Register Login

sloganpng

top title background image

niTWiWiG.exe

Status: finished

Submission Time: 2020-09-26 14:51:17 +02:00

Malicious

Trojan

Adware

Spyware

Evader

njRat

Comments

Tags

Details

Analysis ID:
290369
API (Web) ID:
475838
Analysis Started:

2020-09-26 14:51:17 +02:00
Analysis Finished:

2020-09-26 15:03:09 +02:00
MD5:
4b2582825cec186013f74318095c5049
SHA1:
d88207c03dd8921baf32459d156984fa0ae16f91
SHA256:
be22bc542d7278e717988bf470bed39ac0ab91b659c77deaa85cb0b216d89a59
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 61/71

malicious

IPs

IP	Country	Detection
41.140.61.234	Morocco

Domains

Name	IP	Detection
tyga.hopto.org	41.140.61.234
cdn.onenote.net	0.0.0.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\niTWiWiG.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Chrome.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Chrome.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Server.exe.log	ASCII text, with CRLF line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#