Embed Size (px)
Citation preview
ID: 60375Sample Name: MANIFEST-000001Cookbook: default.jbsTime: 15:21:51Date: 19/05/2018Version: 22.0.0
233333445555
55
555556
666666
66666
6667
777
77777
Table of Contents
Table of ContentsAnalysis Report
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceSignature Overview
System Summary:Anti Debugging:Malware Analysis System Evasion:
SimulationsBehavior and APIs
Antivirus DetectionInitial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Joe Sandbox View / ContextIPsDomainsASNDropped Files
Created / dropped FilesContacted Domains/Contacted IPs
Contacted DomainsContacted IPs
Static File InfoGeneralFile Icon
Network BehaviorCode ManipulationsStatisticsSystem BehaviorDisassembly
Copyright Joe Security LLC 2018 Page 2 of 7
Analysis Report
Overview
General Information
Joe Sandbox Version: 22.0.0
Analysis ID: 60375
Start time: 15:21:51
Joe Sandbox Product: CloudBasic
Start date: 19.05.2018
Overall analysis duration: 0h 0m 59s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: MANIFEST-000001
Cookbook file name: default.jbs
Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed: 1
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies HCA enabledEGA enabledHDC enabled
Analysis stop reason: Timeout
Detection: UNKNOWN
Classification: unknown0.win@0/0@0/0
Cookbook Comments: Adjust boot timeCorrecting counters for adjusted boot timeUnable to launch sample, stop analysis
Warnings:
Errors: Nothing to analyse, Joe Sandbox has not found any analysis process or sampleUnable to start the sample
Detection
Strategy Score Range Reporting Detection
Threshold 0 0 - 100 Report FP / FN
Confidence
Strategy Score Range Further Analysis Required? Confidence
Exclude process from analysis (whitelisted): dllhost.exe
Show All
Copyright Joe Security LLC 2018 Page 3 of 7
Threshold 4 0 - 5 false
Strategy Score Range Further Analysis Required? Confidence
Analysis Advice
Sample could not be started, try setting a correct file extension or analyse on different analysis machine
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Classification
Copyright Joe Security LLC 2018 Page 4 of 7
Signature Overview
• System Summary
• Anti Debugging
• Malware Analysis System Evasion
Click to jump to signature section
System Summary:
Classification label
Anti Debugging:
Program does not show much activity (idle)
Malware Analysis System Evasion:
Program does not show much activity (idle)
No simulations
Source Detection Scanner Label Link
MANIFEST-000001 0% virustotal Browse
MANIFEST-000001 0% metadefender Browse
No Antivirus matches
No Antivirus matches
Simulations
Behavior and APIs
Antivirus Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
Copyright Joe Security LLC 2018 Page 5 of 7
No Antivirus matches
No Antivirus matches
No yara matches
No yara matches
No yara matches
No yara matches
No yara matches
No context
No context
No context
No context
No created / dropped files found
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Domains
ASN
Dropped Files
Created / dropped Files
Contacted Domains/Contacted IPs
Contacted Domains
Copyright Joe Security LLC 2018 Page 6 of 7
Static File Info
GeneralFile type: data
Entropy (8bit): 4.142914673354254
TrID:
File name: MANIFEST-000001
File size: 23
MD5: 3fd11ff447c1ee23538dc4d9724427a3
SHA1: 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256: 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512: 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
File Content Preview: .........idb_cmp1......
File Icon
Network Behavior
No network behavior found
Code Manipulations
Statistics
System Behavior
Disassembly
No contacted domains info
No contacted IP infos
Contacted IPs
Copyright Joe Security LLC 2018 Page 7 of 7
