoryA
0xe02840 GetStdHandle
0xe02848 GetQueuedCompletionStatusEx
0xe02850 GetProcessAffinityMask
0xe02858 GetProcAddress
0xe02860 GetEnvironmentStringsW
0xe02868 GetConsoleMode
0xe02870 FreeEnvironmentStringsW
0xe02878 ExitProcess
0xe02880 DuplicateHandle
0xe02888 CreateWaitableTimerExW
0xe02890 CreateWaitableTimerA
0xe02898 CreateThread
0xe028a0 CreateIoCompletionPort
0xe028a8 CreateFileA
0xe028b0 CreateEventA
0xe028b8 CloseHandle
0xe028c0 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xe02780 WriteFile
0xe02788 WriteConsoleW
0xe02790 WaitForMultipleObjects
0xe02798 WaitForSingleObject
0xe027a0 VirtualQuery
0xe027a8 VirtualFree
0xe027b0 VirtualAlloc
0xe027b8 SwitchToThread
0xe027c0 SuspendThread
0xe027c8 SetWaitableTimer
0xe027d0 SetUnhandledExceptionFilter
0xe027d8 SetThreadPriority
0xe027e0 SetProcessPriorityBoost
0xe027e8 SetEvent
0xe027f0 SetErrorMode
0xe027f8 SetConsoleCtrlHandler
0xe02800 ResumeThread
0xe02808 PostQueuedCompletionStatus
0xe02810 LoadLibraryA
0xe02818 LoadLibraryW
0xe02820 SetThreadContext
0xe02828 GetThreadContext
0xe02830 GetSystemInfo
0xe02838 GetSystemDirectoryA
0xe02840 GetStdHandle
0xe02848 GetQueuedCompletionStatusEx
0xe02850 GetProcessAffinityMask
0xe02858 GetProcAddress
0xe02860 GetEnvironmentStringsW
0xe02868 GetConsoleMode
0xe02870 FreeEnvironmentStringsW
0xe02878 ExitProcess
0xe02880 DuplicateHandle
0xe02888 CreateWaitableTimerExW
0xe02890 CreateWaitableTimerA
0xe02898 CreateThread
0xe028a0 CreateIoCompletionPort
0xe028a8 CreateFileA
0xe028b0 CreateEventA
0xe028b8 CloseHandle
0xe028c0 AddVectoredExceptionHandler
EAT(Export Address Table) is none