Register Login

sloganpng

top title background image

E0QkjJowwG.exe

Status: finished

Submission Time: 2021-09-28 19:40:31 +02:00

Malicious

Spreader

Trojan

Adware

Spyware

Evader

Njrat

Comments

Tags

Details

Analysis ID:
492550
API (Web) ID:
860104
Analysis Started:

2021-09-28 20:03:17 +02:00
Analysis Finished:

2021-09-28 20:17:41 +02:00
MD5:
a1b69800aeb7ecbc49ebb13ce4a88737
SHA1:
96e25aed75903a5a84be3175c6e834a44833bc5d
SHA256:
09bc9c08f80f93317cd8769f85d8921787c677033a5b12a6c310fb92d83f6e41
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 26/61

Open Full Report

malicious

Score: 12/35

malicious

Score: 27/45

malicious

IPs

IP	Country	Detection
3.142.129.56	United States
3.142.81.166	United States
3.142.167.4	United States
Click to see the 3 hidden entries
13.58.157.220	United States
3.142.167.54	United States
3.19.130.43	United States

Domains

Name	IP	Detection
8.tcp.ngrok.io	3.19.130.43

URLs

Name	Detection
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
http://www.enigmaprotector.com/
http://pki-ocsp.symauth.com0
Click to see the 2 hidden entries
http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
http://www.enigmaprotector.com/openU

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\33a62d2d2e6f6fc30153b1b0408eca36.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Yandex.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#