xGrfj8RvYg.exe

Status: finished

Submission Time: 2021-06-11 06:33:12 +02:00

Malicious

Trojan

Evader

AsyncRAT

Comments

Details

Analysis ID:
433020
API (Web) ID:
800624
Analysis Started:

2021-06-11 06:33:12 +02:00
Analysis Finished:

2021-06-11 06:41:26 +02:00
MD5:
722603aa75534bec9d1191f062fb2c03
SHA1:
321ea5aa8368f394dcbdcc6ce7ebaab89861150d
SHA256:
3e7cecddd88f1fdc8eb055ef6ab1eacfadb706582cb0fe190d99e493baa78691
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
216.230.75.62	United States
207.241.227.119	United States
207.241.232.198	United States
Click to see the 3 hidden entries
207.241.227.126	United States
207.241.227.112	United States
207.241.224.2	United States

Domains

Name	IP	Detection
ia601406.us.archive.org	207.241.227.126
ia601509.us.archive.org	207.241.227.119
archive.org	207.241.224.2
Click to see the 2 hidden entries
ia601502.us.archive.org	207.241.227.112
ia803408.us.archive.org	207.241.232.198

URLs

Name	Detection
https://ia601502.us.archive.org/
http://microsoft.co
https://go.micro
Click to see the 52 hidden entries
http://certs.godaddy.com/repository/1301
https://contoso.com/Icon
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txts
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtr
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtx
https://certs.godaddy.com/repository/0
https://ia601406.us.archive.orgx
https://github.com/Pester/Pester
https://archive.org
https://ia601406.us.archive.org
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txto
http://www.apache.org/licenses/LICENSE-2.0.html
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtC:
https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt0ywI
https://ia601509.us.archive.org
http://crl.godaddy.com/gdroot-g2.crl0F
https://ia601509.us.archive.org/21/items
https://ia601406.us.archive.org/9/items/server-lol-123_20210603/
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtf
https://ia601509.us.archive.org/21/items/all-lol-123_20210603/ALL_lol123.TXT
http://crl.godaddy.com/gdroot.crl0F
https://archive.org/download/run-02-02-02/Run_02_02_02.TXT
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtQ
https://ia803408.us.archive.org/9/items/run-02-02-02/Run_02_02_02.TXT
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt
https://contoso.com/
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...7l
http://crl.microsoft
http://ia803408.us.archive.org
http://certificates.godaddy.com/repository/0
https://contoso.com/License
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt...
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt1
https://ia601406.us.archive.org8
http://archive.org
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txt0
http://ia601406.us.archive.org
https://ia601406.us.archive.org/32/items/run-02-02-02/Run_02_02_02.TXT
https://ia601406.us.archive.org/9/items/server-lol-123_20210603/Server_lol123.txt
https://ia601509.us.archive.org/
https://nuget.org/nuget.exe
https://ia601509.us.archive.org/21/items/all-lol-123_20210603/AL
https://ia803408.us.archive.org
https://ia803408.us.archive.orgx
http://crl.goi
http://certificates.godaddy.com/repository/gdig2.crt0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://nuget.org/NuGet.exe
https://archive.orgx
http://crl.godaddy.com/gdig2s1-1597.crl0
http://pesterbdd.com/images/Pester.png
https://ia601502.us.archive.org/2/items/clean-lol-123_20210603/Clean_lol123.txtst-MC:

Dropped files

Name	File Type	Hashes
C:\Users\Public\-----Run+++++++++.ps1	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\Public\Run\Run.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xGrfj8RvYg.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Clean_lol123[1].txt	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j4sskfsz.fda.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ligmpoba.nku.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vivyprwg.nre.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdrybsou.rmb.psm1	very short file (no magic)	#
C:\Users\user\Documents\20210611\PowerShell_transcript.715575.7kfD7GZs.20210611063402.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20210611\PowerShell_transcript.715575.rFlTN3zv.20210611063435.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

xGrfj8RvYg.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

xGrfj8RvYg.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

xGrfj8RvYg.exe