StZAEFSb2j.exe

Status: finished

Submission Time: 2022-11-03 12:26:19 +01:00

Malicious

Trojan

Spyware

Evader

RedLine

Comments

Details

Analysis ID:
736967
API (Web) ID:
1104299
Analysis Started:

2022-11-03 12:43:40 +01:00
Analysis Finished:

2022-11-03 12:53:09 +01:00
MD5:
c71616e2b7cedf9fc8e2ca6f6929abdf
SHA1:
896a4c41792c73db51074ccff5ef3f0577f510c5
SHA256:
4a9f8a3b847fa9d2e854d3a7235ddee8e4c093d04c3901f006d430be1060fae5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 14/54

malicious

Score: 14/41

malicious

IPs

IP	Country	Detection
50.115.174.192	United States
194.55.186.201	Germany

Domains

Name	IP	Detection
tgc8x.tk	50.115.174.192
api.ip.sb	0.0.0.0

URLs

Name	Detection
http://194.55.186.201:6008/
https://tgc8x.tk/tt/lamb.txt
194.55.186.201:6008
Click to see the 43 hidden entries
https://tgc8x.tk/tt/BLACKDEV.txt
https://api.ipify.orgcookies//settinString.Removeg
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
http://tempuri.org/Endpoint/SetEnvironmentResponse
http://tgc8x.tk
https://tgc8x.tkD8
http://194.55.186.201:6008
http://tempuri.org/Endpoint/GetUpdates
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
http://schemas.xmlsoap.org/ws/2004/08/addressing
http://194.55.186.201:
http://tempuri.org/Endpoint/SetEnvironment
http://tempuri.org/Endpoint/GetUpdatesResponse
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
http://tempuri.org/Endpoint/VerifyUpdate
http://tempuri.org/0
https://tgc8x.tk
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://schemas.xmlsoap.org/soap/actor/next
https://search.yahoo.com?fr=crmas_sfpf
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
http://tempuri.org/Endpoint/CheckConnectResponse
http://schemas.datacontract.org/2004/07/
http://tempuri.org/Endpoint/EnvironmentSettings
http://tempuri.org/t_
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
http://schemas.xmlsoap.org/soap/envelope/
https://ipinfo.io/ip%appdata%
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://schemas.xmlsoap.org/soap/envelope/D
http://tempuri.org/
http://tempuri.org/Endpoint/CheckConnect
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://ns.adobe.c/g
https://tgc8x.tk4
http://tempuri.org/Endpoint/VerifyUpdateResponse
http://tempuri.org/Endpoint/SetEnviron
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\StZAEFSb2j.exe.log	CSV text	#
C:\Users\user\AppData\Local\Temp\tmpC92.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpF80C.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Temp\tmpEBC.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpE8C.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpE406.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpE3D6.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpE3B6.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpE2D.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpDBF.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpD60.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpD30.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpCF62.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpCC2.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpC33.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpBF4.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpB95.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpA4F5.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpA487.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmp1951.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp1921.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp1920.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp18B2.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp18B1.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp1881.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log	ASCII text, with CRLF line terminators	#

StZAEFSb2j.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

StZAEFSb2j.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

StZAEFSb2j.exe