Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Quotation.exe

Status: finished
Submission Time: 2023-03-20 14:46:25 +01:00
Malicious
Trojan
Evader
Ransomware
Spyware
GuLoader, FormBook

Comments

Tags

  • exe
  • guloader

Details

  • Analysis ID:
    830618
  • API (Web) ID:
    1197721
  • Analysis Started:
    2023-03-20 14:46:25 +01:00
  • Analysis Finished:
    2023-03-20 15:14:58 +01:00
  • MD5:
    8a81948116d2ea79bee1d261733dba89
  • SHA1:
    5cf4113debe6d37bd770d8d3870647b8bac082a3
  • SHA256:
    5a64a3fd65f7176b7ad623893e3cb573af13eb51850f8243a1951884eee757a9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 68
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301

Third Party Analysis Engines

Open Full Report
malicious
Score: 13/69
malicious
Score: 10/39

IPs

IP Country Detection
91.184.0.24
 Netherlands
45.194.145.38
 Seychelles
199.192.26.35
 United States
Click to see the 12 hidden entries
217.160.0.217
 Germany
154.215.156.6
 Seychelles
34.117.168.233
 United States
81.17.18.196
 Switzerland
23.83.160.9
 United States
208.91.197.91
 Virgin Islands (BRITISH)
81.17.29.148
 Switzerland
88.212.206.251
 Russian Federation
2.57.90.16
 Lithuania
172.67.212.220
 United States
198.58.118.167
 United States
162.240.73.101
 United States

Domains

Name IP Detection
www.texasgent.com
 81.17.29.148
www.ghostdyes.net
 0.0.0.0
www.finelinetackdirect.com
 0.0.0.0
Click to see the 18 hidden entries
www.eta-trader.net
 0.0.0.0
www.184411.com
 0.0.0.0
www.flaviosilva.online
 0.0.0.0
www.brightfms.com
 81.17.18.196
www.interactive-media.ru
 88.212.206.251
flaviosilva.online
 2.57.90.16
www.maxhaidt.com
 172.67.212.220
www.buymyenergy.com
 45.194.145.38
www.dexmart.xyz
 199.192.26.35
www.b-tek.media
 91.184.0.24
www.aznqmd.com
 23.83.160.9
www.funvacayflorida.com
 208.91.197.91
www.solya-shop.com
 217.160.0.217
bb.zhanghonghong.com
 154.215.156.6
eta-trader.net
 2.57.90.16
td-ccm-168-233.wixdns.net
 34.117.168.233
www.cardinialethanol.com
 198.58.118.167
www.wittofitentertainment.com
 162.240.73.101

URLs

Name Detection
http://www.184411.com/d91r/
http://www.flaviosilva.online/d91r/
http://www.184411.com/d91r/?z4=QRVitphc0g1OIlGqribmuO+/vkIwz3nmW5e0zmbI+ptVqgaVXv4o34I8PAy9Ptw3AL0LuNtl4GkWhRdrmVn9ER/XiJFNsBOU8g==&6SE=F8zFuLn
Click to see the 97 hidden entries
http://www.maxhaidt.com/d91r/?z4=eODNz5pw0nGnv4SFyTaum/5/t7nqNWp+9hyyxvutUEIaFJ9+iSImfL8MjMj4uhwzobeFgf5ptQiqPWHvQt8dHyNKhUrdKKLp8Q==&6SE=F8zFuLn
http://www.funvacayflorida.com/d91r/
http://www.b-tek.media/d91r/
http://www.solya-shop.com/d91r/
http://www.dexmart.xyz/d91r/?z4=mny6VZKrhd/9NKVuKuT/s/SGWqKgSQU06gLLPmpyieItdUR08ut5ldoEEciwTOIy3aXJmehMaME22hMIN/PsdP4yT3Vly6kaHw==&6SE=F8zFuLn
http://www.ghostdyes.net/d91r/
http://www.dexmart.xyz/d91r/
http://www.ghostdyes.net/d91r/?z4=9I8nCmGbZhqNwxnuseOoBgVoo3mEoWGWlq2S/FO71IXVKobHlwQLLDq9ejz9WGKrhGOo7OtXutt8bUbRiDDVGcEjYwCLb2KUDQ==&6SE=F8zFuLn
http://www.texasgent.com/d91r/
http://www.interactive-media.ru/d91r/?z4=iC4EpsnjqAMsGvgWFbn+fContgVXGATBB72AUlNsZB8RnX0iaYC7Rjz9cHXMA4a3u8hdEGRv958fgJWC172SOiEaLo/g5aJ7NA==&6SE=F8zFuLn
http://www.cardinialethanol.com/d91r/
http://www.cactus-market.ru
http://nsis.sf.net/NSIS_Error
http://www.funvacayflorida.com/d91r/6SE=F8zFuLn
http://www.brightfms.com/d91r/6SE=F8zFuLn
http://www.brightfms.com
https://solya-shop.com/d91r/?z4=7PV8upFW6FVa3k/MU
http://www.decoraptor.store/d91r/_w7xz=bR5Glu
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
https://www.webnames.ru/ssl?utm_source=shopwindow&utm_medium=click&utm_campaign=shopwindow_ssl2&wn_c
https://outlook.com
http://www.symauth.com/cps0(
https://www.wittofitentertainment.com/kGQffjENy187.binR
http://www.b-tek.mediawww.dexmart.xyz
http://www.ghostdyes.net
http://nsis.sf.net/NSIS_ErrorError
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://www.wittofitentertainment.com/kGQffjENy187.binZ
https://www.webnames.ru/ssl?utm_source=shopwindow&utm_medium=click&utm_campaign=shopwindow_ssl_banne
http://www.solya-shop.com/d91r/6SE=F8zFuLn
https://support.google.com/chrome/?p=plugin_flash
http://www.dexmart.xyz/d91r/6SE=F8zFuLn
http://www.aznqmd.com
http://23.83.160.2:88/tz.php?ref=
http://www.cardinialethanol.com
http://www.buymyenergy.com
http://www.maxhaidt.com/d91r/6SE=F8zFuLn
https://www.webnames.ru/help/feedback?utm_source=shopwindow&utm_medium=click&utm_campaign=shopwindow
https://wns.windows.com/cc6424a
http://browsehappy.com/
http://www.symauth.com/rpa00
http://www.julesgifts.co.uk
https://www.wittofitentertainment.com/kGQffjENy187.bin0
http://www.flaviosilva.onlinewww.solya-shop.com
http://www.buymyenergy.com/d91r/6SE=F8zFuLn
http://www.buymyenergy.comwww.184411.com
https://www.msn.com/en-us/money/other/7-common-travel-mistakes-every-rv-owner-has-made/ss-AAOGa8l
http://www.flaviosilva.online
http://www.texasgent.com/d91r/6SE=F8zFuLn
https://api.msn.com/?Im
http://www.nero.com
https://android.notify.windows.com/iOS
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
http://www.texasgent.com/d91r/?6SE=F8zFuLn&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJK
https://www.webnames.ru/help/faq?utm_source=shopwindow&utm_medium=click&utm_campaign=shopwindow_faq&
http://www.rt66omm.com
http://www.julesgifts.co.ukwww.aznqmd.com
http://www.gopher.ftp://ftp.
https://android.notify.windows.com/iOSF
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
https://deff.nelreports.net/api/report?cat=msn
https://hm.baidu.com/hm.js?c5f848a241986c827a6aea67b151df57
http://schemas.microsoft.c
http://www.b-tek.media/d91r/6SE=F8zFuLn
http://www.eta-trader.net/d91r/6SE=F8zFuLn
http://www.decoraptor.store/d91r/
https://api.msn.com:443/v1/news/Feed/Windows?
http://www.interactive-media.ru/d91r/
http://www.cactus-market.ru/d91r/
http://www.brightfms.com/d91r/?6SE=F8zFuLn&ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJK
https://duckduckgo.com/ac/?q=
http://www.texasgent.comwww.brightfms.com
http://www.184411.com
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
https://duckduckgo.com/chrome_newtab
http://www.solya-shop.com
http://www.qx386.top
http://www.brightfms.comwww.eta-trader.net
http://www.aznqmd.com/d91r/6SE=F8zFuLn
http://trade.webnames.ru
http://www.eta-trader.netwww.funvacayflorida.com
http://www.finelinetackdirect.comwww.maxhaidt.com
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
https://word.office.com
http://www.solya-shop.comwww.buymyenergy.com
https://aka.ms/odirm3
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
https://www.webnames.ru/wn/img/logo-horizontal.svg
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
http://www.eta-trader.net
http://www.dexmart.xyzwww.finelinetackdirect.com
https://www.webnames.ru/domains/check?utm_source=shopwindow&utm_medium=click&utm_campaign=shopwindow
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://www.rt66omm.com/d91r/
http://www.julesgifts.co.uk/d91r/
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Delforliget\Melotragedy\Lindhardt\System.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Blegnbbetheden\Telegrammers.Non
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Cohesion\Quakily\Privileger.Fla
 ASCII text, with very long lines (55032), with no line terminators
 #
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Cohesion\Quakily\SolutionExplorerCLI.dll
 PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Cohesion\Quakily\System.Security.Cryptography.X509Certificates.dll
 PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Delforliget\Melotragedy\Lindhardt\libdatrie-1.dll
 PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Forureningsforebygget\Pegboard\libpkcs11-helper-1.dll
 PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Forureningsforebygget\Pegboard\maintenanceservice2.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Forureningsforebygget\Pegboard\percentile.dll
 PE32+ executable (DLL) (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\4995H5Jfc
 SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 5, database pages 59, cookie 0x4f, schema 4, UTF-8, version-valid-for 5
 #
C:\Users\user\AppData\Local\Temp\nsi3181.tmp\System.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #