Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

sqeCz4tgdW.exe

Status: finished
Submission Time: 2023-06-02 03:13:15 +02:00
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore
  • RAT

Details

  • Analysis ID:
    880361
  • API (Web) ID:
    1247342
  • Original Filename:
    0cea4eaf614191a2cf51abd70a672ed9.exe
  • Analysis Started:
    2023-06-02 03:16:15 +02:00
  • Analysis Finished:
    2023-06-02 03:25:25 +02:00
  • MD5:
    0cea4eaf614191a2cf51abd70a672ed9
  • SHA1:
    1f5259a6eeef5c641b324570f311bc8c86f32dc1
  • SHA256:
    597475447158dd0612e5584c51a515cabb3eac9bd01681836318614cda4878d0
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 65/71
malicious
Score: 36/37
malicious
malicious

IPs

IP Country Detection
3.131.147.49
 United States
3.129.187.220
 United States
3.22.15.135
 United States

Domains

Name IP Detection
4.tcp.ngrok.io
 3.129.187.220

URLs

Name Detection
4.tcp.ngrok.io

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
 International EBCDIC text, with no line terminators
 #
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
 ASCII text, with CRLF line terminators
 #