Register Login

sloganpng

top title background image

Sx2V6MM2.exe

Status: finished

Submission Time: 2020-09-26 16:03:49 +02:00

Malicious

Trojan

Adware

Spyware

Evader

njRat

Comments

Tags

Details

Analysis ID:
290380
API (Web) ID:
475860
Analysis Started:

2020-09-26 16:03:50 +02:00
Analysis Finished:

2020-09-26 16:12:50 +02:00
MD5:
94d8bd90698cbf3c060e23c1aec9c620
SHA1:
8c8cecafd9e34e00f0727ed77a433107d23ccf47
SHA256:
dbcb7ef85c2cc8df4abcce3a2a8a0f4331fdaca48dfa4087981d467580f98a46
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 60/71

malicious

IPs

IP	Country	Detection
141.255.147.194	France

Domains

Name	IP	Detection
hackerkurda.duckdns.org	141.255.147.194

URLs

Name	Detection
http://go.microsoft.
http://go.microsoft.LinkId=42127

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Sx2V6MM2.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f3b9806b86f35266081b56b90a99067e.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\svchosts.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\svchosts.exe.log	ASCII text, with CRLF line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#