cd.exe

Status: finished

Submission Time: 2021-09-14 16:01:11 +02:00

Malicious

Spreader

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
483177
API (Web) ID:
850746
Analysis Started:

2021-09-14 16:01:46 +02:00
Analysis Finished:

2021-09-14 16:10:11 +02:00
MD5:
cd02e745a08dd29cb6fda1761b2f4b6e
SHA1:
1a0dd3348bb0f856fff51f7e22364b0974fa1ad3
SHA256:
a4ff2e7dd35e8f7362739c3a578563458548ed5ffb30abe5ec6bf6f2c0de8eb7
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 24/40

IPs

IP	Country	Detection
173.239.8.164	United States
173.192.101.24	United States
142.250.102.106	United States
Click to see the 2 hidden entries
142.250.203.110	United States
168.119.139.96	Germany

Domains

Name	IP	Detection
menehleibe.com	173.239.8.164
google.com	142.250.203.110
www.google.com	142.250.102.106
Click to see the 3 hidden entries
mybetterdl.com	173.192.101.24
gertrk.com	168.119.139.96
p226681.mybetterdl.com	173.192.101.24

URLs

Name	Detection
http://menehleibe.com/
http://menehleibe.com/images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avi
http://www.nytimes.com/
Click to see the 86 hidden entries
https://gertrk.com/favicon.ico
http://support.mendeley.com/customer/portal/articles/227955
https://www.google.com/gen_204?ei=rKtAYY2rHY25kwWZrp3YAw&vet=10ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQhJAHCBQ..s&gl=GB&pc=SEARCH_HOMEPAGE&isMobile=false
https://csl.mendeley.com
https://www.google.com/_/og/promos/
https://service.elsevier.com/app/answers/detail/a_id/19601/kw/connectivity/supporthub/mendeley/1setU
https://www.google.com/?gws_rd=ssl
https://mybetterdl.com/aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2
https://policies.google.com/terms?hl=en-GB&fg=1&utm_source=ucbs
https://ims-na1-stg1.adobelogin.com
https://www.elsevier.com/legal/privacy-policy
https://crashpad.chromium.org/
https://www.google.com/?gws_rd%3Dssl
https://service.elsevier.com/app/answers/detail/a_id/22094/kw/migrate/supporthub/mendeley/
https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.com
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.png
http://www.reddit.com/
https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboarding
https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.comRoot
http://www.sysinternals.comopenFolder
http://citationstyles.org/
http://www.google.com/
http://menehleibe.com/Root
https://citationstyles.org
http://www.sysinternals.comFileVersionLegalCopyright
http://www.live.com/
http://www.wikipedia.com/
https://github.com/citation-style-language/styles
http://www.youtube.com/
http://www.sysinternals.comopenConnection
https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com
https://www.google.com/url?q=https://www.google.com/chrome/download-chrome-for-search/%3Fbrand%3DOKW
https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guideshttps://www.mendeley.com
https://www.mendeley.com/library
https://service.elsevier.com/app/contact/supporthub/mendeley?dgcid=Mendeley_Desktop_Help-menu-Contac
https://play.google.com/log?format=json&hasfast=true
http://p.yusukekamiyamane.com/
https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png
https://service.elsevier.com/app/answers/detail/a_id/19611/kw/duplicates/supporthub/mendeley/Yes
http://creativecommons.org/licenses/by-sa/3.0/
http://agoogleaday.com/%23date%3D2011-06-04
https://www.google.com/search?gws_rd%3Dssl%26q%3Dnebulae%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3D
https://www.google.co.uk/intl/en/about/products
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
http://www.twitter.com/
http://google.com
https://www.virustotal.com/about/terms-of-service%s
https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite
http://www.amazon.com/
https://www.google.com/log?format=json&hasfast=true
http://www.sysinternals.com
https://p226681.mybetterdl.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0
https://www.google.com/index.php?url_bnm_redirect=http://google.com/?gws_rd=ssl_bnm_redirect=http://
https://rrchnm.org/
https://www.gmu.edu/
https://crashpad.chromium.org/bug/new
https://accounts.google.com/ServiceLogin?hl
https://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQ
http://www.broofa.com
https://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-website
https://ogs.google.com/widget/app/so?bc=1
https://policies.google.com/privacy?hl=en-GB&fg=1&utm_source=ucbs
https://ims-prod06.adobelogin.com
https://www.zotero.org/
https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-I
http://google.com/
https://www.sysinternals.comntdllRtlInitUnicodeStringNtOpenDirectoryObjectNtQuerySectionNtQueryDirec
https://trends.google.com/hottrends
https://adservice.google.com/adsid/google/ui
https://donate.google.com/checkout?campaignid%3D6420545008435200
https://www.virustotal.comPOST4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0capikey
https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com/?gws_rd=ssl
https://consent.google.com/d?continue
https://ogs.google.com/widget/callout?prid=19025503
https://plasma.kde.org
https://apis.google.com
https://consent.google.com/s?continue
http://ww9.menehleibe.com/
https://www.google.com
http://www.sysinternals.comWindowPositionSOFTWARE
https://github.com/Juris-M/citeproc-js
https://clients2.google.com/service/update2/crxupdate_urlBrowser
https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guides
https://www.elsevier.com/legal/elsevier-website-terms-and-conditions
http://schema.org/WebPage
https://artsandculture.google.com/partner/museo-reina-sofia

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d4a6d4bd[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Temp\~DFFAD0E470126C2D77.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF1C6E09CA4CF5EBDD.TMP	data	#
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\index[1].htm	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\googlelogo_color_272x92dp[1].png	PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\desktop_searchbox_sprites318_hr[1].png	PNG image data, 40 x 124, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\rs=AA2YrTt5urjnc1-as0vV15aU6T-f2ANE9g[1].css	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\LM1X3BMT.htm	HTML document, UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\googlelogo_color_84x28dp[1].png	PNG image data, 84 x 28, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\favicon[1].ico	MS Windows icon resource - 1 icon, 39x34, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1G7O03DV.htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F14FAF2F-15AF-11EC-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\0V71R0V5.htm	HTML document, ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	#

cd.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

cd.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

cd.exe