Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

sharks.exe

Status: finished
Submission Time: 2020-06-30 18:10:26 +02:00
Malicious
Spyware

Comments

Tags

Details

  • Analysis ID:
    242351
  • API (Web) ID:
    380421
  • Analysis Started:
    2020-06-30 18:13:58 +02:00
  • Analysis Finished:
    2020-06-30 18:22:52 +02:00
  • MD5:
    4d868d8f1290580434ff3e66b8731a37
  • SHA1:
    cd2b71f632ddd7397eb99a4fb880d3a079b66f4f
  • SHA256:
    4e7f1474285c9cbabdd5b2618f0b6881dc24471f13dd11c4603a2250fe5e4da9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 42/69
malicious
Score: 33/47
malicious

IPs

IP Country Detection
208.91.196.145
 Virgin Islands (BRITISH)
95.211.75.25
 Netherlands

Domains

Name IP Detection
dl.installiq.com
 95.211.75.25
9145.searchmagnified.com
 208.91.196.145
ww1.installiq.com
 0.0.0.0

URLs

Name Detection
http://dl.installiq.com/api/detectionrequest.aspxlle
http://dl.installiq.com/api/detectionrequest.aspx?keyid=1&shortname=sharks&langid=0x0409
http://dl.installiq.com/api/detectionrequest.aspx
Click to see the 44 hidden entries
http://dl.installiq.com/api/detectionrequest.aspx?keyid=1&shortname=sharks&langid=0x0409ttp://d
http://www.winimage.com/zLibDll
http://ff.search.yahoo.com/gossip?output=fxjson&command=
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ4dWB5kwFzbiI77KEW3r7owND5lLiRx6fhFP
http://download.freeze.com/lm/
http://dl.installiq.com/postback/V1/landing.aspx0
http://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_frz.2004.06.01.exe
https://installer.freeze.com/LogError.aspx2f80
http://www.winimage.com/zLibDll3.7.5
https://installer.freeze.com/LogError.aspx
http://ww1.in4
http://dl.devinstalliq.com/lm-dev/unittest/ycomp_setup_freeze_uber3.exe
https://installer.freeze.com/LogError.aspx8
http://search.yahoo.com/search?p=
http://ww1.installiq.com/h
http://dl.devinstalliq.com/lm-dev/unittest/SpySweeperSNRSetup_EN.exe
http://installer.freeze.com/testpost.asp
http://dl.devinstalliq.com/api/detectionrequest.aspxGetDefaultBrowserIdGetDefaultBrowserRegValueGetD
http://installer.freeze.com/testpost.asphttp://dl.installiq.com/postback/V1/landing.aspxSoftware
http://toolbar.yahoo.com0
http://search.yahoo.com/favicon.icoYahoo
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ
http://dl.devinstalliq.com/lm-dev/unittest/test.htmlhttp://dl.devinstalliq.com/lm-dev/unittest/Inter
http://policy.installiqlearnmore.com/privacypolicy.html
http://stats.norton.com/n/pSCC
http://dl.installiq.com/ping/installping.aspxs7
http://search.yahoo.com/favicon.ico
http://dl.installiq.c
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ4d
http://dl.installiq.com/ping/installping.aspx
http://ww1.installiq.com/?fp=H6P6Xg3KbpMYpZXy2xe75S%2BlIbyrjMT5lJ4
http://dl.devinstalliq.com/api/detectionrequest.aspx
http://ww1.ins
http://dl.installiq.com/ping/installping.aspxkeeplogP
http://dl.devinstalliq.com/lm-dev/unittest/test.html
http://www.symantec.com
http://download.freeze.com/lm/2
http://ww1.installiq.com/
http://cps.qalabs.symantec.com/teams/isp/symccishttp://liveupdate.symantecliveupdate.com/upgrade/NSS
http://download.freeze.com/lm//promofeed/text()/postbackurl/text()/silentpostback/text()/alternateth
http://dl.ins
http://dl.installiq.com/postback/V1/landing.aspx_76p
http://Vista.NoCookiesVista.GetCookieFailInternetGetCookie
http://dl.installiq.com/postback/V1/landing.aspx

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\cookies
 SQLite 3.x database, last written using SQLite version 3024000
 #
C:\Users\user\AppData\Local\Temp\cookies.sqlite
 SQLite 3.x database, user version 9, last written using SQLite version 3024000
 #
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\autorun.txt
 Microsoft Windows Autorun file, ASCII text, with CRLF line terminators
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\detectionrules.dat
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\sharks.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\stub.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\timings.txt
 ASCII text, with CR line terminators
 #
C:\Users\user\AppData\Local\Temp\pkg_10f1d2f80\wrapper.xml
 ASCII text, with CRLF line terminators
 #