Register Login

sloganpng

top title background image

US1pwXib6h.exe

Status: finished

Submission Time: 2021-06-16 12:17:51 +02:00

Malicious

Trojan

Spyware

Evader

NetWire

Comments

Tags

Details

Analysis ID:
435325
API (Web) ID:
802917
Analysis Started:

2021-06-16 12:17:51 +02:00
Analysis Finished:

2021-06-16 12:31:42 +02:00
MD5:
91514b3627e78e42cb05bc608737a47f
SHA1:
b48882a3d656068e30b88671aee71010e5602d32
SHA256:
e0e0ca8ec324752ed823c7e503992398e817663828f94b4ca699ff1965095c31
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 10/65

malicious

Score: 12/45

IPs

IP	Country	Detection
192.71.172.145	Sweden
99.83.154.118	United States

Domains

Name	IP	Detection
netsecond.duckdns.org	192.71.172.145
ddns.dbcdubai.com	99.83.154.118
netno.ddns.net	192.71.172.145

URLs

Name	Detection
ddns.dbcdubai.com:6577
netno.ddns.net:6577
netsecond.duckdns.org:6577
Click to see the 4 hidden entries
http://www.yandex.com
http://nsis.sf.net/NSIS_Error
http://nsis.sf.net/NSIS_ErrorError
http://www.yandex.comsocks=

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\fatbtifdnumsa\ioldfli.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
C:\Users\user\AppData\Local\Temp\kg0wilfv6c51ffl5	data	#
C:\Users\user\AppData\Local\Temp\nhde	data	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\nsmBB29.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nst9B9A.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsu6AA7.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#