Register Login

sloganpng

top title background image

Kapitu.exe

Status: finished

Submission Time: 2021-09-27 14:55:11 +02:00

Malicious

Trojan

Evader

GuLoader

Comments

Tags

Details

Analysis ID:
491405
API (Web) ID:
858973
Analysis Started:

2021-09-27 14:57:50 +02:00
Analysis Finished:

2021-09-27 15:18:32 +02:00
MD5:
149b6bd6b0d3dd2b0fbb111632d59fcc
SHA1:
33cdaa42e1a5c1fad1aa4f38dd9ad6ea75113aa7
SHA256:
b622dbe802148305104ef456835748d2fc0d8edeffa64787c43c78bcb1914b2f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

Open Full Report

malicious

Score: 13/64

IPs

IP	Country	Detection
142.250.186.110	United States

Domains

Name	IP	Detection
drive.google.com	142.250.186.110

URLs

Name	Detection
https://drive.google.com/
https://drive.google.com/_a
https://watson.telemet

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_8e77c7606944d14a4a77d55b81e0b269ca1184a3_e9e275a3_cbb8e5b7-b486-4e03-a377-23ec05ba81b4\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECCC.tmp.dmp	Mini DuMP crash report, 14 streams, Mon Sep 27 14:12:54 2021, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF180.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
Click to see the 1 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF24C.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#