zeusaes_2.9.5.1.exe

Status: finished

Submission Time: 2020-07-19 20:44:50 +02:00

Malicious

Evader

Comments

Details

Analysis ID:
247181
API (Web) ID:
390010
Analysis Started:

2020-07-19 23:25:56 +02:00
Analysis Finished:

2020-07-19 23:32:41 +02:00
MD5:
1f0d255ad2996e3f4b5ea1202568ec67
SHA1:
6092541a5fc6941ae98acc64024ee7e9fbb96a57
SHA256:
afe57674c53de398de18be61175e7cf55447e9c57cd3b4c82b035a9d65ec86f3
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 56/71

Open Full Report

malicious

Score: 26/39

malicious

Score: 18/25

malicious

IPs

IP	Country	Detection
2.9.5.1	France

URLs

Name	Detection
http://www.google.ch/s/h
https://maps.windows.com/windows-app-web-linkr
https://www.google.ch/xjs/_/js/k=xjs.s.en_GB.0zbexSetmgk.O/ck=xjs.s.QBsohBG_1Fg.L.I11.O/am=AAAAgCUAs
Click to see the 72 hidden entries
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meCore.min.
http://www.google.ch/
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1
https://contextual.media.net/nrrV36594.jsf
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1yu1SPS
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://maps.windows.com/windows-app-web-lin
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&httphgUC:
https://logincdn.msauth.net/16.000/js/MeControl_tfp5xc9B9RRsZ_q18BJrBA2.jsC:
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1f
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1C:
https://oneclient.sfx.ms/Win/Prod/19.232.1124.0005/update1.xml?OneDriveUpdate=dc16c11b8916bce05ab4c1
https://cvision.media.net/new/300x300/2/165/191/129/7bab3851-c82b-4a6b-a3f4-0f55d5eb598e.jpg?v=9C:
https://www.google.ch/images/searchbox/desktop_searchbox_sprites302_hr.p
https://www.google.ch/favicon.icof
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1C:
https://cvision.media.net/new/300x300/2/165/191/129/7bab3851-c82b-4a6b-a3f4-0f55d5eb598e.jpg?v=9r
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meBoot.min.jsC:
http://limpopo911.in/html/?p=1
https://www.google.ch/?gws_rd=ssl
https://mem.gfx.ms/meversion?partner=retailstore2&market=en-us&uhf=1
http://www.msn.com/?ocid=iehpyu1SPS
https://www.google.ch/favicon.ic0gTC:
https://www.google.ch/xjs/_/js/k=xjs.s.en_GB.0zbexSetmgk.O/ck=xjs.s.QBsohBG_1Fg.L.I11.O/m=Fkg7bd
https://oneclient.sfx.ms/win/prod/19.232.1124.0005/update1.xml?onedriveupdate=dc16c11b8916bce05ab4c1
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meBoot.min.T
https://www.google.ch/?gws_rd=sslwwt
https://logincdn.msauth.net/16.000/js/MeControl_tfp5xc9B9RRsZ_q18BJrBA2.js~
https://www.google.ch/favicon.ic0
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meBoot.min.jsf
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
https://www.google.ch/?gws_rd=ss
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://logincdn.msauth.net/16.000/js/MeControl_tfp5xc9B9RRsZ_q18BJrBA2.js
https://cvision.media.net/new/300x300/2/165/191/129/7bab3851-c82b-4a6b-a3f4-0f55d5eb598e.jpg?v=9
https://www.google.ch/logos/doodles/2020/celebrating-nkosi-johnson-6753651837108279-l.pnh
https://mem.gfx.ms/meversion?partner=RetailStore2&market=en-us&uhf=1f
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&httph
https://contextual.media.net/mediamain.html?&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&
https://www.google.ch/images/searchbox/desktop_searchbox_sprites302_hr.png
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
http://www.google.ch/s/welcomeie11/welcomeie11
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meCore.min.js
https://cvision.media.net/new/300x300/3/152/90/102/3c7651d5-23ee-4b11-833e-c2006603cf5d.jpg?v=9
https://www.google.ch/logos/doodles/2020/celebrating-nkosi-johnson-6753651837108279-l.png
https://cvision.media.net/new/300x300/3/152/90/102/3c7651d5-23ee-4b11-833e-c2006603cf5d.jpg?
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&httpx
https://www.google.ch/images/nav_logo299.png
https://www.google.ch
https://contextual.media.net/nrrV36594.j8
https://contextual.media.net/nrrV36594.j8gUC:
https://www.google.ch/images/searchbox/desktop_searchbox_sprites302_hr.png~
https://www.google.ch/images/nav_logo299.pngj
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_333%2Cw_311%2Cc_fill%2Cg_faces:au
https://www.google.ch/images/nav_logo299.pngC:
https://logincdn.msauth.net/16.000/js/MeControl_tfp5xc9B9RRsZ_q18BJrBA2.X
http://www.google.ch/yu1SPS
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meCore.min.jsf
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meBoot.min.TgVC:
https://contextual.media.net/nrrV36594.jsC:
https://www.google.ch/?gws_rd=sslb
https://mem.gfx.ms/meversion?partner=retailstore2&market=en-us&uhf=1et?
https://contextual.media.net/nrrV36594.js
http://www.msn.com/de-ch/?ocid=i
https://www.google.ch/favicon.ico
http://www.msn.com/?ocid=iehp
https://www.google.ch/logos/doodles/2020/celebrating-nkosi-johnson-6753651837108279-l.pngC:
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1f
https://mem.gfx.ms/scripts/me/MeControl/10.20027.3/en-US/meBoot.min.js
https://maps.windows.com/windows-app-web-link
https://www.google.ch/favicon.icoC:
https://s.yimg.com/lo/api/res/1.2/VDiJ3sgxtBN_DlN7ef9aNw--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie	ASCII text, with no line terminators	#
C:\Users\user\Desktop\libnspr4.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

zeusaes_2.9.5.1.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

zeusaes_2.9.5.1.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

zeusaes_2.9.5.1.exe