top title background image
flash

SecuriteInfo.com.Trojan.PWS.Steam.18359.22695.exe

Status: finished
Submission Time: 2020-08-01 21:31:11 +02:00
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    255570
  • API (Web) ID:
    406678
  • Analysis Started:
    2020-08-01 22:05:37 +02:00
  • Analysis Finished:
    2020-08-01 22:17:38 +02:00
  • MD5:
    532524e6b61b197d92f3bd4ed3331d3d
  • SHA1:
    f1009c96203862812cefa14e186dcff610ccc634
  • SHA256:
    3e3ab416abadd9093b15f9dcce92f3530709aba8addff16a74e89bd3a7bfd8fd
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
94.250.251.54
Russian Federation

URLs

Name Detection
http://94.250.251.54
http://94.250.251.548
http://94.250.251.54x
Click to see the 4 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://94.250.251.54/vmoc3ohgkdg9g85e98qbuhzpf1r8x40j9wm2i92y56yo/3z7sbez0q28io2muuay1pno9kx6rs9a0kj
http://james.newtonking.com/projects/json
https://ipinfo.io/json

Dropped files

Name File Type Hashes Detection
C:\Users\Default\RuntimeBroker.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Offline Web Pages\svchost.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Windows\Offline Web Pages\svchost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 17 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SecuriteInfo.com.Trojan.PWS.Steam.18359.22695.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\Default\RuntimeBroker.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\ProgramData\dbg\svchost.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\ProgramData\dbg\svchost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Program Files (x86)\Internet Explorer\en-US\MJnEFvNgIJqiFpsMVAANBvKDsiT.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Program Files (x86)\Internet Explorer\en-US\MJnEFvNgIJqiFpsMVAANBvKDsiT.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\ProgramData\dbg\f4d236fdec2fd03914189c3b26e5cb0dfea9d761
ASCII text, with no line terminators
#
C:\ProgramData\Microsoft\Windows\Templates\MJnEFvNgIJqiFpsMVAANBvKDsiT.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\Default\9e8d7a4ca61bd92aff00cc37a7a4d62a2cac998d
ASCII text, with no line terminators
#
C:\Program Files (x86)\Internet Explorer\en-US\08d668d793dad023157c4f8be0b394b8a051ac58
ASCII text, with no line terminators
#
C:\ProgramData\Microsoft\Windows\Templates\MJnEFvNgIJqiFpsMVAANBvKDsiT.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MJnEFvNgIJqiFpsMVAANBvKDsiT.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log
ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\Templates\08d668d793dad023157c4f8be0b394b8a051ac58
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\c64be3c7e9642050d4a01ef7f88dc4ee.tmp
ASCII text, with no line terminators
#
C:\Windows\Offline Web Pages\f4d236fdec2fd03914189c3b26e5cb0dfea9d761
ASCII text, with no line terminators
#