Try VMRay Platform
Malicious
Classifications

Hacktool

Threat Names

CobaltStrike Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-11-20T22:39:20+00:00

S6XRRtE4jcyp70KU.exe

Windows Exe (x86-64)
...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\S6XRRtE4jcyp70KU.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 89.00 KB
MD5 0af6b9ca080739e874edce9c4abc6a03 Copy to Clipboard
SHA1 5e17a77f904f24d0b19609b1ef358bdf141f4c9d Copy to Clipboard
SHA256 7399343f9220607ba352317dfc032bab5c96b17b006375d19053cdce89fe3b8a Copy to Clipboard
SSDeep 1536:8xDBHGXISwLRBYNWH881IEa4HwKgm9MsWSajdc9dl6+ReeVJ000:8RBHvSUBY4coIEa4HJD9XaZUrReeVJ6 Copy to Clipboard
ImpHash c799cba0de6fcc1a9b2c6d5642084d6f Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x140000000
Entry Point 0x140001B70
Size Of Code 0x0000A600
Size Of Initialized Data 0x0000BA00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2020-12-01 05:58 (UTC)
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x0000A430 0x0000A600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.35
.rdata 0x14000C000 0x00008F2E 0x00009000 0x0000AA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.73
.data 0x140015000 0x00001C58 0x00000A00 0x00013A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.14
.pdata 0x140017000 0x00000D98 0x00000E00 0x00014400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.79
.gfids 0x140018000 0x000000BC 0x00000200 0x00015200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.41
.rsrc 0x140019000 0x000007E8 0x00000800 0x00015400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.55
.reloc 0x14001A000 0x00000628 0x00000800 0x00015C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.77
Imports (2)
»
KERNEL32.dll (80)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExpandEnvironmentStringsA - 0x14000C020 0x00014680 0x00013080 0x0000015A
UnmapViewOfFile - 0x14000C028 0x00014688 0x00013088 0x00000595
CreateToolhelp32Snapshot - 0x14000C030 0x00014690 0x00013090 0x000000F0
Process32NextW - 0x14000C038 0x00014698 0x00013098 0x00000412
CreateFileA - 0x14000C040 0x000146A0 0x000130A0 0x000000BA
LockResource - 0x14000C048 0x000146A8 0x000130A8 0x000003C0
VirtualAlloc - 0x14000C050 0x000146B0 0x000130B0 0x000005AB
CloseHandle - 0x14000C058 0x000146B8 0x000130B8 0x0000007F
LoadResource - 0x14000C060 0x000146C0 0x000130C0 0x000003AE
FindResourceW - 0x14000C068 0x000146C8 0x000130C8 0x0000018F
CreateFileMappingW - 0x14000C070 0x000146D0 0x000130D0 0x000000BF
MapViewOfFile - 0x14000C078 0x000146D8 0x000130D8 0x000003C3
GetCurrentProcess - 0x14000C080 0x000146E0 0x000130E0 0x0000020F
SizeofResource - 0x14000C088 0x000146E8 0x000130E8 0x00000560
Process32FirstW - 0x14000C090 0x000146F0 0x000130F0 0x00000410
GetModuleFileNameA - 0x14000C098 0x000146F8 0x000130F8 0x00000268
RtlCaptureContext - 0x14000C0A0 0x00014700 0x00013100 0x000004AE
RtlLookupFunctionEntry - 0x14000C0A8 0x00014708 0x00013108 0x000004B5
RtlVirtualUnwind - 0x14000C0B0 0x00014710 0x00013110 0x000004BC
UnhandledExceptionFilter - 0x14000C0B8 0x00014718 0x00013118 0x00000592
SetUnhandledExceptionFilter - 0x14000C0C0 0x00014720 0x00013120 0x00000552
TerminateProcess - 0x14000C0C8 0x00014728 0x00013128 0x00000570
IsProcessorFeaturePresent - 0x14000C0D0 0x00014730 0x00013130 0x00000370
QueryPerformanceCounter - 0x14000C0D8 0x00014738 0x00013138 0x00000430
GetCurrentProcessId - 0x14000C0E0 0x00014740 0x00013140 0x00000210
GetCurrentThreadId - 0x14000C0E8 0x00014748 0x00013148 0x00000214
GetSystemTimeAsFileTime - 0x14000C0F0 0x00014750 0x00013150 0x000002DD
InitializeSListHead - 0x14000C0F8 0x00014758 0x00013158 0x00000354
IsDebuggerPresent - 0x14000C100 0x00014760 0x00013160 0x0000036A
GetStartupInfoW - 0x14000C108 0x00014768 0x00013168 0x000002C5
GetModuleHandleW - 0x14000C110 0x00014770 0x00013170 0x0000026D
RtlUnwindEx - 0x14000C118 0x00014778 0x00013178 0x000004BB
RtlPcToFileHeader - 0x14000C120 0x00014780 0x00013180 0x000004B7
RaiseException - 0x14000C128 0x00014788 0x00013188 0x00000444
GetLastError - 0x14000C130 0x00014790 0x00013190 0x00000256
SetLastError - 0x14000C138 0x00014798 0x00013198 0x00000519
EnterCriticalSection - 0x14000C140 0x000147A0 0x000131A0 0x00000129
LeaveCriticalSection - 0x14000C148 0x000147A8 0x000131A8 0x000003A5
DeleteCriticalSection - 0x14000C150 0x000147B0 0x000131B0 0x00000106
InitializeCriticalSectionAndSpinCount - 0x14000C158 0x000147B8 0x000131B8 0x00000351
TlsAlloc - 0x14000C160 0x000147C0 0x000131C0 0x00000582
TlsGetValue - 0x14000C168 0x000147C8 0x000131C8 0x00000584
TlsSetValue - 0x14000C170 0x000147D0 0x000131D0 0x00000585
TlsFree - 0x14000C178 0x000147D8 0x000131D8 0x00000583
FreeLibrary - 0x14000C180 0x000147E0 0x000131E0 0x000001A4
GetProcAddress - 0x14000C188 0x000147E8 0x000131E8 0x000002A4
LoadLibraryExW - 0x14000C190 0x000147F0 0x000131F0 0x000003AA
ExitProcess - 0x14000C198 0x000147F8 0x000131F8 0x00000157
GetModuleHandleExW - 0x14000C1A0 0x00014800 0x00013200 0x0000026C
GetStdHandle - 0x14000C1A8 0x00014808 0x00013208 0x000002C7
WriteFile - 0x14000C1B0 0x00014810 0x00013210 0x000005F1
GetModuleFileNameW - 0x14000C1B8 0x00014818 0x00013218 0x00000269
MultiByteToWideChar - 0x14000C1C0 0x00014820 0x00013220 0x000003D4
WideCharToMultiByte - 0x14000C1C8 0x00014828 0x00013228 0x000005DD
GetACP - 0x14000C1D0 0x00014830 0x00013230 0x000001AA
HeapFree - 0x14000C1D8 0x00014838 0x00013238 0x0000033C
HeapAlloc - 0x14000C1E0 0x00014840 0x00013240 0x00000338
LCMapStringW - 0x14000C1E8 0x00014848 0x00013248 0x00000399
FindClose - 0x14000C1F0 0x00014850 0x00013250 0x0000016E
FindFirstFileExW - 0x14000C1F8 0x00014858 0x00013258 0x00000174
FindNextFileW - 0x14000C200 0x00014860 0x00013260 0x00000185
IsValidCodePage - 0x14000C208 0x00014868 0x00013268 0x00000375
GetOEMCP - 0x14000C210 0x00014870 0x00013270 0x0000028D
GetCPInfo - 0x14000C218 0x00014878 0x00013278 0x000001B9
GetCommandLineA - 0x14000C220 0x00014880 0x00013280 0x000001CE
GetCommandLineW - 0x14000C228 0x00014888 0x00013288 0x000001CF
GetEnvironmentStringsW - 0x14000C230 0x00014890 0x00013290 0x0000022E
FreeEnvironmentStringsW - 0x14000C238 0x00014898 0x00013298 0x000001A3
SetStdHandle - 0x14000C240 0x000148A0 0x000132A0 0x00000530
GetFileType - 0x14000C248 0x000148A8 0x000132A8 0x00000245
GetStringTypeW - 0x14000C250 0x000148B0 0x000132B0 0x000002CC
GetProcessHeap - 0x14000C258 0x000148B8 0x000132B8 0x000002A9
HeapSize - 0x14000C260 0x000148C0 0x000132C0 0x00000341
HeapReAlloc - 0x14000C268 0x000148C8 0x000132C8 0x0000033F
FlushFileBuffers - 0x14000C270 0x000148D0 0x000132D0 0x00000198
GetConsoleCP - 0x14000C278 0x000148D8 0x000132D8 0x000001E2
GetConsoleMode - 0x14000C280 0x000148E0 0x000132E0 0x000001F4
SetFilePointerEx - 0x14000C288 0x000148E8 0x000132E8 0x0000050C
WriteConsoleW - 0x14000C290 0x000148F0 0x000132F0 0x000005F0
CreateFileW - 0x14000C298 0x000148F8 0x000132F8 0x000000C2
ADVAPI32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey - 0x14000C000 0x00014660 0x00013060 0x00000254
RegSetValueExA - 0x14000C008 0x00014668 0x00013068 0x000002A1
RegCreateKeyA - 0x14000C010 0x00014670 0x00013070 0x0000025B
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
s6xrrte4jcyp70ku.exe 1 0x7FF75AC60000 0x7FF75AC7AFFF Relevant Image False 64-bit 0x7FF75AC645B4 False
...
buffer 1 0x1DCBEC50000 0x1DCBEC50FFF First Execution False 64-bit 0x1DCBEC50000 False
...
buffer 1 0x1DCBEC60000 0x1DCBEC60FFF First Execution False 64-bit 0x1DCBEC60000 False
...
buffer 1 0x1DCBEC60000 0x1DCBEC60FFF Content Changed False 64-bit 0x1DCBEC60248 False
...
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 0c867aa43e5361f08a042bf95af1ee82 Copy to Clipboard
SHA1 152cb9fb7cf8f9e972036e17b5d6bef471a21903 Copy to Clipboard
SHA256 576a886c58290258cb3dbc3ee2bca0dfc7d8c0c0c7a8d388204819eed36c5253 Copy to Clipboard
SSDeep 3:Bl1Vl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image