workalone.exe

Status: finished

Submission Time: 2022-11-30 00:06:05 +01:00

Malicious

Trojan

Spyware

Evader

RedLine

Comments

Details

Analysis ID:
756291
API (Web) ID:
1123567
Analysis Started:

2022-11-30 00:06:06 +01:00
Analysis Finished:

2022-11-30 00:14:35 +01:00
MD5:
68f42f485ece93306bef1e4084d3052e
SHA1:
c63f1a56d12a0acbf5e9a354d8a66c6e17af2309
SHA256:
5d526be000146cf9cf94f7ef6f4e86929d508e17ca483b03d4ecbd2d52e071c9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
85.208.136.178	Germany

Domains

Name	IP	Detection
saleshor12.duckdns.org	85.208.136.178
api.ip.sb	0.0.0.0

URLs

Name	Detection
saleshor12.duckdns.org:46539
http://saleshor12.duckdns.org:46539/
https://api.ipify.orgcookies//settinString.Removeg
Click to see the 40 hidden entries
http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
http://tempuri.org/Endpoint/SetEnviron
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://tempuri.org/Endpoint/SetEnvironment
http://tempuri.org/Endpoint/SetEnvironmentResponse
http://tempuri.org/Endpoint/GetUpdates
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
http://schemas.xmlsoap.org/ws/2004/08/addressing
http://ns.adobe.c/g
http://tempuri.org/Endpoint/GetUpdatesResponse
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
http://tempuri.org/Endpoint/VerifyUpdate
http://tempuri.org/0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://schemas.xmlsoap.org/soap/actor/next
http://ns.ado/1
http://saleshor12.duckdns.org:
http://schemas.xmlsoap.org/soap/envelope/
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://ns.adobe.cobj
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
http://tempuri.org/Endpoint/CheckConnectResponse
http://schemas.datacontract.org/2004/07/
http://tempuri.org/Endpoint/EnvironmentSettings
http://tempuri.org/t_
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
http://tempuri.org/Endpoint/VerifyUpdateResponse
http://saleshor12.duckdns.org:46539
https://search.yahoo.com?fr=crmas_sfpf
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://schemas.xmlsoap.org/soap/envelope/D
http://saleshor12.duckdns.org
http://tempuri.org/
http://tempuri.org/Endpoint/CheckConnect
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://ipinfo.io/ip%appdata%

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\svchost\svchost.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\svchost\svchost.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\workalone.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 26 hidden entries
C:\Users\user\AppData\Local\Temp\tmpA720.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpE939.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmpE6B7.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpE08F.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmpB641.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpB611.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpAFBA.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmpA820.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpA81F.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpA7F0.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpA7C0.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpA790.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpA760.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp93B7.tmp	ASCII text, with very long lines (1024), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp8319.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmp82DA.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmp7EB6.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp6FE4.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp6FB4.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp4D74.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp4D35.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp4075.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp1B56.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp1B45.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmp10E8.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp10B8.tmp	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4	#

workalone.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

workalone.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

workalone.exe