top title background image
flash

file.exe

Status: finished
Submission Time: 2023-06-06 17:14:09 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
Remcos, zgRAT

Comments

Tags

  • NET
  • exe
  • MSIL
  • x64
  • zgRAT

Details

  • Analysis ID:
    882705
  • API (Web) ID:
    1249684
  • Analysis Started:
    2023-06-06 17:16:58 +02:00
  • Analysis Finished:
    2023-06-06 17:27:49 +02:00
  • MD5:
    58a91896eaf6efe03ffe6ebb7b731792
  • SHA1:
    e3ec7807b22e91e887dd1bc752c426041607216f
  • SHA256:
    dc984e3a8de291d49bab5940b8f8047d2a7d8f0dab4231342c36edcee9cbb92e
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 33/71
malicious
Score: 13/37

IPs

IP Country Detection
185.65.134.166
Sweden
45.128.234.54
United Kingdom
178.237.33.50
Netherlands

Domains

Name IP Detection
geoplugin.net
178.237.33.50

URLs

Name Detection
127.0.0.1
http://geoplugin.net/json.gp
http://geoplugin.net/json.gples8
Click to see the 7 hidden entries
http://geoplugin.net/json.gprol
http://geoplugin.net/json.gp1
http://geoplugin.net/json.gp2C9DCABD6423689A465F00D4F
http://geoplugin.net/json.gpf
http://geoplugin.net/json.gp/C
http://geoplugin.net/json.gpESS
http://geoplugin.net/j

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log
CSV text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\json[1].json
JSON data
#