FinalProject[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

FinalProject.zip
Size

154.5MB
MD5

eb7b1d88a69888b0ab040ad08ad8f6ac
SHA1

3fbf15002163da6144c207618f790ddbb1e90835
SHA256

c4bf2f8d61993d70afc39fc8bc41346b80e88df5b21bfd22034f1731478ddfc7
SHA512

dbf78cad7ff5cf1617d806e5f37cd60339cd4cd29361c5f037e195beba3cfdbdca60181141770d95bd270b533dc1a5b9f7f9c7f14b9daf2a1bf852307ff0ba94
SSDEEP

3145728:/2EEy82dzVQNJDTyCKlVwaSQCzFDLSbf3a6gJ0bZjA1EwE5QAElGT4l:Oj7HKzwxZDubzbt8Gu

Score

1^/10

Malware Config

Signatures

Files

FinalProject.zip
.zip
FinalProject/EmailEvents.csv
FinalProject/PowerShell_transcript.DESKTOP-VV0DMAI.EfY+FcVP.20240319125507.txt
.ps1
FinalProject/Redline.zip
.zip
Redline/AnalysisSession1/AnalysisSession1.mans
.xml
Redline/AnalysisSession1/Audits/Script.xml
.xml
Redline/AnalysisSession1/Audits/cookiehistory.urn_uuid_47c01a72-cb2d-4885-bbc5-99ace1199e4a.xml
.xml
Redline/AnalysisSession1/Audits/cookiehistory_issues.urn_uuid_47c01a72-cb2d-4885-bbc5-99ace1199e4a.xml
.xml
Redline/AnalysisSession1/Audits/filedownloadhistory.urn_uuid_6c40b1a1-17c9-4359-becd-875fb9aa0215.xml
.xml
Redline/AnalysisSession1/Audits/filedownloadhistory_issues.urn_uuid_6c40b1a1-17c9-4359-becd-875fb9aa0215.xml
.xml
Redline/AnalysisSession1/Audits/formhistory.urn_uuid_062a43da-c039-41a2-bb12-24bb28be9cd2.xml
.xml
Redline/AnalysisSession1/Audits/formhistory_issues.urn_uuid_062a43da-c039-41a2-bb12-24bb28be9cd2.xml
.xml
Redline/AnalysisSession1/Audits/manifest.json
Redline/AnalysisSession1/Audits/platform.xml
.xml
Redline/AnalysisSession1/Audits/urlhistory.urn_uuid_23bcb156-ea33-4c5d-8aa4-cc894c72b4fd.xml
.xml
Redline/AnalysisSession1/Audits/urlhistory_issues.urn_uuid_23bcb156-ea33-4c5d-8aa4-cc894c72b4fd.xml
.xml
Redline/AnalysisSession1/Audits/w32apifiles.urn_uuid_a9cae805-149f-4d4b-a198-4f41e13f7124.xml
.xml
Redline/AnalysisSession1/Audits/w32apifiles_issues.urn_uuid_a9cae805-149f-4d4b-a198-4f41e13f7124.xml
.xml
Redline/AnalysisSession1/Audits/w32disks.urn_uuid_26e7548e-6ef1-4dbc-bfb5-12e7558fa2b7.xml
.xml
Redline/AnalysisSession1/Audits/w32drivers-modulelist_issues.urn_uuid_18f728a0-c2df-4581-be4e-2db281b1e0b9.xml
.xml
Redline/AnalysisSession1/Audits/w32drivers-signature_issues.urn_uuid_67f76d4f-d7fc-4d29-8025-59341e0c54e5.xml
.xml
Redline/AnalysisSession1/Audits/w32eventlogs.urn_uuid_53ee7996-afa9-4271-93eb-642860f5e98a.xml
.xml
Redline/AnalysisSession1/Audits/w32eventlogs_issues.urn_uuid_53ee7996-afa9-4271-93eb-642860f5e98a.xml
.xml
Redline/AnalysisSession1/Audits/w32hivelist.urn_uuid_a79aaef9-671f-4f7b-b846-580d4c8172e6.xml
.xml
Redline/AnalysisSession1/Audits/w32kernel-hookdetection_issues.urn_uuid_8b9c0e0f-6a64-43ca-b90b-0c758d71b6f5.xml
.xml
Redline/AnalysisSession1/Audits/w32network-arp.urn_uuid_aa030e6c-da3e-4740-9057-3781cb6c16a7.xml
.xml
Redline/AnalysisSession1/Audits/w32network-dns.urn_uuid_ff3a12a5-471a-45b3-99fe-13ebe08947f3.xml
.xml
Redline/AnalysisSession1/Audits/w32network-route.urn_uuid_b78c9d1a-5a32-4f84-ba0e-51bc683ef638.xml
.xml
Redline/AnalysisSession1/Audits/w32ports.urn_uuid_d849cbab-e375-4d50-81c4-f463b01f59aa.xml
.xml
Redline/AnalysisSession1/Audits/w32prefetch.urn_uuid_6d543db3-f7bc-4d13-9201-e38e2c77633c.xml
.xml
Redline/AnalysisSession1/Audits/w32prefetch_issues.urn_uuid_6d543db3-f7bc-4d13-9201-e38e2c77633c.xml
.xml
Redline/AnalysisSession1/Audits/w32processes-API.urn_uuid_45a76d89-1bff-4584-b128-b4b82e065dcb.xml
.xml
Redline/AnalysisSession1/Audits/w32processes-API_issues.urn_uuid_45a76d89-1bff-4584-b128-b4b82e065dcb.xml
.xml
Redline/AnalysisSession1/Audits/w32processes-handle.urn_uuid_bd947457-35c4-4247-8f0a-49e662039bfa.xml
.xml
Redline/AnalysisSession1/Audits/w32processes-handle_issues.urn_uuid_bd947457-35c4-4247-8f0a-49e662039bfa.xml
.xml
Redline/AnalysisSession1/Audits/w32processes-memory_issues.urn_uuid_9d9c3d5c-f491-43cb-9bbb-877bde115807.xml
.xml
Redline/AnalysisSession1/Audits/w32registryapi.urn_uuid_cc5d7f51-0735-44d6-a69d-31b72fd71588.xml
.xml
FinalProject/Tools-Invoice.pdf.7z
.7z

Password: infected
Tools-Invoice.pdf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:36:c4:f4:39:d6:51:50:35:89:31:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-05-2022 19:07

Not After

03-05-2023 19:07

Subject

SERIALNUMBER=1005446-1,CN=REDWOOD MARKETING SOLUTIONS INC.,O=REDWOOD MARKETING SOLUTIONS INC.,STREET=4 Golf Woods Dr,L=Grimsby,ST=Ontario,C=CA,1.2.840.113549.1.9.1=#0c1d57696c6c69616d732e4140726564776f6f642d63616e6164612e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:25:81:4c:fc:71:6a:9b:03:e5:de:c0:8d:8a:1c:cc:3b:96:d7:97
Signer

Actual PE Digest

95:25:81:4c:fc:71:6a:9b:03:e5:de:c0:8d:8a:1c:cc:3b:96:d7:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.mvid
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FinalProject/packets_20240319_125359.pcap

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1d:36:c4:f4:39:d6:51:50:35:89:31:8fCertificate

Extended Key Usages

Key Usages

95:25:81:4c:fc:71:6a:9b:03:e5:de:c0:8d:8a:1c:cc:3b:96:d7:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.mvid Size: 512B - Virtual size: 16B

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 285KB - Virtual size: 284KB

.reloc Size: 512B - Virtual size: 12B

04:00:00:00:00:01:21:58:53:08:a2
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1d:36:c4:f4:39:d6:51:50:35:89:31:8f
Certificate

95:25:81:4c:fc:71:6a:9b:03:e5:de:c0:8d:8a:1c:cc:3b:96:d7:97
Signer

.mvid
Size: 512B - Virtual size: 16B

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 285KB - Virtual size: 284KB

.reloc
Size: 512B - Virtual size: 12B