top title background image
flash

WDnE51mua6.exe

Status: finished
Submission Time: 2021-04-08 10:31:33 +02:00
Malicious
Trojan
Spyware
Evader

Comments

Tags

  • exe

Details

  • Analysis ID:
    383838
  • API (Web) ID:
    669775
  • Analysis Started:
    2021-04-08 10:35:58 +02:00
  • Analysis Finished:
    2021-04-08 11:04:50 +02:00
  • MD5:
    7e7012645cc3d6d3572bb01891fbcec1
  • SHA1:
    712fe21354098f3764f6e9cbe7b57dc67a65c478
  • SHA256:
    df116f3585f1fe4b00c351a2941f6b85565e1fcc6da5569c6f7c80ddd1b4e2a8
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 28/67
malicious
Score: 31/48
malicious

IPs

IP Country Detection
8.208.95.18
Singapore

Domains

Name IP Detection
banusdoret.top
8.208.95.18
zjZFqZYoOtpryMyR.zjZFqZYoOtpryMyR
0.0.0.0

URLs

Name Detection
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49r
https://banusdoret.top/oi9
https://banusdoret.top/Vg
Click to see the 23 hidden entries
https://banusdoret.top/Dg
https://banusdoret.top/sFt
https://banusdoret.top/
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49lcanoconiosispZ
https://banusdoret.top/ography
https://banusdoret.top/5hc
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49
https://banusdoret.top/#hu
https://banusdoret.top/upload/upload.phpp/hi0
https://banusdoret.top/upload/upload.phpmit
https://banusdoret.top/hi0
https://banusdoret.top/8
https://banusdoret.top/kh=
https://banusdoret.top/upload/upload.php
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd491
http://www.autoitscript.com/autoit3/X
https://www.autoitscript.com/autoit3/
http://cps.root
http://cps.letsencrypt.org0
http://r3.i.lencr.org/0-
https://banusdoret.topctionSettings
http://r3.o.lencr.org0
http://cps.root-x1.letsencrypt.org0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\zPgFqFUsML\juROhmfLml.exe.com
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Gia.exe.com
Targa image data - Mono 65536 x 184 x 0 +65535 ""
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juROhmfLml.url
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Roaming\zPgFqFUsML\wAYZqHgYEOdcYU.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Che.vsd
data
#
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Roaming\zPgFqFUsML\wAYZqHgYEOdcYU.js
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\zPgFqFUsML\Veduto.vsd
data
#
C:\Users\user\AppData\Roaming\zPgFqFUsML\I
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Veduto.vsd
data
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Poi.vsd
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Lineamento.vsd
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\D
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Local\Temp\4624a8e10d6df3306e1dd46223b6b1968208dd49
data
#
C:\Users\user\AppData\Local\Temp\chrCF8.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\chrB32.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\chr2302.tmp
data
#
C:\Users\user\AppData\Local\Temp\chr1073.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\cab_5036_6
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_5
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_4
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_3
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_2
data
#