Register Login

sloganpng

top title background image

SWIFT.exe

Status: finished

Submission Time: 2020-05-06 13:06:38 +02:00

Malicious

Trojan

Evader

Nanocore NetWire

Comments

Tags

Details

Analysis ID:
227912
API (Web) ID:
352277
Analysis Started:

2020-05-06 13:06:39 +02:00
Analysis Finished:

2020-05-06 13:20:54 +02:00
MD5:
474da0e5ecd6852df80589a6aa3d5cea
SHA1:
1099054c56801623831718508782e857edc19974
SHA256:
e810fd0f3a16ccc96f8fc3d69771a33698bc2faa38b3be2a258ee18fdedd8c17
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/72

malicious

Score: 37/48

malicious

IPs

IP	Country	Detection
185.140.53.158	Sweden
43.226.229.43	Hong Kong

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SWIFT.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\bob1.exe	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmp37A1.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
Click to see the 6 hidden entries
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat	data	#
C:\Users\user\AppData\Roaming\Install\Host.exe	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\catalog.dat	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\settings.bin	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\storage.dat	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\task.dat	ASCII text, with no line terminators	#