HousecallLauncher64-new.exe

Status: finished

Submission Time: 2020-07-23 21:58:28 +02:00

Malicious

Ransomware

Trojan

Spyware

Evader

Miner

HawkEye Nanocore Remcos Tinynuke / Nukebot Ako AveMaria Clop Ransomware Coinhive CryLock DualShot Gandcrab GhostRat Gocoder Hermes Jigsaw LilithRAT Meterpreter Nemty Netwalker Njrat PXJ Ransomware PayDay Poisonivy Ryuk Tron ComRAT Xmrig

Comments

Details

Analysis ID:
250437
API (Web) ID:
396750
Analysis Started:

2020-07-23 22:02:40 +02:00
Analysis Finished:

2020-07-23 22:23:07 +02:00
MD5:
135e977e0355a958da5e63111a659233
SHA1:
42b50b8391172cab171a26ecf798015a2a9d8a3c
SHA256:
fc02c4ed513e50d1d46cec284fbd76c7b8ee1313036ad91e9cee7d15a7d85a80
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 7/52

malicious

IPs

IP	Country	Detection
44.233.140.104	United States

Domains

Name	IP	Detection
fbs.prod.spn.a1q7.net	44.233.140.104
housecall8.icrc.trendmicro.com	0.0.0.0
housecall800-en.fbs20.trendmicro.com	0.0.0.0
Click to see the 2 hidden entries
housecall-ctp-p.activeupdate.trendmicro.com	0.0.0.0
go.trendmicro.com	0.0.0.0

URLs

Name	Detection
http://infecteds.zapto.org/
http://www.niudoudou.com/web/download/G
http://www.4j4j.cnE
Click to see the 97 hidden entries
http://www.netgy.com/cpG
http://web.manazery.cz/modules/inflos.phpF
https://bradesconetempresa.com.br/E
http://housecall-ctp-p.activeupdate.trendmicro.com/
HTTP://SEARCH.MSN.E
https://housecall8.icrc.trendmicro.com/ss/
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/HCClean_113701.zipC:
HTTP://SEX-EVERYDAY.COM
http://www.abcxyz.com/abc2.exeG
http://www.symauth.com/rpa00
http://www.steelkernel.comyE
http://www.hardcoreporn.com/
http://ocsp.affirmtrust.com
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/vsapi119.sigC:
http://changeman.net.cn/
http://www.neuropsychiatry.co.kr
http://merlin.xlphp.net/login.php?use=G
http://www.symauth.com/cps0(
HTTP://WWW.D
http://%s/%d/checkin.php?cid=%d&ai
http://aaronremote.xyz/auth/msvcr71.dll?fid=
http://image-save.pw/
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/ini_xml.zip
http://auto.search.msn.com/response.asp?MT=
HTTP://FREELIFE4EVER.COMD
http://go.trendmicro.com/free-tools/feedback/
http://www.gnetop.co.jp/F
HTTP://QUN.QQ.COM/CGI/SVD
HTTP://GO.DRIVECL
http://wc-zone.biz/getdlE
http://ddl3.data.hu/get/
http://aaronremote.xyz/auth/ssleay32.dll?fid=
http://www.redirserver.com/update4.cfm?tid=&cn_id=
http://www.coolshow8.com/mscps.pdfE
http://1235633.3322.org/GameJing
http://lm.fjhonghui.cn:1024/d7/
HTTP://WWW.MOONLIGHT.COM
HTTP://BREENTEN.BIZD
HTTP://183.57.37.181/333/E
http://www.adon-demand.de/red/
http://www.1188.com/G
HTTP://AAAWEBSEARCH.COM/?GV=6661656585
http://cl.chnsystemG
http://moileq.cn/G
https://account.qq.com
http://www.founder.com.cn/cn/bThe
http://91.207.116.44/FZ
http://www.ea3rck.net/modules/Server.exeSb
HTTP://AA.INTO4.INFO/022
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/tscptn.zip
HTTP://WWW.FS43.COM:777/MYUNBOUNDMB.UIB
http://patch.dn.sdo.com/sndalist/sndalist_new.xmlE
http://66.90.73.4/?gv=666165658560678160846655146D383C3CFC3E5F55
http://housecall-ctp-p.activeupdate.trendmicro.com:80/activeupdate/pattern/tmwlchk_177300.zip
HTTP://WWW.FLOODAD.COM/WEB/DOWNLOAD/
http://hi.baidu.com/13240912/blog/item/6fb8f23f06b529d0d46225f1.html
http://imagegur.pw/
http://down.E
http://%s/spm/s_report.php?task=%u&id=%sE
HTTP://E3.PHPE3.EXE
https://www.trendmicro.com/support/consumer
http://serverbenc.dominiotemporario.com/tomada20.exeT
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/icrc/ioth1611900.sig
http://aia.affirmtrust.com/aftov1ca.crt
http://mfp.bfzz.com/mfp/do.asp
http://ocsp.affirmtrust.com0
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/tmwlchk_177300.sig
http://screensaver.pw/
http://%s/check/checkin.php?cid=%d&aid=%d&time=E
https://wwwss.bradesco.com.br/scripts/ib2k1.dll/
http://sil.chnsystem.com/sil.php?fid=%s&mac=%s&id=%s&check=%sG
http://hashserver1.tmwebF
http://www.secretkey.kr/update.php
http://www.niudoudou.com/web/download/http://w
http://crl.affirmtrust.com/crl/aftov1ca.crl0
http://www.%s/w.php?id=E
http://195.225.177.13/q.php?
http://www.z88.com.cnE
http://aia.affirmtrust.com/aftov1ca.crt0W
http://cloudfront.fullpcF
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119825.aspxxem-10
HTTP://WWW.1
HTTP://WWW.61RR.COM/DOWN/G
http://www.hackersociety.net/hstrojan/cliente/upgrade.infE
http://www.pp2345.com
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/pattern/tscptn.sigC:
http://%s/Gsd/SERVER/Up/%d.exe
https://bitcointalk.org/index.php?topic=1433925D
http://www.114116.infoG
http://mynewspages.com/block/flash.txtE
http://crl.affirmtrust.com/crl/AffirmTrustCommercial.crl
http://treestompertime.net/mirinda/E
http://housecall-ctp-p.activeupdate.trendmicro.com/activeupdate/engine/engv_x64dll_v12000-1008.zipC:
http://www.55l.com/debug
HTTP://WWW.JESUSER.CN/PLUG/DOSELECT.ASP?CMD=D
http://img-save.xyz/
https://github.com/supreF

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AU_Down\engine\engv_x64dll_v12000-1008.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v12000-1008.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1611900.zip	Zip archive data, at least v2.0 to extract	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\README.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AU_Down\pattern\tscptn.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AU_Down\pattern\icrc\ioth1611900.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AU_Down\pattern\HCClean_113701.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AU_Down\engine\dce-dll-mssign-x64-v75-1035.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\3\2048\tsc.ptn	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\3\1208221744\HCClean.ptn	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\3\1082130432\tmwlchk.ptn	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\Setup.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HCBackup\temp_bf_1100000000_2041001900_1595567110	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\MustFBExts.conf	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\tmblack.233	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\tmfbeng.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\patterns\tmwlchk.ptn	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\tmwlutil.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\patterns\tml00001.ptn	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trendx.112	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\housecall810_SHA2.cert	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\curl-ca-bundle.crt	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\atse64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\ScanPaths.conf	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trxhandler_log.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\HouseCallX.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\HomeDeviceGuard_Downloader.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\Config.xml	Non-ISO extended-ASCII text, with very long lines, with NEL line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\BPMNT.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\AU_Backup\AuBackup.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HCLauncher.log	ASCII text	#
C:\Users\user\AppData\Local\Temp\HouseCall\Tmcomm.inf	Windows setup INFormation, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Log\TmuDump.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\interface\css\container.css	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\interface\css\buttons.css	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\housecall800.cert	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\housecall.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\housecall.bin	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\hcversion64.xml	ASCII text	#
C:\Users\user\AppData\Local\Temp\HouseCall\hc_core.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\dbghelp.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\curl-ca-bundle.crt	UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\Tmcomm.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trendxl.102	data	#
C:\Users\user\AppData\Local\Temp\HouseCall\TmEngDrv.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\TSC.INI	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\TMEBC64.sys	PE32+ executable (native) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\TMEBC.inf	Windows setup INFormation, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\LinkRule.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\License.txt	ISO-8859 text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\LanguageMap.xml	exported SGML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\ICRCHdler.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\interface\css\datatable.css	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trxhandler.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HouseCall\HouseCallX_x64\trendxv.103	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\ini_xml.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\x500.db	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\patchw64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\patch64.exe	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\ciussi64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\ciuas64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\cert5.db	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\aucfg.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\TmUpdate64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\GetServer.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\server.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\DLConfig.xml	Non-ISO extended-ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AuResult.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AuPatch.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\AU_Down\pattern\tmwlchk_177300.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\3\1208221744\ptn$agg.999	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\3\1208090624\icrc$oth.119	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\3\1082130432\tmwlchk.cat	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\2\536871168\vsapi64.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\2\536871168\BPMNT.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\AU\AU_Data\AU_Temp\5476_5508\2\1073872896\tscdll64.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v12000-1008.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\temp_bf_1100000000_2041001900_1595567110.len	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\HCBackup\patchretry.dat	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\HCBackup\hcversion64.xml.tmp	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\hcpackage64.exe.tmp	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_177300.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_177300.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1611900.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\HCBackup\temp_bf_1100000000_2041001900_1595567110.retry	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip.etag	ASCII text	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\ssleay32.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\libeay32.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\libcurl.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\icrc_fulldwn.dat	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\icrc.dat	data	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\dlstr.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7zSC150BAF0\HouseCall_downloader.bmp	PC bitmap, Windows 3.x format, 500 x 171 x 24	#