ScreenShot
| Created | 2024.08.05 10:43 | Machine | s1_win7_x6403 |
| Filename | secretsdump.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 52 detected (AIDetectMalware, Hacktool, Misc, Malicious, score, HTool, DumpSecrets, Impacket, Unsafe, Vrjz, many, multiple detections, Artemis, FileRepMalware, Python, Secretdmp, SecretDump, CLASSIC, PrivacyRisk, Tool, Mpacket, moderate, Detected, ai score=100, PyInstaller, Skeeyah, ZOUV, Neshta, FileInfector, Xylw, susgen, confidence, 100%, SECRETsdump) | ||
| md5 | 96ec8798bba011d5be952e0e6398795d | ||
| sha256 | c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37 | ||
| ssdeep | 98304:gP9cgRyyVyGHAeBSut+aFNnLlPLeqNZ8hY/1KbxabdDk1duupRWQgWseI9eIfbkr:C9hlX+aFFLlPKQ8hY/DkWWst9e4ge+ | ||
| imphash | fc40519af20116c903e3ff836e366e39 | ||
| impfuzzy | 24:daDaODu9Wu9T/2bjar92UtMS1hbJnc+pl3rOovbKlvUTfUTlONoEqMo6iMuEZDb0:akR9ttMS1hlc+ppaRNUT2ONfiQb0 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| info | Command line console output was observed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | Is_DotNET_DLL | (no description) | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 GetLastError
0x421004 SetDllDirectoryW
0x421008 GetModuleFileNameW
0x42100c GetProcAddress
0x421010 GetCommandLineW
0x421014 GetEnvironmentVariableW
0x421018 SetEnvironmentVariableW
0x42101c ExpandEnvironmentStringsW
0x421020 GetTempPathW
0x421024 WaitForSingleObject
0x421028 Sleep
0x42102c GetExitCodeProcess
0x421030 CreateProcessW
0x421034 GetStartupInfoW
0x421038 LoadLibraryExW
0x42103c GetShortPathNameW
0x421040 FormatMessageA
0x421044 LoadLibraryA
0x421048 MultiByteToWideChar
0x42104c WideCharToMultiByte
0x421050 DecodePointer
0x421054 UnhandledExceptionFilter
0x421058 SetUnhandledExceptionFilter
0x42105c GetCurrentProcess
0x421060 TerminateProcess
0x421064 IsProcessorFeaturePresent
0x421068 QueryPerformanceCounter
0x42106c GetCurrentProcessId
0x421070 GetCurrentThreadId
0x421074 GetSystemTimeAsFileTime
0x421078 InitializeSListHead
0x42107c IsDebuggerPresent
0x421080 GetModuleHandleW
0x421084 RtlUnwind
0x421088 SetLastError
0x42108c EnterCriticalSection
0x421090 LeaveCriticalSection
0x421094 DeleteCriticalSection
0x421098 InitializeCriticalSectionAndSpinCount
0x42109c TlsAlloc
0x4210a0 TlsGetValue
0x4210a4 TlsSetValue
0x4210a8 TlsFree
0x4210ac FreeLibrary
0x4210b0 GetCommandLineA
0x4210b4 ReadFile
0x4210b8 CreateFileW
0x4210bc GetDriveTypeW
0x4210c0 GetFileType
0x4210c4 CloseHandle
0x4210c8 PeekNamedPipe
0x4210cc SystemTimeToTzSpecificLocalTime
0x4210d0 FileTimeToSystemTime
0x4210d4 GetFullPathNameW
0x4210d8 GetFullPathNameA
0x4210dc CreateDirectoryW
0x4210e0 RemoveDirectoryW
0x4210e4 FindClose
0x4210e8 FindFirstFileExW
0x4210ec FindNextFileW
0x4210f0 SetStdHandle
0x4210f4 SetConsoleCtrlHandler
0x4210f8 DeleteFileW
0x4210fc GetStdHandle
0x421100 WriteFile
0x421104 ExitProcess
0x421108 GetModuleHandleExW
0x42110c GetACP
0x421110 HeapFree
0x421114 HeapAlloc
0x421118 GetConsoleMode
0x42111c ReadConsoleW
0x421120 SetFilePointerEx
0x421124 GetConsoleCP
0x421128 CompareStringW
0x42112c LCMapStringW
0x421130 GetCurrentDirectoryW
0x421134 FlushFileBuffers
0x421138 SetEnvironmentVariableA
0x42113c GetFileAttributesExW
0x421140 IsValidCodePage
0x421144 GetOEMCP
0x421148 GetCPInfo
0x42114c GetEnvironmentStringsW
0x421150 FreeEnvironmentStringsW
0x421154 GetStringTypeW
0x421158 GetProcessHeap
0x42115c WriteConsoleW
0x421160 GetTimeZoneInformation
0x421164 HeapSize
0x421168 HeapReAlloc
0x42116c SetEndOfFile
0x421170 RaiseException
WS2_32.dll
0x421178 ntohl
EAT(Export Address Table) is none
KERNEL32.dll
0x421000 GetLastError
0x421004 SetDllDirectoryW
0x421008 GetModuleFileNameW
0x42100c GetProcAddress
0x421010 GetCommandLineW
0x421014 GetEnvironmentVariableW
0x421018 SetEnvironmentVariableW
0x42101c ExpandEnvironmentStringsW
0x421020 GetTempPathW
0x421024 WaitForSingleObject
0x421028 Sleep
0x42102c GetExitCodeProcess
0x421030 CreateProcessW
0x421034 GetStartupInfoW
0x421038 LoadLibraryExW
0x42103c GetShortPathNameW
0x421040 FormatMessageA
0x421044 LoadLibraryA
0x421048 MultiByteToWideChar
0x42104c WideCharToMultiByte
0x421050 DecodePointer
0x421054 UnhandledExceptionFilter
0x421058 SetUnhandledExceptionFilter
0x42105c GetCurrentProcess
0x421060 TerminateProcess
0x421064 IsProcessorFeaturePresent
0x421068 QueryPerformanceCounter
0x42106c GetCurrentProcessId
0x421070 GetCurrentThreadId
0x421074 GetSystemTimeAsFileTime
0x421078 InitializeSListHead
0x42107c IsDebuggerPresent
0x421080 GetModuleHandleW
0x421084 RtlUnwind
0x421088 SetLastError
0x42108c EnterCriticalSection
0x421090 LeaveCriticalSection
0x421094 DeleteCriticalSection
0x421098 InitializeCriticalSectionAndSpinCount
0x42109c TlsAlloc
0x4210a0 TlsGetValue
0x4210a4 TlsSetValue
0x4210a8 TlsFree
0x4210ac FreeLibrary
0x4210b0 GetCommandLineA
0x4210b4 ReadFile
0x4210b8 CreateFileW
0x4210bc GetDriveTypeW
0x4210c0 GetFileType
0x4210c4 CloseHandle
0x4210c8 PeekNamedPipe
0x4210cc SystemTimeToTzSpecificLocalTime
0x4210d0 FileTimeToSystemTime
0x4210d4 GetFullPathNameW
0x4210d8 GetFullPathNameA
0x4210dc CreateDirectoryW
0x4210e0 RemoveDirectoryW
0x4210e4 FindClose
0x4210e8 FindFirstFileExW
0x4210ec FindNextFileW
0x4210f0 SetStdHandle
0x4210f4 SetConsoleCtrlHandler
0x4210f8 DeleteFileW
0x4210fc GetStdHandle
0x421100 WriteFile
0x421104 ExitProcess
0x421108 GetModuleHandleExW
0x42110c GetACP
0x421110 HeapFree
0x421114 HeapAlloc
0x421118 GetConsoleMode
0x42111c ReadConsoleW
0x421120 SetFilePointerEx
0x421124 GetConsoleCP
0x421128 CompareStringW
0x42112c LCMapStringW
0x421130 GetCurrentDirectoryW
0x421134 FlushFileBuffers
0x421138 SetEnvironmentVariableA
0x42113c GetFileAttributesExW
0x421140 IsValidCodePage
0x421144 GetOEMCP
0x421148 GetCPInfo
0x42114c GetEnvironmentStringsW
0x421150 FreeEnvironmentStringsW
0x421154 GetStringTypeW
0x421158 GetProcessHeap
0x42115c WriteConsoleW
0x421160 GetTimeZoneInformation
0x421164 HeapSize
0x421168 HeapReAlloc
0x42116c SetEndOfFile
0x421170 RaiseException
WS2_32.dll
0x421178 ntohl
EAT(Export Address Table) is none