Register Login

sloganpng

top title background image

file.exe

Status: finished

Submission Time: 2023-06-06 17:07:11 +02:00

Malicious

Trojan

Exploiter

Evader

lgoogLoader

Comments

Tags

Details

Analysis ID:
882700
API (Web) ID:
1249677
Analysis Started:

2023-06-06 17:13:55 +02:00
Analysis Finished:

2023-06-06 17:22:01 +02:00
MD5:
daf761fb9aaa34a9c2120003694d88a3
SHA1:
47fd2695b6da26f6444799d442662b982d70f783
SHA256:
18d4850a10812f3b4d8631939d469b41c1d344a7fa9205acc31b265d0600291b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 40/71

malicious

Score: 17/37

malicious

IPs

IP	Country	Detection
5.42.94.169	Russian Federation

URLs

Name	Detection
http://5.42.94.169/customer/368
http://www.sysinternals.com
http://www.sysinternals.comopen/?ICONSHELLRUNASAboutUsage/raw/netonlyRunAsInvoker__COMPAT_LAYERcmd
Click to see the 4 hidden entries
http://109.206.241.33/files/Hadi.config.CfgEncFileMZ
http://5.42.94.169
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.sysinternals.com0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\?????.sys	PE32+ executable (DLL) (native) x86-64, for MS Windows	#