top title background image
flash

VASkmEQ4iU.exe

Status: finished
Submission Time: 2022-06-26 09:33:21 +02:00
Malicious
Trojan
Spyware
Evader
Record Stealer

Comments

Tags

  • exe
  • RecordBreaker

Details

  • Analysis ID:
    652389
  • API (Web) ID:
    1019893
  • Analysis Started:
    2022-06-26 09:34:58 +02:00
  • Analysis Finished:
    2022-06-26 09:42:52 +02:00
  • MD5:
    f9b340f49ab31913222c64d3eed70ed3
  • SHA1:
    4246faa6c02672009aaf44940ec9e1c9f3e72df9
  • SHA256:
    06cd1b17015926da3c902f7b67e130054e9170f355a1cdf1274ddc955f4152ee
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 20/41

IPs

IP Country Detection
185.62.56.113
Netherlands

URLs

Name Detection
http://185.62.56.113/
http://185.62.56.113/c5e0a800e57a53b399120e5a97b50daa
https://ac.ecosia.org/autocomplete?q=
Click to see the 10 hidden entries
https://duckduckgo.com/chrome_newtab
http://www.mozilla.com/en-US/blocklist/
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://mozilla.org0
http://www.sqlite.org/copyright.html.
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\5VjcxCywK8MY
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\9hGg93zL5D7e
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\C54bUZh6GqSm
SQLite 3.x database, last written using SQLite version 3032001
#
Click to see the 9 hidden entries
C:\Users\user\AppData\LocalLow\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\nssdbm3.dll
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\LocalLow\p7T157RypD9o
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#