Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

file.exe

Status: finished
Submission Time: 2023-02-07 19:54:39 +01:00
Malicious
Trojan
Evader
Tofsee

Comments

Tags

  • exe

Details

  • Analysis ID:
    800802
  • API (Web) ID:
    1168018
  • Analysis Started:
    2023-02-07 20:03:06 +01:00
  • Analysis Finished:
    2023-02-07 20:15:07 +01:00
  • MD5:
    546a040e4479958f7c6b862dead9a269
  • SHA1:
    69a99c8f2fbfc316140690be348d6b54d6c01d7d
  • SHA256:
    229d8701db31564e7eccab699121e96fe75d70896daa87323e9c59da3be74be0
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 24/70
malicious
Score: 17/39
malicious

IPs

IP Country Detection
176.124.192.220
 Russian Federation
104.47.54.36
 United States

Domains

Name IP Detection
svartalfheim.top
 176.124.192.220
microsoft-com.mail.protection.outlook.com
 104.47.54.36

URLs

Name Detection
jotunheim.name:443
svartalfheim.top:443
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Click to see the 36 hidden entries
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
https://dynamic.t
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://dev.virtualearth.net/mapcontrol/logging.ashx
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
https://activity.windows.com
http://www.bingmapsportal.com
https://dev.ditu.live.com/REST/v1/Locations
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
https://%s.dnet.xboxlive.com
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
https://dev.ditu.live.com/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://t0.tiles.ditu.live.com/tiles/gen
https://dev.virtualearth.net/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
https://%s.xboxlive.com
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/REST/v1/Locations
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\qbxctmyn.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\SysWOW64\htdzdeug\qbxctmyn.exe (copy)
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)
 XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
 #
Click to see the 13 hidden entries
C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml
 XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
 #
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl (copy)
 data
 #
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration_Temp.1.etl
 data
 #
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
 data
 #
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
 data
 #
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
 data
 #
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001 (copy)
 data
 #
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
 data
 #
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001 (copy)
 data
 #
C:\Windows\Logs\waasmedic\waasmedic.20230208_040427_786.etl
 data
 #
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20230208_040419_207.etl
 data
 #
\Device\ConDrv
 ASCII text, with CRLF line terminators
 #