Register Login

sloganpng

top title background image

e3CtV2Nw.exe

Status: finished

Submission Time: 2020-09-24 18:18:01 +02:00

Malicious

Trojan

Adware

Spyware

Evader

njRat

Comments

Tags

Details

Analysis ID:
289659
API (Web) ID:
474424
Analysis Started:

2020-09-24 18:18:01 +02:00
Analysis Finished:

2020-09-24 18:26:35 +02:00
MD5:
a9620469a4b9a1b7c77aab3e946187f7
SHA1:
06e7e5fd7d1e545916e8eb061b8be281454b03d8
SHA256:
46fa7b3768b1f91187f59fb97a88e1efbbe603dc88419c73da07c627e9d57f74
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 59/71

malicious

Score: 43/48

malicious

IPs

IP	Country	Detection
91.109.186.4	France

Domains

Name	IP	Detection
ronymahmoudn.ddns.net	91.109.186.4

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\e3CtV2Nw.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0af32282296cbea7a0582702966a56c9.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\domty.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\domty.exe.log	ASCII text, with CRLF line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#