Register Login

sloganpng

top title background image

30xuguwt.exe

Status: finished

Submission Time: 2019-09-11 20:08:16 +02:00

Malicious

Exploiter

Evader

Comments

Tags

Details

Analysis ID:
173081
API (Web) ID:
240623
Analysis Started:

2019-09-11 20:08:16 +02:00
Analysis Finished:

2019-09-11 20:14:15 +02:00
MD5:
619ea186a3496d153d3a197db93dcad8
SHA1:
a6a8bb5f0996cbb7d2c9bcccf5f60bdc4446f22f
SHA256:
3f14c50d8893d3e08f693c01f30ae5c7eeb39d05a220aca162dd053b0baf1006
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 72	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
192.168.11.119	unknown
192.168.5.128	unknown
192.168.11.114	unknown
Click to see the 4 hidden entries
169.254.112.55	Reserved
10.10.1.114	unknown
10.10.2.235	unknown
10.10.2.219	unknown

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_30xuguwt.exe_b96bcf3788d76fff18c12961d6ae8abd3245a92_dc074945_097f7e7c\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Windows\lsass.exe	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
C:\Windows\lsass.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6BFD.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Sep 12 03:09:51 2019, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FA8.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7268.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\benv0bbgg.txt	data	#