Register Login

sloganpng

top title background image

9text.exe

Status: finished

Submission Time: 2019-09-11 20:09:51 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
173082
API (Web) ID:
240627
Analysis Started:

2019-09-11 20:10:47 +02:00
Analysis Finished:

2019-09-11 20:16:33 +02:00
MD5:
52560099cdf9bac0147e5446970efcb1
SHA1:
ba89d820e8f7e47b372ae2f93cbe443f165a7212
SHA256:
0a2913ca6bef724daee058c77fea89147dd9a187e0ad7ce5cc2f235339c17a0e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
10.170.143.69	unknown
10.135.41.154	unknown
10.174.129.34	unknown
Click to see the 4 hidden entries
192.168.123.101	unknown
192.168.1.101	unknown
16.83.199.174	United States
15.252.10.121	United States

URLs

Name	Detection
https://www.verivox.de/company/datenschutz/

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_9text.exe_cfd244855f48c3bb6dfafc67938f4af87721cf_5aeaeea3_0c820b8f\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Windows\lsass.exe	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
C:\Windows\lsass.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF836.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Sep 12 03:12:18 2019, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD19.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\ecuefbsbixy.txt	data	#