top title background image
flash

gameover_0.0.0.25.exe

Status: finished
Submission Time: 2020-07-19 20:16:50 +02:00
Malicious
Phishing
Trojan
Evader

Comments

Tags

  • gameover
  • ZeuS

Details

  • Analysis ID:
    247074
  • API (Web) ID:
    389801
  • Analysis Started:
    2020-07-19 20:22:42 +02:00
  • Analysis Finished:
    2020-07-19 20:34:29 +02:00
  • MD5:
    1ff16fcdac91d20bfb6fa1c54d4a48dd
  • SHA1:
    2a981a2855dd651837ad4c9296dc31da9de17bd1
  • SHA256:
    07f21e8acc3843aa44347b928c180902577a40850a8c671065920cb81ea8beb3
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 52/67
malicious
Score: 25/39
malicious
Score: 26/29
malicious

IPs

IP Country Detection
0.0.0.25
unknown
104.108.49.57
United States
104.108.35.215
United States

URLs

Name Detection
http://www.goodfont.co.kr
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-semibold-italic-webfont.eot?
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meBoot.min.js
Click to see the 97 hidden entries
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-semibold-webfont.eot?
https://s.yimg.com/lo/api/res/1.2/VDiJ3sgxtBN_DlN7ef9aNw--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
https://www.heise.de/icons/ho/heise_online_lupe.png
https://site-cdn.onenote.net/161311631557_Images/LiveTileImages/Small/Image1.png
http://fontfabrik.com
https://site-cdn.onenote.net/161311631557_Images/LiveTileImages/MediumAndLarge/Image1.png
http://www.typography.netD
https://www.heise.de/avw-bin/ivw/CP/barfoo/ho/4206427/0.gif?d=1865586839Sv
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meCore.min.js
https://cvision.media.net/new/300x300/3/152/90/102/3c7651d5-23ee-4b11-833e-c2006603cf5d.jpg?v=9
https://pf.directory.live.com/profile/profile.asmxes
https://oneclient.sfx.ms/Win/Prod/18.192.0920.0015/OneDriveSetup.exe
http://www.tiro.com
https://ad.yieldlab.net/yp/66430
https://xsts.auth.xboxlive.com
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-bold-webfont.eot?
https://site-cdn.onenote.net/161311631557_Images/LiveTileImages/Wide/Image1.png
http://www.founder.com.cn/cn/bThe
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-italic-webfont.eot?
https://login.windows.net
https://xsts.auth.xboxlive.com/
https://script.ioam.de/iam.js?m=1
https://1.f.ix.de/imgs/02/2/5/3/0/4/5/8/Comarch-4fddbfcafe05fdde.jpg
http://images.outbrainimg.com/transform/v3/eyJpdSI6IjU3OWU5MDA1OGI1M2EzYmU2MzQ4OGNlOWNmZTNhYzZhMzkyN
https://www.heise.de/assets/heise/add-device-to-html/js/add-device-to-html.js?a5f6e986c8c5a5404904
https://gzhls.at/i/44/56/1804456-s0.jpg
https://www.googletagservices.com/tag/js/gpt.js
https://www.heise.de/assets/akwa/v12/css/akwa.css?2e1b445264a4c552d85e
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1=95nw
https://28f09a9a31a7b6e49a64ccf9175dcf92.clo.footprintdns.com/apc/trans.gif?36de10f40b7630572e496c28
https://substrate.office.com/search/api/v2/resources
http://images.outbrainimg.com/transform/v3/eyJpdSI6IjM1MzQzYjhmY2RiYmVmZTdkMGM2M2IwMWMyZjhhOGFhMmRkZ
https://site-cdn.onenote.net/161111931555_Images/LiveTileImages/MediumAndLarge/Image3.png
https://gzhls.at/i/52/81/1685281-s0.jpg
http://www.apache.org/licenses/LICENSE-2.0
https://ow1.res.office365.com/apc/trans.gif?ab883dc0791716ffc6417fbff491e867
https://static.chartbeat.com/js/chartbeat_mab.js
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-bold-italic-webfont.eot?
http://www.sakkal.com
https://oneclient.sfx.ms/Win/Prod/18.212.1021.0008/update10.xml?OneDriveUpdate=b91e8627eb3cb64b1a907
https://1.f.ix.de/heisejobs/icons/jobs_logo.png
http://www.sandoll.co.kr
http://www.fonts.com
https://ow1.res.office365.com/apc/trans.gif?44c9495a6a5b3b1a831fe38b8e6d9551
http://www.%s.comPA
https://contextual.media.net/nrrV36594.js
https://site-cdn.onenote.net/161111931555_Images/LiveTileImages/Wide/Image3.png
http://www.sajatypeworks.com
http://www.zhongyicts.com.cn
https://www.heise.de/assets/akwa/v12/css/akwa.css?2e1b445264a4c552d85ee
https://ow1.res.office365.com/apc/trans.gif?0c9aa04cd4189be02a6814bd263c9761
https://securepubads.g.doubleclick.net/gpt/pubads_impl_275.js
http://www.msn.com/?ocid=iehp
https://maps.windows.com/windows-app-web-link
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meCore.min.jsq
https://1.f.ix.de/imgs/02/1/8/1/5/2/2/3/TrendMicro_Webcast_HBSAd_300x600_pre-b38353e8c8c30790.jpg
https://www.heise.de/ivw-bin/ivw/CP/
https://contextual.media.net/mediamain.html?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&
http://www.founder.com.cn/cn/cThe
https://www.heise.de/assets/heise/hohomepage/css/hohomepage.css?01d3b8b15a86356e88d9
http://crl.pki.goog/GTS1O1.crl0
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-light-webfont.eot?
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-regular-webfont.eot?
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=19
https://www.heise.de/assets/akwa/v12/js/akwa.js?cb93c9c59739ab662325
https://login.windows.net/(
https://ow1.res.office365.com/apc/trans.gif?60b9babae36a1ead54874c2c5f7295ee
https://site-cdn.onenote.net/161111931555_Images/LiveTi
https://www.heise.de/avw-bin/ivw/CP/barfoo/ho/4206427/0.gif?d=1865586839
https://www.heise.de/icons/ho/heise_online_lupe.gif
https://tarifrechner.heise.de/widget.php?produkt=dsl
https://ow1.res.office365.com/apc/trans.gif?179bfc1bf014a80f707f49534d911219
http://www.carterandcone.coml
https://script.ioam.de/iam.js?m=1.
https://policies.yahoo.com/w3c/p3p.xml
https://site-cdn.onenote.net/161111931555_Images/LiveTileImages/Small/Image3.png
https://api.powerbi.com
http://crl.pki.goog/gsr2/gsr2.crl0?
https://aefd.nelreports.net/api/report?cat=bingrms
https://script.ioam.de/p3p.xml
https://ow1.res.office365.com/apc/trans.gif?8f13507f566234aa18900ee01200968a
https://logincdn.msauth.net/16.000/js/MeControl_tfp5xc9B9RRsZ_q18BJrBA2.js
https://dw8wjz3q0i4gj.cloudfront.net/apc/trans.gif?e52d8af823fb691d6070a8d08c122966
https://www.heise.de
http://images.outbrainimg.com/transform/v3/eyJpdSI6ImE3YzA4N2RhNmE3MjU3YmU0ZTQ3OTEwNjc1MTI0MDM0Yzc3N
https://gzhls.at/i/69/04/1756904-s0.jpg
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-regular-webfont.eot?T08
https://%s.xboxlive.com
http://schema.org/reminder
https://www.heise.de/fonts/source-sans-pro-subset/sourcesanspro-light-italic-webfont.eot?
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
https://pki.goog/repository/0
http://ocsp.pki.goog/gsr202
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
http://pki.goog/gsr2/GTS1O1.crt0
http://images.outbrainimg.com/transform/v3/eyJpdSI6IjBlZWEzYWU1NjM0NGRlMzU4ZTllZTRkZjQ1NTJjOThlODM5Y
http://ocsp.pki.goog/gts1o10

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Axyfaq\myeza.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_13_0.png
PNG image data, 306 x 306, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Roaming\Anywaq\ujwi.enc
data
#