Register Login

sloganpng

top title background image

1cineva.exe

Status: finished

Submission Time: 2019-09-21 04:34:59 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
176441
API (Web) ID:
249605
Analysis Started:

2019-09-21 04:34:59 +02:00
Analysis Finished:

2019-09-21 04:40:23 +02:00
MD5:
d9e5d4ac6863056313625f7f7def8aa1
SHA1:
3bf2e8591c0a37e229174b8eb1f6ddb62b5a8db3
SHA256:
795d52c0b53be238c65fd324ee366dc845d56f674d12736161383665db61c7bf
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
15.1.150.231	United States
129.204.91.161	China
129.204.73.60	China
Click to see the 5 hidden entries
16.101.169.207	United States
10.40.194.73	unknown
15.196.4.98	United States
192.100.100.146	United States
68.82.31.125	United States

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1cineva.exe_803f8068ba49f90fb35b9933e3b4b26579c6623_d7f6528e_0bfd7dae\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Windows\lsass.exe	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
C:\Windows\lsass.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DDF.tmp.dmp	Mini DuMP crash report, 14 streams, Sat Sep 21 11:36:24 2019, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER713B.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER738E.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Jzeeidgdwo.txt	data	#