top title background image
flash

mormanti.exe

Status: finished
Submission Time: 2021-07-16 17:05:21 +02:00
Malicious
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    449959
  • API (Web) ID:
    817548
  • Analysis Started:
    2021-07-16 17:05:22 +02:00
  • Analysis Finished:
    2021-07-16 17:12:57 +02:00
  • MD5:
    6c94edfea6e5ee001b00122c9d01bd8a
  • SHA1:
    a8d0cc5088ee86c2be77afe157695d12e951f369
  • SHA256:
    0154d1d06e755bda091168038f25c1dde101e3b77c66f88b73c71be84ffdaf6e
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 53/71
malicious
Score: 23/28
malicious

IPs

IP Country Detection
89.32.150.160
Romania
213.60.96.117
Spain
70.32.115.157
United States
Click to see the 77 hidden entries
83.169.21.32
Germany
201.213.156.176
Argentina
217.160.182.191
Germany
177.144.135.2
Brazil
87.106.46.107
Germany
186.250.52.226
Brazil
104.131.41.185
United States
212.231.60.98
Spain
181.120.79.227
Paraguay
72.47.248.48
United States
172.104.169.32
United States
137.74.106.111
France
190.163.31.26
Chile
77.55.211.77
Poland
46.28.111.142
Czech Republic
178.79.163.131
United Kingdom
61.92.159.208
Hong Kong
192.241.143.52
United States
185.94.252.12
Germany
91.219.169.180
Ukraine
177.74.228.34
Brazil
111.67.12.221
Australia
82.196.15.205
Netherlands
190.147.137.153
Colombia
66.228.49.173
United States
45.161.242.102
Brazil
192.241.146.84
United States
177.72.13.80
Brazil
104.236.161.64
United States
2.47.112.152
Italy
185.94.252.27
Germany
212.71.237.140
United Kingdom
51.255.165.160
France
190.6.193.152
Honduras
190.190.148.27
Argentina
104.131.103.128
United States
181.36.42.205
Dominican Republic
170.81.48.2
Brazil
217.199.160.224
United Kingdom
93.151.186.85
Italy
189.2.177.210
Brazil
187.162.248.237
Mexico
5.196.35.138
France
213.181.91.224
Spain
209.236.123.42
United States
202.62.39.111
Cambodia
219.92.13.25
Malaysia
114.109.179.60
Thailand
58.171.153.81
Australia
116.125.120.88
Korea Republic of
12.162.84.2
United States
177.73.0.98
Brazil
70.32.84.74
United States
94.176.234.118
Lithuania
204.225.249.100
Canada
104.131.103.37
United States
191.182.6.118
Brazil
82.76.111.249
Romania
177.66.190.130
Brazil
81.198.69.61
Latvia
68.183.170.114
United States
147.91.184.91
Serbia
217.13.106.14
Hungary
191.99.160.58
Ecuador
145.236.8.174
Hungary
80.249.176.206
Russian Federation
189.194.58.119
Mexico
149.62.173.247
Spain
73.116.193.136
United States
190.17.195.202
Argentina
94.206.45.18
United Arab Emirates
68.183.190.199
United States
50.28.51.143
United States
181.129.96.162
Colombia
77.90.136.129
Germany
186.103.141.250
Chile
143.0.87.101
Brazil

URLs

Name Detection
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
http://149.62.173.247/kH8ALNiaGV/5bEuMKuJNKlslD3n/rvXy2RpDwZlslOQBeY7/BCLTdgbwF6J8vsIGfDq/jZ9iV8xFle
https://dev.virtualearth.net/REST/v1/Routes/
Click to see the 49 hidden entries
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://%s.xboxlive.com
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/REST/v1/Locations
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/mapcontrol/logging.ashx
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
https://dynamic.t
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
http://72.47.248.48:7080/VTzYrEpbArBozqZBhS/6O
http://68.183.170.114:8080/nFzrf7w0/EO2pZ/MQ0xve/:
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
http://58.171.153.81/j4XmHhlvX7h4pe/uu11HumRcyQn/3XzJ/ymPM07W/vKmfGodTznrrD/
https://activity.windows.com
https://dev.ditu.live.com/REST/v1/Locations
https://%s.dnet.xboxlive.com
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
http://66.228.49.173/TyLIHl4nuj0XCeB/C12IKmccuoQw2U92z/
https://fs.microsoft.c
https://dev.ditu.live.com/REST/v1/Routes/
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://t0.tiles.ditu.live.com/tiles/gen
http://68.183.170.114:8080/nFzrf7w0/EO2pZ/MQ0xve/
http://schemas.xmlsoap.org/ws/
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
http://72.47.248.48:7080/VTzYrEpbArBozqZBhS/
http://66.228.49.173:8080/TyLIHl4nuj0XCeB/C12IKmccuoQw2U92z/s(KF
http://68.183.170.114/nFzrf7w0/EO2pZ/MQ0xve/
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
http://149.62.173.247:8080/kH8ALNiaGV/5bEuMKuJNKlslD3n/rvXy2RpDwZlslOQBeY7/BCLTdgbwF6J8vsIGfDq/jZ9iV
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
http://68.183.170.114:8080/nFzrf7w0/EO2pZ/MQ0xve/c
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
http://66.228.49.173:8080/TyLIHl4nuj0XCeB/C12IKmccuoQw2U92z/
https://appexmapsappupdate.blob.core.windows.net
http://www.bingmapsportal.com
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
http://72.47.248.48:7080/VTzYrEpbArBozqZBhS/CL:
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x0656ce7e, page size 16384, DirtyShutdown, Windows version 10.0
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
data
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
data
#