Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

SRMETALINDUSTRIES.exe

Status: finished
Submission Time: 2021-09-15 09:39:13 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • xloader

Details

  • Analysis ID:
    483595
  • API (Web) ID:
    851164
  • Analysis Started:
    2021-09-15 09:42:07 +02:00
  • Analysis Finished:
    2021-09-15 09:55:14 +02:00
  • MD5:
    51fb6f484b4bc554a7fddb7dc24c994e
  • SHA1:
    6548d2e4c988457deb2a3435220f3252367462f3
  • SHA256:
    4b9ec9143ae2471c8cf540f5e3815c4ca4bb5e073d5c45e6bd934cc0350e8546
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 9/44

IPs

IP Country Detection
185.215.4.13
 Denmark
165.73.84.33
 South Africa
185.134.245.113
 Norway
Click to see the 2 hidden entries
44.227.65.245
 United States
13.250.255.10
 United States

Domains

Name IP Detection
www.nordicbatterybelt.net
 185.134.245.113
www.integrity.directory
 44.227.65.245
menramen.com
 180.235.151.100
Click to see the 9 hidden entries
www.ifbrick.com
 165.73.84.33
sashaignatenko.com
 185.215.4.13
www.hisensor.world
 0.0.0.0
www.menramen.com
 0.0.0.0
www.advindustry.com
 0.0.0.0
www.sashaignatenko.com
 0.0.0.0
www.starworks.online
 0.0.0.0
www.zmdhysm.com
 154.64.44.142
ladi-dns-ssl-nlb-prod-4-5fac4e17b8b8295e.elb.ap-southeast-1.amazonaws.com
 13.250.255.10

URLs

Name Detection
http://www.ifbrick.com/n58i/?fD=F+G31dedRh6HLTd+ecIv/qGaPc+OF0rVpdWlg5lJjBXzRtzoveZeEYo5TUAR7GVYQJUOwMAABw==&7nVT9d=P6AhC8Yh4LuLMhK0
http://www.nordicbatterybelt.net/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=M2+dNbjF68Ecx6/kG0IjEvERphPYwrhl5ASQUZVNwgXuLMQcMfVPa3ABQDdZS66N8pSyWuXUWw==
http://www.starworks.online/n58i/?fD=PUNHIxjtOSFwkEXuacN/093UMB3LWAmrPV2Rldw+lO4ozANnbCtjpuKVlOTMjGDvzMsTPi3I2g==&7nVT9d=P6AhC8Yh4LuLMhK0
Click to see the 9 hidden entries
www.nordicbatterybelt.net/n58i/
http://www.integrity.directory/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=unnhyE6s8wGaSGOfJAqqywl5AWsKat8KABC8TJyOz0JlXUzqDPtAwNp8gBEuIS9Csn5pfDFizQ==
http://www.sashaignatenko.com/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=IQPyE+VrRvak8LK8nAdRdA+GXS2RT8iR9v4gvsbeLz4LfgOhT+qf8KqQA9G0pMp8GxoQ9RLGrw==
http://www.autoitscript.com/autoit3/J
https://tilda.cc
https://www.domainnameshop.com/
https://www.domainnameshop.com/whois?currency=SEK&lang=sv
https://www.domeneshop.no/whois
https://www.domainnameshop.com/whois

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SRMETALINDUSTRIES.exe.log
 ASCII text, with CRLF line terminators
 #