Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

cqu7x.exe

Status: finished
Submission Time: 2022-11-11 12:19:10 +01:00
Malicious
Trojan
Evader
Ursnif, SmokeLoader

Comments

Tags

Details

  • Analysis ID:
    743908
  • API (Web) ID:
    1111217
  • Analysis Started:
    2022-11-11 12:20:50 +01:00
  • Analysis Finished:
    2022-11-11 12:32:42 +01:00
  • MD5:
    e449924b8aa04fa2e032511cf86d2482
  • SHA1:
    bc9c00e0841a84fbc45d9ef36422eac3590b590f
  • SHA256:
    b9fd7622c3fcfdd6eb9b2cb917a3cb64eb35c61221de4866303ca88d828d5bed
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 15/37
malicious
Score: 24/26
malicious
malicious

IPs

IP Country Detection
80.76.42.141
 Russian Federation
37.140.192.158
 Russian Federation

Domains

Name IP Detection
kukaryka.ru
 80.76.42.141
dindunketagestan.ru
 37.140.192.158
telemetry.skype.com
 0.0.0.0

URLs

Name Detection
http://dindunketagestan.ru/
http://goalichkindomik.ru/
http://pali44unkis9.ru/
Click to see the 4 hidden entries
http://klenoviycdesss.ru/
http://www.autoitscript.com/autoit3/J
http://telemetry.skype.com/drew/
http://kukaryka.ru/iTunesHelper.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\3196.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\loader_250246_15072022_2203_31102022.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\vcivdjd
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\vcivdjd:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3196.exe.log
 ASCII text, with CRLF line terminators
 #