top title background image
flash

http://abass.ir/maxz/maxz.exe

Status: finished
Submission Time: 2020-08-11 11:42:57 +02:00
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    261372
  • API (Web) ID:
    418298
  • Analysis Started:
    2020-08-11 11:44:19 +02:00
  • Analysis Finished:
    2020-08-11 11:53:43 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
199.79.63.24
United States
194.180.224.87
unknown

Domains

Name IP Detection
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
168.63.67.155
abass.ir
194.180.224.87
bh-58.webhostbox.net
199.79.63.24

URLs

Name Detection
https://FYXzTpt17Er5k3kb6Fr.com
http://abass.ir/maxz/maxz.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\maxz.exe.17487yr.partial
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\maxz[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\max\max.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\maxz.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCF876A1-DC02-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCF876A3-DC02-11EA-90E5-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\maxz.exe.17487yr.partial:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\maxz.exe:Zone.Identifier
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\max\max.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF01287CC61ACAC457.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF6E18D56E931FA680.TMP
data
#