chthonic_2.23.17.10.exe

Status: finished

Submission Time: 2020-07-19 21:41:45 +02:00

Malicious

Phishing

Trojan

Spyware

Evader

Comments

Details

Analysis ID:
247446
API (Web) ID:
390479
Analysis Started:

2020-07-20 06:24:49 +02:00
Analysis Finished:

2020-07-20 06:39:01 +02:00
MD5:
73613b116ebb614b2964038b3f937db0
SHA1:
7872e57d9e89fb65f22f51d93a5ac3ca39fc30da
SHA256:
b39a13030095984b1a1a5584c8aa7d974a40aa631ef5b27ab933cc5d40799deb
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 56/72

Open Full Report

malicious

Score: 12/37

malicious

Score: 28/31

malicious

IPs

IP	Country	Detection
89.18.27.167	Romania
23.94.60.240	United States
139.59.23.241	Singapore
Click to see the 10 hidden entries
188.165.200.156	France
185.121.170.176	Croatia (LOCAL Name: Hrvatska)
34.240.147.125	United States
130.255.78.223	Germany
82.196.9.45	Netherlands
130.255.73.90	Germany
195.154.226.249	France
163.53.248.170	Australia
2.23.17.10	European Union
88.99.66.31	Germany

Domains

Name	IP	Detection
afroamericanec.bit	0.0.0.0
iplogger.org	88.99.66.31

URLs

Name	Detection
http://cert.int-x3.letsencrypt.org/0
http://cps.root-x1.letsencrypt.org0
http://www.actualsolution.com/register/
Click to see the 17 hidden entries
http://www.actualsolution.com
https://iplogger.org/1nBrN6
http://www.actualsolution.com/download/?app=1&os=%u
http://www.actualsolution.com/support/
http://ocsp.int-x3.letsencrypt.org0/
http://afroamericanec.bit/en/
http://www.actualsolution.com/download/
http://www.actualsolution.com/register/OrderURLHomeURLhttp://www.actualsolution.comclrFaceclrOSDTxtc
http://atomary.bit/en/
http://www.actualsolution.comURLUpdateInfohttp://www.actualsolution.com/download/HelpLinkhttp://www.
http://www.actualsolution.com/registerrus.htm
http://cps.letsencrypt.org0
http://www.actualsolution.com/register/HomeURL
http://www.actualsolution.com/download/?app=1&os=%uDo
http://www.actualsolution.com/
http://www.actualsolution.com/download/?app=1&os=
https://shopper.mycommerce.com/checkout/cart/add/11740-1?affiliate_id=

Dropped files

Name	File Type	Hashes
C:\ProgramData\MixerMood\logs.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\MixerMood\Mixer.exe	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive	#
C:\ProgramData\ActualSoftware\update.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Roaming\LNew\LNew.com	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\pwmixer.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\srvhelp.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Power Mixer.Gadget\en-US\pwmixer.html	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Power Mixer.Gadget\images\background.png	PNG image data, 128 x 20, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Power Mixer.Gadget\en-US\gadget.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\MixerMood\informer.vbs	ASCII text, with CRLF line terminators	#
C:\ProgramData\ActualSoftware\logs.bat	ASCII text, with no line terminators	#
C:\ProgramData\ActualSoftware\cert.vbs	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\wheel.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\srvman.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\srvman.dat	data	#
C:\Program Files (x86)\Power Mixer\srvman.cfg	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\srvhelp.dat	data	#
C:\Program Files (x86)\Power Mixer\readme.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\pwmixer.ocx	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\pwmixer.dat	data	#
C:\Program Files (x86)\Power Mixer\pmocx.dat	data	#
C:\Program Files (x86)\Power Mixer\minimix.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\minimix.dat	data	#
C:\Program Files (x86)\Power Mixer\license.txt	ASCII text, with very long lines, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\history.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\help.chm	MS Windows HtmlHelp Data	#
C:\Users\user\AppData\Local\Temp\nsi3232.tmp\GetVersion.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Uninstall Power Mixer.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 20 12:25:47 2020, mtime=Mon Jul 20 12:25:47 2020, atime=Mon Jul 20 12:25:47 2020, length (…)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Tools\Audio Taper Editor.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 20 12:25:46 2020, mtime=Mon Jul 20 12:25:46 2020, atime=Mon Jul 20 12:25:46 2020, length (…)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Power Mixer.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Jul 20 12:25:45 2020, mtime=Mon Jul 20 12:25:45 2020, atime=Mon Jul 20 12:25:45 2020, length (…)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Power Mixer Help.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu May 3 19:00:00 2018, mtime=Mon Jul 20 12:25:45 2020, atime=Thu May 3 19:00:00 2018, length (…)	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Online Registration.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Mini Mixer.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Mixer\Home Page.lnk	MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	#
C:\Users\user\AppData\Local\Temp\nsi3232.tmp\UserInfo.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsi3232.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsi3232.tmp\SetupCfg.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsi3232.tmp\Service.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Power Mixer\Uninst.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
C:\Users\user\AppData\Local\Temp\nsi3231.tmp	data	#
C:\Users\user\AppData\Local\Temp\A52D.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\8205.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7FFD.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4947825.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4657332.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4642FBA.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\45F2.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\42441FC.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Power Mixer.Gadget\images\pwmixer.png	PNG image data, 64 x 62, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Power Mixer.Gadget\images\logo.png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Power Mixer\Lang\Estonian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Romanian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Portuguese (Brazil).lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Polish.lng	Non-ISO extended-ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Norwegian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Magyar.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Korean.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Italian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Hebrew.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Greek.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\German.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\French.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Finnish.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Russian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\English.lng	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Dutch.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Danish.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Czech.lng	Non-ISO extended-ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Croatian.lng	Non-ISO extended-ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Chinese (Traditional).lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Chinese (Simplified).lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Catalan.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Bulgarian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Arabic.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Afrikaans.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Default (Light Text).bmp	PC bitmap, Windows 3.x format, 208 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Tools\atedit.exe	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
C:\Program Files (x86)\Power Mixer\Tools\atedit.dat	data	#
C:\Program Files (x86)\Power Mixer\Tools\Default.csv	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\readme.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Vertical Bar.bmp	PC bitmap, Windows 3.x format, 384 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Vertical Bar (Multicolor).bmp	PC bitmap, Windows 3.x format, 208 x 16 x 24	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Rainbow.bmp	PC bitmap, Windows 3.x format, 208 x 16 x 24	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\LouderIT.bmp	PC bitmap, Windows 3.x format, 512 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Horizontal Bar.bmp	PC bitmap, Windows 3.x format, 384 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Digits (Multicolor).bmp	PC bitmap, Windows 3.x format, 3264 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Default.bmp	PC bitmap, Windows 3.x format, 208 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Default (Low Color).bmp	PC bitmap, Windows 3.x format, 208 x 16 x 4	#
C:\Program Files (x86)\Power Mixer\Homepage.htm	HTML document, ASCII text, with no line terminators	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Chameleon.bmp	PC bitmap, Windows 3.x format, 384 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Chameleon (Light Text).bmp	PC bitmap, Windows 3.x format, 384 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Tray Icon\Basic.bmp	PC bitmap, Windows 3.x format, 208 x 16 x 16	#
C:\Program Files (x86)\Power Mixer\Res\Sounds\osd.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	#
C:\Program Files (x86)\Power Mixer\Register.htm	HTML document, ASCII text, with no line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Ukrainian.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Turkish.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Swedish.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Spanish.lng	ISO-8859 text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Serbian (Latin).lng	Non-ISO extended-ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Power Mixer\Lang\Serbian (Cyrillic).lng	Non-ISO extended-ASCII text, with CRLF line terminators	#

chthonic_2.23.17.10.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

chthonic_2.23.17.10.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

chthonic_2.23.17.10.exe