Register Login

sloganpng

top title background image

James-20-2-2020AM.exe

Status: finished

Submission Time: 2020-03-20 16:13:46 +01:00

Malicious

Spyware

Evader

Lokibot

Comments

Tags

Details

Analysis ID:
216864
API (Web) ID:
330728
Analysis Started:

2020-03-20 16:13:47 +01:00
Analysis Finished:

2020-03-20 16:26:46 +01:00
MD5:
f227317ff39ea91ea49727365d483439
SHA1:
c6a3b56a1fd67ea3627a75e3d7864f58ebe64189
SHA256:
35cce3d0e7644488ca0d27f3e0b38e3405d1d4f102162e48849ea9681fc1e5c2
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 22/70

malicious

Score: 24/43

IPs

IP	Country	Detection
104.31.90.21	United States
104.31.91.21	United States

Domains

Name	IP	Detection
brokenservices.xyz	104.31.90.21

URLs

Name	Detection
http://brokenservices.xyz/James/fre.php
http://www.ibsensoftware.com/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\1CF93A\AA2F06.lck	very short file (no magic)	#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1002\4216a73197943a17d1161a6bdc4512b0_59407d34-c8c5-44df-a766-ba8a11cb1cb0	data	#