Joe Sandbox Cloud Basic
Register Login
sloganpng
flash

WDnE51mua6.exe

Status: finished
Submission Time: 08.04.2021 10:31:33
Malicious
Trojan
Spyware
Evader

Comments

Tags

  • exe

Details

  • Analysis ID:
    383838
  • API (Web) ID:
    669775
  • Analysis Started:
    08.04.2021 10:35:58
  • Analysis Finished:
    08.04.2021 11:04:50
  • MD5:
    7e7012645cc3d6d3572bb01891fbcec1
  • SHA1:
    712fe21354098f3764f6e9cbe7b57dc67a65c478
  • SHA256:
    df116f3585f1fe4b00c351a2941f6b85565e1fcc6da5569c6f7c80ddd1b4e2a8
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
28/67

malicious
31/48

malicious

IPs

IP Country Detection
8.208.95.18
 Singapore

Domains

Name IP Detection
banusdoret.top
 8.208.95.18
zjZFqZYoOtpryMyR.zjZFqZYoOtpryMyR
 0.0.0.0

URLs

Name Detection
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd491
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49r
https://banusdoret.top/upload/upload.php
Click to see the 23 hidden entries
https://banusdoret.top/kh=
https://banusdoret.top/8
https://banusdoret.top/hi0
https://banusdoret.top/upload/upload.phpmit
https://banusdoret.top/upload/upload.phpp/hi0
https://banusdoret.top/#hu
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49
https://banusdoret.top/5hc
https://banusdoret.top/ography
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49lcanoconiosispZ
https://banusdoret.top/
https://banusdoret.top/sFt
https://banusdoret.top/Dg
https://banusdoret.top/Vg
https://banusdoret.top/oi9
https://banusdoret.topctionSettings
http://cps.letsencrypt.org0
http://www.autoitscript.com/autoit3/X
https://www.autoitscript.com/autoit3/
http://cps.root
http://r3.i.lencr.org/0-
http://r3.o.lencr.org0
http://cps.root-x1.letsencrypt.org0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\zPgFqFUsML\juROhmfLml.exe.com
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juROhmfLml.url
 MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Roaming\zPgFqFUsML\wAYZqHgYEOdcYU.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Gia.exe.com
 Targa image data - Mono 65536 x 184 x 0 +65535 ""
 #
Click to see the 19 hidden entries
C:\Users\user\AppData\Roaming\zPgFqFUsML\wAYZqHgYEOdcYU.js
 ASCII text, with no line terminators
 #
\Device\ConDrv
 ASCII text, with CRLF, CR line terminators
 #
C:\Users\user\AppData\Local\Temp\4624a8e10d6df3306e1dd46223b6b1968208dd49
 data
 #
C:\Users\user\AppData\Local\Temp\cab_5036_2
 data
 #
C:\Users\user\AppData\Local\Temp\cab_5036_3
 data
 #
C:\Users\user\AppData\Local\Temp\cab_5036_4
 data
 #
C:\Users\user\AppData\Local\Temp\cab_5036_5
 data
 #
C:\Users\user\AppData\Local\Temp\cab_5036_6
 data
 #
C:\Users\user\AppData\Local\Temp\chr1073.tmp
 Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Users\user\AppData\Local\Temp\chr2302.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\chrB32.tmp
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Temp\chrCF8.tmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Che.vsd
 data
 #
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\D
 ASCII text, with very long lines, with CRLF, CR, LF line terminators
 #
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Lineamento.vsd
 ASCII text, with very long lines, with CRLF, CR, LF line terminators
 #
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Poi.vsd
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Veduto.vsd
 data
 #
C:\Users\user\AppData\Roaming\zPgFqFUsML\I
 ASCII text, with very long lines, with CRLF, CR, LF line terminators
 #
C:\Users\user\AppData\Roaming\zPgFqFUsML\Veduto.vsd
 data
 #