analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | Dosia.exe |
| Full analysis: | https://app.any.run/tasks/df4119ce-5cd3-41f3-b883-24cc518d63a7 |
| Verdict: | Malicious activity |
| Analysis date: | December 06, 2022, 06:20:40 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (console) Intel 80386, for MS Windows |
| MD5: | 21BE396619D3AB2EFA6A70387180E58F |
| SHA1: | 09A3B689A5077BD89331ACD157EBE621C8714A89 |
| SHA256: | 77CC16BE9E6F910BE9B154981DF07EE9E426863E1543E0D84FBDFB7DC6C9D09F |
| SSDEEP: | 98304:I68cgXwWux4ffGqIVkwAZgEkoA/M9wMVuA7r5jF/vKqdD5g+:ZYe2fGNhAJkb/YwM82rhJf |
MALICIOUS
Loads dropped or rewritten executable
- Dosia.exe (PID: 2732)
- Dosia.exe (PID: 2436)
Drops the executable file immediately after the start
- Dosia.exe (PID: 2436)
SUSPICIOUS
Application launched itself
- Dosia.exe (PID: 2436)
Executable content was dropped or overwritten
- Dosia.exe (PID: 2436)
INFO
Drops a file that was compiled in debug mode
- Dosia.exe (PID: 2436)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
|---|---|---|
| .exe | | | Win64 Executable (generic) (37.3) |
| .dll | | | Win32 Dynamic Link Library (generic) (8.8) |
| .exe | | | Win32 Executable (generic) (6) |
| .exe | | | Generic Win/DOS Executable (2.7) |
Summary
| Architecture: | IMAGE_FILE_MACHINE_I386 |
|---|---|
| Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
| Compilation Date: | 2022-Jul-01 09:53:45 |
DOS Header
| e_magic: | MZ |
|---|---|
| e_cblp: | 144 |
| e_cp: | 3 |
| e_crlc: | - |
| e_cparhdr: | 4 |
| e_minalloc: | - |
| e_maxalloc: | 65535 |
| e_ss: | - |
| e_sp: | 184 |
| e_csum: | - |
| e_ip: | - |
| e_cs: | - |
| e_ovno: | - |
| e_oemid: | - |
| e_oeminfo: | - |
| e_lfanew: | 248 |
PE Headers
| Signature: | PE |
|---|---|
| Machine: | IMAGE_FILE_MACHINE_I386 |
| NumberofSections: | 5 |
| TimeDateStamp: | 2022-Jul-01 09:53:45 |
| PointerToSymbolTable: | - |
| NumberOfSymbols: | - |
| SizeOfOptionalHeader: | 224 |
| Characteristics: |
|
Sections
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
|---|---|---|---|---|---|
.text | 4096 | 151122 | 151552 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.65753 |
.rdata | 155648 | 55268 | 55296 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.15306 |
.data | 212992 | 63700 | 3072 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.88335 |
.rsrc | 278528 | 61444 | 61952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.35622 |
.reloc | 344064 | 7560 | 7680 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.66216 |
Resources
Title | Entropy | Size | Codepage | Language | Type |
|---|---|---|---|---|---|
0 | 2.71858 | 104 | Latin 1 / Western European | UNKNOWN | RT_GROUP_ICON |
1 | 5.58652 | 3752 | Latin 1 / Western European | UNKNOWN | RT_ICON |
2 | 6.05629 | 2216 | Latin 1 / Western European | UNKNOWN | RT_ICON |
3 | 5.5741 | 1384 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4 | 7.95079 | 37019 | Latin 1 / Western European | UNKNOWN | RT_ICON |
5 | 5.29119 | 9640 | Latin 1 / Western European | UNKNOWN | RT_ICON |
6 | 5.43869 | 4264 | Latin 1 / Western European | UNKNOWN | RT_ICON |
7 | 5.89356 | 1128 | Latin 1 / Western European | UNKNOWN | RT_ICON |
1 (#2) | 5.29093 | 1416 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
Imports
ADVAPI32.dll |
KERNEL32.dll |
Total processes
35
Monitored processes
2
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2436 | "C:\Users\admin\AppData\Local\Temp\Dosia.exe" | C:\Users\admin\AppData\Local\Temp\Dosia.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Exit code: 2 | ||||
| 2732 | "C:\Users\admin\AppData\Local\Temp\Dosia.exe" | C:\Users\admin\AppData\Local\Temp\Dosia.exe | — | Dosia.exe |
User: admin Integrity Level: MEDIUM Exit code: 2 | ||||
Total events
151
Read events
151
Write events
0
Delete events
0
Modification events
Executable files
50
Suspicious files
1
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-libraryloader-l1-1-0.dll | executable | |
MD5:F84DD01E37844165EF8CD0DF2D0B45A4 | SHA256:2C3F5F8E9861B05F734DE06A6AC27696DA2DB6193EE003FB62561B6859AFDE11 | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-file-l1-1-0.dll | executable | |
MD5:9383F2D137B9A23B858AF26979973F90 | SHA256:316CDC6B0993217DE0FBDF2D481E907955A7F7D552171D4ECE7469C7281F6781 | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-console-l1-1-0.dll | executable | |
MD5:DED0A05ECD081921F854C718401839A9 | SHA256:CD49E371C79A0D242293E764CB9CBA1C6B071BBEDA18E7D2AF28804E7721BA3E | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-interlocked-l1-1-0.dll | executable | |
MD5:FD2D8FCB6A3527A8930034B7EC93742F | SHA256:55BCF0E3F10E6FA536B3D414F6F216BD1469CADD4682134BBBCAD5E062023832 | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-memory-l1-1-0.dll | executable | |
MD5:DBFC2D434F864455F4F1C2257D050940 | SHA256:2A76304FBFA3869F152CA955CA76864897409289C0B60EA8FD3C314F4C56ABA6 | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-namedpipe-l1-1-0.dll | executable | |
MD5:2FEB00D7F951A3F9C7DEDB7C4EE11B9A | SHA256:F767D7DF37F90AE4D56CC1A94B8885BD35C41E3F4AB11AF39EFEEAA2BA6FA4D8 | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-errorhandling-l1-1-0.dll | executable | |
MD5:D89D0FD140E470DBBB4E4BB4337F6DF7 | SHA256:4AEF6678D7B17314E064B97C54B25AEC7AB8F5CDFB426661CA8FD9BF1DB98203 | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-heap-l1-1-0.dll | executable | |
MD5:483FF5DFE47A187010B9247799EEB174 | SHA256:2AD76AE13FA4BD279F1779312BC2E62D048C9CBB6A528E65B968DFE7431DFEAE | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-datetime-l1-1-0.dll | executable | |
MD5:1A779B2C8632ACDA0076638AD4C253CA | SHA256:8BA21801189191F319BCB0848FCBE88012EB6D0F26CC78D85563BC36EB7050FB | |||
| 2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\_socket.pyd | executable | |
MD5:A7A2A5A17BFD12376E6AEDB5F531C21B | SHA256:F869311C8D4EB3B0CDEF30486EB37C679A35CF11AFA803CD5D9FD61265344810 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report