Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://www.mediafire.com/file/xuk5d6qwx9yx9bf/EXONE_2606202201.7z/file

Status: finished
Submission Time: 2020-06-29 12:51:29 +02:00
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    241982
  • API (Web) ID:
    379686
  • Analysis Started:
    2020-06-29 12:51:30 +02:00
  • Analysis Finished:
    2020-06-29 12:59:19 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
104.16.203.237
 United States
77.88.21.158
 Russian Federation
199.91.155.5
 United States

Domains

Name IP Detection
www.mediafire.com
 104.16.203.237
download2264.mediafire.com
 199.91.155.5
smtp.yandex.ru
 77.88.21.158
Click to see the 1 hidden entries
smtp.yandex.com
 0.0.0.0

URLs

Name Detection
https://CJitfB1Uzswh2q.org
http://yandex.ocsp-responder.com03
http://repository.certum.pl/ycasha2.cer0
Click to see the 23 hidden entries
https://www.mediafire.com/file/xuk5d6qwx9yx9bf/EXONE_2606202201.7z/fileND
http://www.certum.pl/CPS0
https://www.mediafire.com/file/xuk5d6qwx9yx9bf/EXONE_2606202201.7z/fileHD
http://crl.certum.pl/ca.crl0h
http://subca.ocsp-certum.com01
https://www.mediafire.com/file/xuk5d6qwx9yx9bf/EXONE_2606202201.7z/file
http://crls.yandex.net/certum/ycasha2.crl0-
http://repository.certum.pl/ca.cer09
http://subca.ocsp-certum.com0.
http://ocsp.sectigo.comED
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://smtp.yandex.com
https://www.mediafire.com/file/xuk5d6qwx9yx9bf/EXONE_2606202201.7z/fileID
http://ocsp.sectigo.comSk
http://ocsp.sectigo.com0)
https://www.certum.pl/CPS0
http://ocsp.sectigo.com
https://download2264.mediafire.com/emyw4xtvecig/xuk5d6qwx9yx9bf/EXONE
https://www.mediafire.com
http://yandex.crl.certum.pl/ycasha2.crl0q
http://crl.certum.pl/ctnca.crl0k
http://repository.certum.pl/ctnca.cer09
https://sectigo.com/CPS0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\InstallUtil.exe
 PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\amqrnpay.x1e\EXONE 2606202201.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\EXONE 2606202201.exe.log
 ASCII text, with CRLF line terminators
 #
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Temp\4b2znvou.fsa\unarchiver.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\i31cac4t.2z4\Chrome\Default\Cookies
 SQLite 3.x database, last written using SQLite version 3024000
 #
C:\Users\user\AppData\Roaming\i31cac4t.2z4\Firefox\Profiles\0i8ia8vs.default\cookies.sqlite
 SQLite 3.x database, user version 9, last written using SQLite version 3024000
 #
C:\Users\user\Desktop\cmdline.out
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\download\.wget-hsts
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\download\EXONE 2606202201.7z
 7-zip archive data, version 0.4
 #