ValorantLogin.exe

Status: finished

Submission Time: 2021-10-22 22:48:06 +02:00

Malicious

Trojan

Exploiter

Evader

Nanocore

Comments

Details

Analysis ID:
507920
API (Web) ID:
875495
Analysis Started:

2021-10-22 22:50:41 +02:00
Analysis Finished:

2021-10-22 23:07:26 +02:00
MD5:
386cac9659ba1370f91a99b738d6c981
SHA1:
1713922b4947819c0709b15089a45524e43b5121
SHA256:
c164e654b7108dc60d879909d7b8fefa989c9b4058d1fb1db85a68e6a1b93ab5
Technologies:

Engines
IOCs

Joe Sandbox

Download Report	Detection	Info
	malicious
Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report	clean 0/100

Third Party Analysis Engines

Open Full Report

malicious

Score: 21/66

Open Full Report

malicious

Score: 5/35

malicious

Score: 18/28

IPs

IP	Country	Detection
162.159.129.233	United States
162.159.133.233	United States
185.140.53.3	Sweden
Click to see the 1 hidden entries
162.159.134.233	United States

Domains

Name	IP	Detection
cdn.discordapp.com	162.159.134.233
fridaycav.duckdns.org	185.140.53.3

URLs

Name	Detection
https://cdn.discordapp.com
http://google.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Click to see the 2 hidden entries
https://cdn.discordapp.com/attachments/893177342426509335/897507182801723452/C65065E4.jpg
https://cdn.discordapp.com/attachments/893177342426509335/897507184655605810/055DA049.jpg

Dropped files

Name	File Type	Hashes
C:\Windows\Resources\Themes\aero\shell\svchost.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Windows\Resources\Themes\aero\shell\svchost.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat	data	#
Click to see the 34 hidden entries
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.RVZtbnAH.20211022225200.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5y32fnr.leo.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_meakmi1f.t4b.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzs2cwah.aos.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbbu3mvy.x5n.psm1	very short file (no magic)	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat	data	#
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.R9XrkU99.20211022225201.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_he1yasx0.rr3.ps1	very short file (no magic)	#
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.eHoNN7Jh.20211022225143.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.gUcnmDrK.20211022225202.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.nxWumIGU.20211022225145.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20211022\PowerShell_transcript.932923.wuJWUGZi.20211022225141.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#
C:\Windows\appcompat\Programs\Amcache.hve.LOG1	MS Windows registry file, NT/2000 or above	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEB9.tmp.txt	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3866.tmp.csv	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4102.tmp.txt	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7263.tmp.csv	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CF3.tmp.txt	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE11.tmp.dmp	Mini DuMP crash report, 15 streams, Fri Oct 22 20:52:05 2021, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFF4.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE218.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE2D1.tmp.csv	data	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ValorantLogin.ex_d3dae47f44387092f68ca1cb595871d71871171c_9e86c65d_1b86f724\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3bxehw53.30l.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4spir5cp.ks0.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bepvmxj4.oky.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfbgbltw.bmx.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bxhhxa5b.gac.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ceqjht5w.hno.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d3xcemaw.5wl.ps1	very short file (no magic)	#

ValorantLogin.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

ValorantLogin.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

ValorantLogin.exe