Register Login

sloganpng

top title background image

https://onedrive.live.com/download?cid=C7504FB3B5BB9FAD&resid=C7504FB3B5BB9FAD%2112789&authkey=AJlsykELbnUa_FM

Status: finished

Submission Time: 2020-03-31 06:34:02 +02:00

Malicious

Trojan

Evader

Nanocore

Comments

Tags

Details

Analysis ID:
219097
API (Web) ID:
335064
Analysis Started:

2020-03-31 06:34:02 +02:00
Analysis Finished:

2020-03-31 06:39:26 +02:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
91.193.75.103	Serbia
172.217.23.97	United States
185.125.205.78	United Kingdom

Domains

Name	IP	Detection
kenzeey.duckdns.org	91.193.75.103
googlehosted.l.googleusercontent.com	172.217.23.97
ken419.chickenkiller.com	185.125.205.78
Click to see the 4 hidden entries
onedrive.live.com	0.0.0.0
doc-10-9g-docs.googleusercontent.com	0.0.0.0
doc-0c-9c-docs.googleusercontent.com	0.0.0.0
np245a.db.files.1drv.com	0.0.0.0

URLs

Name	Detection
http://crl.microsoft
http://ocsp.pki.goog/gts1o10
https://doc-10-9g-docs.googleusercontent.com/docs/securesc/ko16s8pl5apm0uj9cdvuc6rto9dd1bc1/4Zs(n
Click to see the 12 hidden entries
http://www.w3.or
https://doc-0c-9c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b6nb7hud
http://pki.goog/gsr2/GTS1O1.crt0
https://doc-10-9g-docs.googleuse
https://doc-10-9g-docs.googleusercontent.com/docs/securesc/ko16s8pl5apm0uj9cdvuc6rto9dd1bc1/4
https://doc-10-9g-docs.googleusercontent.com/docs/securesc/ko16s8pl5apm0uj9cdvuc6rto9dd1bc1/4fqo9c0a
https://doc-10-9g-docs.googleusercontent.com/
http://crl.pki.goog/gsr2/gsr2.crl0?
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
https://doc-0c-9c-docs.googleusercontent.com/
http://crl.pki.goog/GTS1O1.crl0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\blodiges\snerpersko.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat	ISO-8859 text, with no line terminators	#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Temp\ifvedkwv.wwc\PDF scan_doc 098876.pdf.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmp9ECE.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\task.dat	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\~DFD85BAB9622D2A111.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFB29A6DC324C3FBE3.TMP	data	#
C:\Users\user\AppData\Local\Temp\zhrkpwwu.zz2\unarchiver.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\PDF scan_doc 098876.pdf.7z:Zone.Identifier	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\PDF scan_doc 098876.pdf.7z.ovrbdef.partial:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\PDF scan_doc 098876.pdf.7z.ovrbdef.partial	7-zip archive data, version 0.4	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\PDF%20scan_doc%20098876.pdf[1].7z	7-zip archive data, version 0.4	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{573AAD0E-7354-11EA-AADD-C25F135D3C65}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{573AAD0C-7354-11EA-AADD-C25F135D3C65}.dat	Microsoft Word Document	#