Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

myups.exe

Status: finished
Submission Time: 2020-06-17 17:12:49 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
Remcos

Comments

Tags

Details

  • Analysis ID:
    239294
  • API (Web) ID:
    374451
  • Analysis Started:
    2020-06-17 17:13:20 +02:00
  • Analysis Finished:
    2020-06-17 17:28:32 +02:00
  • MD5:
    6e8dd67c8e83616d6ff36a876d7a696a
  • SHA1:
    19cf4cba9d06732a16f9074fd53a50d63df0f2dc
  • SHA256:
    19302a63e0d092b8ad66be7af2ce3ecb7cf412cdda9ef7d9de312d86a4e69303
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 8/73

IPs

IP Country Detection
79.134.225.70
 Switzerland
79.134.225.107
 Switzerland
216.58.207.65
 United States

Domains

Name IP Detection
u864245.nerdpol.ovh
 79.134.225.70
u864243.nsupdate.info
 0.0.0.0
u864244.nsupdate.info
 79.134.225.70
Click to see the 4 hidden entries
googlehosted.l.googleusercontent.com
 216.58.207.65
u864246.nvpn.to
 79.134.225.107
doc-0s-b0-docs.googleusercontent.com
 0.0.0.0
u864243.northcentralus.cloudapp.azure.com
 0.0.0.0

Dropped files

Name File Type Hashes Detection
C:\Users\Public\cde.bat
 ASCII text, with CRLF line terminators
 #
C:\Users\Public\fodhelper.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\Public\propsys.dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Vfum\Vfumset.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows \System32\fodhelper.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\Public\Natso.bat
 ASCII text, with CRLF line terminators
 #
C:\Users\Public\Runex.bat
 ASCII text, with CRLF line terminators
 #
C:\Users\Public\x.bat
 ASCII text, with CRLF line terminators
 #
C:\Users\Public\x.vbs
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2tzdu3my.yko.ps1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mgboy0mo.wxt.psm1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Vfum\Vfum.hta
 HTML document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\merdpol\logs.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Documents\20200617\PowerShell_transcript.468325.6GKFxyjk.20200617171527.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Windows \System32\propsys.dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #