Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://66.150.49.7/

Status: finished
Submission Time: 2020-01-22 21:34:14 +01:00
Malicious
Ransomware
Evader

Comments

Tags

Details

  • Analysis ID:
    202798
  • API (Web) ID:
    303274
  • Analysis Started:
    2020-01-22 21:34:15 +01:00
  • Analysis Finished:
    2020-01-22 21:42:06 +01:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
8.8.8.8
 United States
66.150.49.7
 United States

URLs

Name Detection
http://ocsp.thawte.com0
http://www.cisco.com
http://www.cisco.com(
Click to see the 74 hidden entries
http://webfx.eae.net/dhtml/xmlextras/xmlextras.html
http://www.pandasoftware.com/Path
http://www.symauth.com/cps0(
http://arcavirasia.blob.core.windows.net
http://www.cisco.comZS
http://current.cvd.clamav.net/
http://pckeeper.kromtech.ne
http://www.symauth.com/rpa00
http://current.cvd.clamav.net/:
https://66.150.49.7/CACHE/sdesktop/install/empty.CHE/sdesktop/install/start.htmRoot
https://66.150.49.7/CACHE/sdesktop/hostscan/windows_i386/libcsd.dll
http://www.nytimes.com/
http://professional.avira-update.com
https://66.150.49.7/CACHE/sdesktop/install/start.htmRoot
http://crl.thawte.com/ThawteTimestampingCA.crl
https://66.150.49.7)
http://www.reddit.com/
https://66.150.49.7/CACHE/sdesktop/install/empty.SCOE
http://www.cisco.com_R
http://arcavireurope.blob.core.windows.net
https://d.symcb.cos
http://www.opswat.com/products/oesis-framework/oesis-monitor
https://66.150.49.7/CACHE/sdesktop/hostscan/windows_i386/manifest
https://66.150.49.7/CACHE/sdesktop/install/empty.htm
http://www.live.com/
https://d.s
http://www.wikipedia.com/
http://ts-aia.ws
http://download2.trustport.comvba
http://bitcast-r.v1.sjc1.bitgravity.com
https://66.150.49.7/CACHE/sdesktop/install/binaries/ocx.htm
http://www.pandasoftware.com/
http://www.cisco.com0
http://www.cisco.com%R-
http://www.youtube.com/
http://platis.updates.pandasoftware.com/
http://professional.nl.avira-update.net
http://updates.sunbelt-software.com
https://66.150.49.7/CACHE/sdesktop/install/empty.Root
http://securityupdates.avanquest.com
http://acs.pandasoftware.comTPScanSOFTWARE
http://www.amazon.com/
http://www.opswat.com/products/oesis-framework/update-verify
http://www.kaspersky.com/productupdatesurl=
http://www.cisco.comP
http://s1.symcb.
http://www.cisco.com0%
http://tit2004.updates.pandasoftware.com/
http://eus.avanquest.com
http://www.cisco.comH
http://pckeeper.zeobit.com
http://download.pckeeper.zeobit.com
https://66.150.49.7/
https://66.150.49.7
http://acs.pandasoftware.comAPVXDWIN.EXEDisplayVersion
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://www.cisco.com~S$
https://66.150.49.7/CACHE/sdesktop/install/start.htm
http://bitcast-in.bitgravity.com
https://66.150.49.7/CACHE/://66.150.49.7/CACHE/sdesktop/install/start.htm
http://www.cisco.comp
http://arcavirusa.blob.core.windows.net
http://acs.pandasoftware.com
https://66.150.49.7/CACHE/sdesktop/install/start.htm)
http://download.aec.cz
https://66.150.49.7).
http://download2.trustport.com
https://66.150.49.7/CA
http://bitcast-b.bitgravity.com
http://s1.symcb.co
https://d.symcb.co
https://66.150.49.7/Root
http://www.twitter.com/
http://ts-ocsp.ws.sym

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\PandaAS.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Impl_SoftwareProductLib.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Microsoft Corporation.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
Click to see the 85 hidden entries
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Microsoft Corporation.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\MicrosoftAV.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\MicrosoftAV.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\OESISCore.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\OESISCore.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\OPSWATAVCommon.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\OPSWATAVCommon.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Panda Software.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Panda Software.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\bin\ciscod.exe.gz
 Tue Apr 4 06:58:27 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\PandaAS.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\bin\ciscod.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll.gz
 Tue Apr 4 06:58:37 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libhostscan.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libhostscan.dll.gz
 Tue Apr 4 06:58:13 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libinspector.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libinspector.dll.gz
 Tue Apr 4 06:58:34 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Temp\cstub.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\tables.dat
 Zip archive data, at least v2.0 to extract
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Impl_FirewallLib.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\bin\cscan.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\bin\cscan.exe.gz
 Tue Apr 4 06:58:31 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\64bitProxy.exe
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\64bitProxy.exe.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\AEC_AV.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\AEC_AV.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\AVBridge.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Impl_SoftwareProductLib.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\AVBridge.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\AVManager.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\ClamAV.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\ClamAV.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\CoreUtils.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\CoreUtils.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\FWManager.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\FWManager.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Impl_AntivirusLib.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Impl_AntivirusLib.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\Impl_FirewallLib.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\AVManager.dll.gz
 Tue Apr 4 06:41:49 2017, from NTFS filesystem (NT)
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\portal[1].css
 ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\ocx[1].htm
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\mainv[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\logon[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\csco_logo[1].gif
 GIF image data, version 89a, 203 x 51
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\pkginit[1].js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\infobar[1].gif
 GIF image data, version 89a, 282 x 88
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\empty[1].htm
 HTML document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\headerBgGradient[1].gif
 GIF image data, version 89a, 2048 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\start[1].htm
 HTML document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\win[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\blank[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\gradient[1].gif
 GIF image data, version 89a, 2048 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\instweb[1].cab
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\logo[1].gif
 GIF image data, version 89a, 110 x 73
 #
C:\Users\user\AppData\Local\Temp\Cab5245\CSDWebInstaller.inf
 Windows setup INFormation, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\ICD1.tmp\CSDWebInstaller.inf
 data
 #
C:\Windows\Downloaded Program Files\SET6CD2.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\~DF43FD28B356D7D5AA.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF454E38565AFF85FF.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFF0FBF0AA42240494.TMP
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38AF9120-3DA2-11EA-AAE0-9CC1A2A860C6}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\doSilent.txt
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\libcsd.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\pinfo.dat
 Zip archive data, at least v2.0 to extract
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\pmap.dat
 Zip archive data, at least v2.0 to extract
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\scpt.dat
 Zip archive data, at least v2.0 to extract
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\lib\vmap.dat
 Zip archive data, at least v2.0 to extract
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\log\cscan.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\log\cstub.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Cisco\Cisco HostScan\log\libcsd.log
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30F42C61-3DA2-11EA-AAE0-9CC1A2A860C6}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30F42C63-3DA2-11EA-AAE0-9CC1A2A860C6}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\cstub[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\X92HABCB.htm
 HTML document, ASCII text, with CRLF, LF line terminators
 #