top title background image
flash

https://otochothue.com/ahead/20376640/20376640.zip

Status: finished
Submission Time: 2020-01-23 14:42:14 +01:00
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    202956
  • API (Web) ID:
    303575
  • Analysis Started:
    2020-01-23 14:45:03 +01:00
  • Analysis Finished:
    2020-01-23 14:54:01 +01:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 5/72
malicious

IPs

IP Country Detection
5.61.27.159
Iran (ISLAMIC Republic Of)
103.28.39.29
Viet Nam

Domains

Name IP Detection
alphaenergyeng.com
5.61.27.159
otochothue.com
103.28.39.29

URLs

Name Detection
http://alphaenergyeng.com/wp-content/uploads/2020/01/ahead/444444.png
http://www.ip-adress.com
http://www.hdtune.com
Click to see the 4 hidden entries
http://schemas.xmlsoap.org/soap/encoding/
http://alphaenergyeng.com/
http://alphaenergyeng.com/wp-content/uploads/2020/01/ahead/444444.png___User-Agent___Haskel
http://schemas.xmlsoap.org/soap/envelope/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\ColorPick.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Uuwxyyczoguc\jicrly.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{804C10F8-3E32-11EA-AADB-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{804C10FA-3E32-11EA-AADB-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\20376640.zip.yhy7usp.partial
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\20376640.zip.yhy7usp.partial:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\20376640.zip:Zone.Identifier
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\20376640[1].zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\45c1t0uy.5xe\JVC_49457.vbs
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\qy1i3bpk.zjn\unarchiver.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF044399C1DC6E6B4E.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF5E13C7E16B921547.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Uuwxyyczoguc\jicrly.dat
data
#