Register Login

sloganpng

top title background image

cotización_y_diseños_de_muestra.exe

Status: finished

Submission Time: 2023-03-20 17:27:19 +01:00

Malicious

Trojan

Spyware

Evader

AgentTesla, zgRAT

Comments

Tags

Details

Analysis ID:
830792
API (Web) ID:
1197884
Analysis Started:

2023-03-20 17:38:11 +01:00
Analysis Finished:

2023-03-20 17:52:23 +01:00
MD5:
38b3d465545a56ea977ba43dcda97b16
SHA1:
e8fc4cb22b0a7e6f24c762b9bd809c8f10a82a84
SHA256:
89b5371841e3eb63f290b60717e55ddfc8518803e14419d5c9ad3a6bf111c2c8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 43/69

malicious

Score: 19/38

malicious

IPs

IP	Country	Detection
208.91.198.143	United States
104.237.62.211	United States
208.91.199.225	United States
Click to see the 3 hidden entries
208.91.199.223	United States
208.91.199.224	United States
173.231.16.76	United States

Domains

Name	IP	Detection
168.98.4.0.in-addr.arpa	0.0.0.0
smtp.thanhphoung-vn.com	0.0.0.0
us2.smtp.mailhostbox.com	208.91.199.224
Click to see the 2 hidden entries
api4.ipify.org	173.231.16.76
api.ipify.org	0.0.0.0

URLs

Name	Detection
https://api.ipify.org/
https://api.ipify.org
https://www.newtonsoft.com/json
Click to see the 7 hidden entries
https://www.nuget.org/packages/Newtonsoft.Json.Bson
http://smtp.thanhphoung-vn.com
https://urn.to/r/sds_see
http://us2.smtp.mailhostbox.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://james.newtonking.com/projects/json
https://www.newtonsoft.com/jsonschema

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\cotizaci#U00f3n_y_dise#U00f1os_de_muestra.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Hxpqwdnjsynypvjkzfile.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\explorers.exe	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows	#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\explorers.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\KbWSe\KbWSe.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bvquv43.a01.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cjyp0nxw.d21.ps1	very short file (no magic)	#
C:\Users\user\AppData\Roaming\abrnjjcp.rfi\Chrome\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10	#
C:\Users\user\AppData\Roaming\nmntxz1a.dbl\Chrome\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10	#
C:\Users\user\AppData\Roaming\rv5jkkrr.wqv\Chrome\Default\Network\Cookies	SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10	#