Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search
Register Login
sloganpng
flash

workalone.exe

Status: finished
Submission Time: 2022-11-30 00:06:05 +01:00
Malicious
Trojan
Spyware
Evader
RedLine

Comments

Tags

  • exe
  • RedLineStealer

Details

  • Analysis ID:
    756291
  • API (Web) ID:
    1123567
  • Analysis Started:
    2022-11-30 00:06:06 +01:00
  • Analysis Finished:
    2022-11-30 00:14:35 +01:00
  • MD5:
    68f42f485ece93306bef1e4084d3052e
  • SHA1:
    c63f1a56d12a0acbf5e9a354d8a66c6e17af2309
  • SHA256:
    5d526be000146cf9cf94f7ef6f4e86929d508e17ca483b03d4ecbd2d52e071c9
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious

IPs

IP Country Detection
85.208.136.178
 Germany

Domains

Name IP Detection
saleshor12.duckdns.org
 85.208.136.178
api.ip.sb
 0.0.0.0

URLs

Name Detection
saleshor12.duckdns.org:46539
http://saleshor12.duckdns.org:46539/
https://api.ipify.orgcookies//settinString.Removeg
Click to see the 40 hidden entries
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
http://tempuri.org/Endpoint/SetEnviron
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://tempuri.org/Endpoint/SetEnvironment
http://tempuri.org/Endpoint/SetEnvironmentResponse
http://tempuri.org/Endpoint/GetUpdates
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
http://schemas.xmlsoap.org/ws/2004/08/addressing
http://ns.adobe.c/g
http://tempuri.org/Endpoint/GetUpdatesResponse
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
http://tempuri.org/Endpoint/VerifyUpdate
http://tempuri.org/0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://schemas.xmlsoap.org/soap/actor/next
http://ns.ado/1
http://saleshor12.duckdns.org:
http://schemas.xmlsoap.org/soap/envelope/
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://ns.adobe.cobj
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
http://tempuri.org/Endpoint/CheckConnectResponse
http://schemas.datacontract.org/2004/07/
http://tempuri.org/Endpoint/EnvironmentSettings
http://tempuri.org/t_
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
http://tempuri.org/Endpoint/VerifyUpdateResponse
http://saleshor12.duckdns.org:46539
https://search.yahoo.com?fr=crmas_sfpf
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://schemas.xmlsoap.org/soap/envelope/D
http://saleshor12.duckdns.org
http://tempuri.org/
http://tempuri.org/Endpoint/CheckConnect
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://ipinfo.io/ip%appdata%

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\svchost\svchost.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\svchost\svchost.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\workalone.exe.log
 ASCII text, with CRLF line terminators
 #
Click to see the 26 hidden entries
C:\Users\user\AppData\Local\Temp\tmpA720.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpE939.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmpE6B7.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\Users\user\AppData\Local\Temp\tmpE08F.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmpB641.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\Users\user\AppData\Local\Temp\tmpB611.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\Users\user\AppData\Local\Temp\tmpAFBA.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmpA820.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpA81F.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpA7F0.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpA7C0.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpA790.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpA760.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmp93B7.tmp
 ASCII text, with very long lines (1024), with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmp8319.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\Users\user\AppData\Local\Temp\tmp82DA.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\Users\user\AppData\Local\Temp\tmp7EB6.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp6FE4.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp6FB4.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp4D74.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp4D35.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp4075.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp1B56.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp1B45.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\Users\user\AppData\Local\Temp\tmp10E8.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\Local\Temp\tmp10B8.tmp
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #