Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Lg3gn9y1Cj.exe

Status: finished
Submission Time: 2022-08-05 09:00:16 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
CryptOne, BluStealer, StormKitty

Comments

Tags

  • exe
  • MassLogger

Details

  • Analysis ID:
    679096
  • API (Web) ID:
    1046601
  • Analysis Started:
    2022-08-05 09:07:53 +02:00
  • Analysis Finished:
    2022-08-05 09:20:24 +02:00
  • MD5:
    45061e4da841c2587d0890148705a142
  • SHA1:
    eb68218c1d70f3ba00f8190c8171ad1cfa2fb42a
  • SHA256:
    6731f235ff78e22e5a0f1503542926bb707a95251b8cbd22c56fbd7fc5a8cbbf
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 62/71
Open Full Report
malicious
Score: 9/35
malicious
Score: 26/26
malicious

IPs

IP Country Detection
51.81.194.202
 United States
104.18.114.97
 United States
142.250.145.82
 United States

Domains

Name IP Detection
zxq.net
 51.81.194.202
vccmd01.zxq.net
 51.81.194.202
vccmd03.googlecode.com
 0.0.0.0
Click to see the 6 hidden entries
vccmd01.t35.com
 0.0.0.0
vccmd01.googlecode.com
 0.0.0.0
vccmd02.googlecode.com
 0.0.0.0
icanhazip.com
 104.18.114.97
googlecode.l.googleusercontent.com
 142.250.145.82
64.89.4.0.in-addr.arpa
 0.0.0.0

URLs

Name Detection
https://zxq.net/what-happened-to-the-old-zxq-website/
https://zxq.net/cmsys.gif
https://zxq.net/write-for-us/
Click to see the 97 hidden entries
https://yoast.com/wordpress/plugins/seo/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
http://icanhazip.com4
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://zxq.net/news/business/
https://zxq.net/wp-content/uploads/2022/07/What-is-the-Best-Way-to-Learn-Golang-1200x747.png
https://zxq.net/wp-content/uploads/2022/03/follow-us-on-google-news-banner-black.png
https://zxq.net/wp-content/themes/smart-mag/css/icons/fonts/ts-icons.woff2?v2.2
https://zxq.net/#organization
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://zxq.net/what-is-the-best-way-to-learn-golang/
https://zxq.net/wp-content/uploads/2022/07/The-Future-of-Cryptocurrency-Is-it-Time-to-Get-Your-Crypt
https://zxq.net/wp-content/uploads/2022/07/Reasons-to-Hire-a-Truck-Accident-Attorney-01.jpeg
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
https://zxq.net/wp-content/uploads/2022/07/How-To--1200x714.png
https://zxq.net/wp-content/uploads/2022/07/Best-Mothers-Day-Gifts-of-2022-for-Every-Mom-01-150x84.jp
https://zxq.net/wp-content/uploads/2022/03/follow-us-on-google-news-banner-black-300x117.png
https://zxq.net/wp-includes/wlwmanifest.xml
https://zxq.net/news/entertainment/
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://zxq.net/what-happened-to-the-old-zxq-website/#webpage
https://dynamic.t
https://zxq.net/wp-content/uploads/2022/07/These-Are-The-Injured-You-May-Suffer-in-a-Bicycle-Acciden
https://zxq.net/what-happened-to-the-old-zxq-website/;
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
https://zxq.net/wp-json/wp/v2/pages/187
https://zxq.net/what-happened-to-the-old-zxq-website/n
https://zxq.net/wp-content/uploads/2022/07/Why-You-Should-Seek-An-Uber-Or-Lyft-Accident-Lawyer-01-30
https://zxq.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
https://zxq.net/wp-content/uploads/2022/07/How-To--768x457.png
https://zxq.net/wp-content/uploads/2022/07/Reasons-to-Hire-a-Truck-Accident-Attorney-01-150x84.jpeg
https://zxq.net/wp-content/uploads/2022/07/Online-Shopping-Tips-During-Covid-01.jpeg
https://zxq.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
https://zxq.net/wp-content/uploads/2022/07/How-To--150x89.png
https://zxq.net/wp-content/themes/smart-mag/style.css?ver=7.1.1
https://zxq.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fzxq.net%2Fwhat-happened-to-the-old-zxq-we
https://zxq.net/wp-content/uploads/2022/07/Best-Mothers-Day-Gifts-of-2022-for-Every-Mom-01-300x169.j
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://zxq.net/?p=187
https://zxq.net/news/
https://zxq.net/online-shopping-tips-during-covid/
https://zxq.net/xmlrpc.php?rsd
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
http://icanhazip.com/
https://zxq.net/wp-content/uploads/2022/07/Online-Shopping-Tips-During-Covid-01-1024x576.jpeg
https://zxq.net/what-happened-to-the-old-zxq-website/L
https://zxq.net/what-happened-to-the-old-zxq-website/ne
https://zxq.net/?s=
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
http://www.bingmapsportal.com
https://zxq.net/wp-json/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://zxq.net/wp-content/themes/smart-mag/js/jquery.sticky-sidebar.js?ver=7.1.1
https://zxq.net/news/technology/
http://icanhazip.com
https://zxq.net/wp-content/uploads/2022/07/Why-You-Should-Seek-An-Uber-Or-Lyft-Accident-Lawyer-01-76
https://zxq.net/#logo
https://zxq.net/the-future-of-cryptocurrency-is-it-time-to-get-your-crypto-license-in-europe/
https://zxq.net/about-us/
https://github.com/LimerBoy/StormKitty
https://zxq.net/wp-content/uploads/2022/02/ZXQ.png
https://zxq.net/wp-content/uploads/2022/07/Reasons-to-Hire-a-Truck-Accident-Attorney-01-768x432.jpeg
https://zxq.net/wp-content/uploads/2022/07/What-is-the-Best-Way-to-Learn-Golang-1024x637.png
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
https://zxq.net/wp-content/uploads/2022/07/What-is-the-Best-Way-to-Learn-Golang-450x280.png
https://zxq.net/these-are-the-injured-you-may-suffer-in-a-bicycle-accident/
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://zxq.net/what-happened-to-the-old-zxq-website/#breadcrumb
https://t0.tiles.ditu.live.com/tiles/gen
https://dev.ditu.live.com/REST/v1/Routes/
https://api.telegram.org/bot
https://zxq.net/privacy-policy/
https://zxq.net/wp-content/uploads/2022/02/ZXQ-FB.png
https://schema.org
http://vccmd03.googlecode.com/files/cmsys.gif
https://zxq.net/wp-content/uploads/2022/07/What-is-the-Best-Way-to-Learn-Golang-150x93.png
https://zxq.net/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106
https://zxq.net/wp-content/uploads/2022/07/Online-Shopping-Tips-During-Covid-01-150x84.jpeg
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/REST/v1/Locations
https://%s.xboxlive.com
https://zxq.net/wp-content/uploads/2022/07/Reasons-to-Hire-a-Truck-Accident-Attorney-01-300x169.jpeg
https://zxq.net/reasons-to-hire-a-truck-accident-attorney/
https://zxq.net/wp-content/uploads/2022/07/Why-You-Should-Seek-An-Uber-Or-Lyft-Accident-Lawyer-01-45
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://zxq.net/how-to-find-an-investor-for-your-business/
https://zxq.net/why-you-should-seek-an-uber-or-lyft-accident-lawyer/
https://zxq.net/wp-content/uploads/2022/07/How-To--1024x609.png
http://crl.ver)
https://zxq.net/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106
https://zxq.net/wp-content/uploads/2022/07/How-To-.png
https://dev.virtualearth.net/REST/v1/Routes/
https://zxq.net/wp-content/uploads/2022/07/What-is-the-Best-Way-to-Learn-Golang-768x478.png
https://zxq.net/wp-content/uploads/2022/07/What-is-the-Best-Way-to-Learn-Golang-300x187.png
https://zxq.net/wp-content/uploads/2022/07/Reasons-to-Hire-a-Truck-Accident-Attorney-01-450x253.jpeg
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
https://zxq.net/wp-content/uploads/2022/07/Best-Mothers-Day-Gifts-of-2022-for-Every-Mom-01-450x253.j

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\icsys.icn.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\System\svchost.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\System\spoolsv.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 17 hidden entries
C:\Windows\System\explorer.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\Desktop\lg3gn9y1cj.exe
PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\mrsys.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\stsys.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\~DF6E4F50B397B92863.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Temp\~DFC593752C91BD8E2F.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Temp\~DFD29C7DB29EE1E840.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
 Extensible storage engine DataBase, version 0x620, checksum 0x8be2707e, page size 16384, DirtyShutdown, Windows version 10.0
 #
C:\Users\user\AppData\Local\Temp\~DF5EF9070E9B8F5CB4.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Temp\~DF0ED405DEDEDD664C.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Temp\~DF01383C41703FF854.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Windows\Logs\waasmedic\waasmedic.20220805_070938_705.etl
 data
 #
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
 ASCII text, with no line terminators
 #
C:\Windows\System\cmsys.cmn
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\what-happened-to-the-old-zxq-website[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cmsys[1].htm
 HTML document, ASCII text, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
 ASCII text, with CRLF line terminators
 #