XQehPgTn35.exe

Status: finished

Submission Time: 2021-06-11 05:37:10 +02:00

Malicious

Spreader

Trojan

Adware

Evader

Njrat

Comments

Details

Analysis ID:
433012
API (Web) ID:
800616
Analysis Started:

2021-06-11 05:37:10 +02:00
Analysis Finished:

2021-06-11 05:49:06 +02:00
MD5:
595c00bf9ca4baa42b4490f2782cf2d3
SHA1:
d1441cc336655f36efc3db070f84701a1f68e51a
SHA256:
6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 31/70

Open Full Report

malicious

Score: 15/35

malicious

Score: 29/47

malicious

IPs

IP	Country	Detection
3.129.187.220	United States
3.138.180.119	United States
3.136.65.236	United States

Domains

Name	IP	Detection
4.tcp.ngrok.io	3.138.180.119

URLs

Name	Detection
[i]
http://www.enigmaprotector.com/
http://www.enigmaprotector.com/openU

Dropped files

Name	File Type	Hashes
C:\SublimeText.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\system 32.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\autorun.inf	Microsoft Windows Autorun file, ASCII text, with CRLF line terminators	#
Click to see the 19 hidden entries
C:\Windows\server.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Documents\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\714bcaf02dc680243f761ccdcdc54f71Windows Updater.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\History\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\XQehPgTn35.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Umbrella.flv.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Microsoft Corporation.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\app	UTF-8 Unicode (with BOM) text, with no line terminators	#
C:\Users\user\Desktop\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Google.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\Favorites\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\SysWOW64\Google.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#

XQehPgTn35.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

XQehPgTn35.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

XQehPgTn35.exe