Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

file.exe

Status: finished
Submission Time: 2023-02-07 19:37:35 +01:00
Malicious
Ransomware
Trojan
Spyware
Evader
Djvu, Fabookie, Raccoon Stealer v2, Smok

Comments

Tags

  • exe
  • RecordBreaker

Details

  • Analysis ID:
    800784
  • API (Web) ID:
    1168005
  • Analysis Started:
    2023-02-07 19:42:59 +01:00
  • Analysis Finished:
    2023-02-07 19:58:55 +01:00
  • MD5:
    17a74a0281cefb5d9c29022fbc79981a
  • SHA1:
    d88585c6c9488b6d28b71dd0659edb8649e32dca
  • SHA256:
    2814b2a02771e2d16ce2efb1586d8623b54b50d6e1c8dfa9ab2bbf54ab8b249d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 24/70
malicious
Score: 22/24
malicious
malicious

IPs

IP Country Detection
37.34.248.24
 Kuwait
190.219.54.242
 Panama
23.106.124.133
 Singapore
Click to see the 9 hidden entries
195.158.3.162
 Uzbekistan
158.69.96.67
 Canada
188.114.96.3
 European Union
77.73.134.27
 Kazakhstan
45.66.159.142
 Russian Federation
62.204.41.134
 United Kingdom
188.114.97.3
 European Union
162.0.217.254
 Canada
157.240.253.35
 United States

Domains

Name IP Detection
perficut.at
 195.158.3.162
potunulit.org
 188.114.96.3
flytourchip.com.br
 158.69.96.67
Click to see the 6 hidden entries
star-mini.c10r.facebook.com
 157.240.253.35
siaoheg.aappatey.com
 45.66.159.142
api.2ip.ua
 162.0.217.254
xv.yxzgamen.com
 188.114.97.3
iueg.aappatey.com
 45.66.159.142
www.facebook.com
 0.0.0.0

URLs

Name Detection
http://perficut.at/tmp/
http://newzelannd66.org/
http://bukubuka1.net/
Click to see the 73 hidden entries
http://77.73.134.27/llpb1133.exe
http://hujukui3.net/
https://xv.yxzgamen.com/logo.png
http://bulimu55t.net/
https://xv.yxzgamen.com/2701.html
http://bihsy.com/lancer/get.php
http://golilopaster.org/
http://novanosa5org.org/
https://flytourchip.com.br/systems/ChromeSetup.exe
http://soryytlic4.net/
http://potunulit.org/
http://siaoheg.aappatey.com/check/?sid=288019&key=8611a052d7ff506dc761df9a028c28efcfBb4E4
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://siaoheg.aappatey.com/check/?sid=287855&key=53966fc5c1f009ecd22e4b74973b5675
http://siaoheg.aappatey.com/check/?sid=287855&key=53966fc5c1f009ecd22e4b74973b5675?
http://62.204.41.134/ll
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://62.204.41.134/2bdc6e9a1ce82117657287e1bc36e6044
http://62.204.41.134/2bdc6e9a1ce82117657287e1bc36e604o
http://62.204.41.134/2bdc6e9a1ce82117657287e1bc36e604n
http://iueg.aappatey.com/check/safeT7-16b8-4
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/_tJ17sGyxOX.js?_nc_x=Ij3Wp8lg5Kz
https://api.2ip.ua/geo.json
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://siaoheg.aappatey.com/check/?sid=286587&key=075ea35c9751668450c9ec4c0067c0f6
https://static.xx.fbcdn.net/rsrc.php/v3/ym/l/0
http://siaoheg.aappatey.com/check/?sid=288019&key=8611a052d7ff506dc761df9a028c28efcohor
https://static.xx.fbcdn.net/rsrc.php/v3/ym/r/2Z9gzYPL3TW.js?_nc_x=Ij3Wp8lg5Kz
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com?fr=crmas_sfp
https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/qu9vi-bmWl3.js?_nc_x=Ij3Wp8lg5Kz
http://siaoheg.aappatey.com/check/?sid=287855&key=53966fc5c1f009ecd22e4b74973b5675c
https://static.xx.fbcdn.net/rsrc.php/v3/y0/l/0
http://iueg.aappatey.com/check/safe
https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yX/l/en_US/WYC6LbamQUd.js?_nc_x=Ij3Wp8lg5Kz
https://www.facebook.com/ads/manager/account_settings/account_billing
https://static.xx.fbcdn.net/rsrc.php/v3/y9/l/0
http://iueg.aapp
https://duckduckgo.com/chrome_newtab
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://iueg.aappatey.com:80/check/safe
https://search.yahoo.com?fr=crmas_sfpf
http://siaoheg.aappatey.com/check/?sid=288019&key=8611a052d7ff506dc761df9a028c28ef
http://www.openssl.org/support/faq.html
http://iueg.aappatey.com/check/safeXdkojlmpp
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
http://siaoheg.aappatey.com/r
https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/n9ktzHPknGx.js?_nc_x=Ij3Wp8lg5Kz
http://perficut.at/
http://siaoheg.aappatey.com/
http://siaoheg.aappatey.com:80/check/?sid=288019&key=8611a052d7ff506dc761df9a028c28ef
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fmanager%2Faccount_settings%2Faccount_billing
http://iueg.aappatey.com/check/safeB
https://static.xx.fbcdn.net/rsrc.php/v3/yW/l/0
https://messenger.com/
https://static.xx.fbcdn.net/rsrc.php/v3/ya/l/0
http://perw.facebook.cueg.aappatey.com/check/safe
http://62.204.41.134/_
http://iueg.aappatey.com/m
https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0
http://62.204.41.134/
https://static.xx.fbcdn.net/rsrc.php/v3/yM/r/4x04rJtLVMo.js?_nc_x=Ij3Wp8lg5Kz
https://duckduckgo.com/ac/?q=
http://siaoheg.aappatey.com/check/?sid=287855&key=53966fc5c1f009ecd22e4b74973b5675preseMu
https://static.xx.fbcdn.net/rsrc.php/v3/yG/l/0
http://62.204.41.134/2bdc6e9a1ce82117657287e1bc36e604
https://static.xx.fbcdn.net/rsrc.php/v3/yb/r/mkZZ0EnRB0x.js?_nc_x=Ij3Wp8lg5Kz
http://iueg.aappatey.com/check/safei
http://siaoheg.aappatey.com/K
http://www.autoitscript.com/autoit3/J
https://static.xx.fbcdn.net/rsrc.php/v3/yY/r/ue_OWlkLDZP.js?_nc_x=Ij3Wp8lg5Kz
https://static.xx.fbcdn.net/rsrc.php/v3/yE/l/0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\softokn3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\D8D3.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\A33B.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 32 hidden entries
C:\Users\user\AppData\Local\Temp\98D7.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\4113.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\3046.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\12C0.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\E4.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\ECFB.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\09cc62dd-ff65-4927-b82d-d455eaaeb9f0\3046.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\FB61.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\LocalLow\sqlite3.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\LocalLow\nss3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\XandETC.exe
 PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\LocalLow\mozglue.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\LocalLow\freebl3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\db.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\llpb1133.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\pliu.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\jhevwvt
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\sievwvt
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\sievwvt:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
 JSON data
 #
C:\Users\user\AppData\Local\Temp\db.dat
 data
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ECFB.exe_c28f7e147f7233fac35d68c9fdcbff1142cbb9f3_c36f58af_10581eb1\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\A33B.exe.log
 CSV text
 #
C:\Users\user\AppData\LocalLow\vcruntime140.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\LocalLow\msvcp140.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\LocalLow\cdE656z8QTF7
 SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
 #
C:\Users\user\AppData\LocalLow\432zCWSnwm1N
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\LocalLow\2KyP65ecp6T3
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
 #
C:\Users\user\AppData\LocalLow\10PkIt2V82WR
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER545E.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5392.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5036.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed Feb 8 03:45:20 2023, 0x1205a4 type
 #