Register Login

sloganpng

top title background image

26text.exe

Status: finished

Submission Time: 2019-09-11 20:34:35 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
173089
API (Web) ID:
240645
Analysis Started:

2019-09-11 20:34:42 +02:00
Analysis Finished:

2019-09-11 20:40:45 +02:00
MD5:
76fbe2d31734cc11564bdce827087721
SHA1:
1c61712d08b2eee6109b964924839c423ec8a255
SHA256:
95dd4e369549b16d6e46da89c9274f812cfb0cb161ea2148ec15f444030bd375
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
131.96.123.17	United States
15.253.66.108	United States
16.126.107.179	United States
Click to see the 4 hidden entries
15.80.153.106	United States
15.72.142.70	United States
15.109.9.117	United States
15.237.16.47	United States

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_26text.exe_aecdf89d1d4d2a7cc08af36756a879e7d507dc4_0283b67f_04ae5afc\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Windows\lsass.exe	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
C:\Windows\lsass.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AEE.tmp.dmp	Mini DuMP crash report, 14 streams, Thu Sep 12 03:36:12 2019, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E4B.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER509D.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\2o6agohLUhn.txt	data	#