Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search
Register Login
sloganpng
flash

SW0P9o9ksjpBsnr.exe

Status: finished
Submission Time: 2022-01-04 15:02:12 +01:00
Malicious
Phishing
Trojan
Spyware
Exploiter
Evader
HawkEye Remcos AgentTesla AveMaria MailP

Comments

Tags

  • exe
  • RemcosRAT

Details

  • Analysis ID:
    547727
  • API (Web) ID:
    915249
  • Analysis Started:
    2022-01-04 15:04:39 +01:00
  • Analysis Finished:
    2022-01-04 15:21:14 +01:00
  • MD5:
    27f2a9688ec34fc8aa3b0fee4757dd71
  • SHA1:
    9464f6bea3222c5598ecd9d29a8bc68c0998f926
  • SHA256:
    5733ad0577f5b8fc7e939b1daff3ff98b339bb47542a138b659e47b9001fbbd2
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
26/34

malicious
25/28

malicious

IPs

IP Country Detection
185.157.161.174
 Sweden
104.16.155.36
 United States
66.29.159.53
 United States

Domains

Name IP Detection
whatismyipaddress.com
 104.16.155.36
smtp.privateemail.com
 66.29.159.53
9.96.11.0.in-addr.arpa
 0.0.0.0

URLs

Name Detection
http://www.sajatypeworks.comAt
http://www.urwpp.deDPlease
http://whatismyipaddress.com/
Click to see the 56 hidden entries
http://www.nirsoft.net/
http://www.zhongyicts.com.cn
http://www.sajatypeworks.come
http://www.sakkal.com
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://DynDns.comDynDNS
https://sectigo.com/CPS0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://www.carterandcone.comslnt
http://www.monotypeimaging.c
http://smtp.privateemail.com
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
https://KXOf8Lcd51drIxRwI.orgInProcServer32
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://crl.c
http://www.jiyu-kobo.co.jp/
https://KXOf8Lcd51drIxRwI.orgInprocHandler
http://www.fontbureau.com/designers8
https://www.google.com/accounts/servicelogin
https://github.com/syohex/java-simple-mine-sweeperC:
http://CDIeMO.com
http://www.fontbureau.comceaY
http://www.tiro.comB
http://127.0.0.1:HTTP/1.1
http://www.fontbureau.com/designersG
https://KXOf8Lcd51drIxRwI.orgd=
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://ocsp.sectigo.com0
https://KXOf8Lcd51drIxRwI.org
http://www.tiro.com2
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers/P
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.carterandcone.com
http://hWWJFF.com
https://github.com/syohex/java-simple-mine-sweeper
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
https://KXOf8Lcd51drIxRwI.org81
http://www.carterandcone.comC
http://whatismyipaddress.com/-
http://www.galapagosdesign.com/DPlease
https://login.yahoo.com/config/login
http://www.fonts.com
http://www.sandoll.co.kr

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\hawkstartup.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\100\100.exe (copy)
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\100\100.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\warz.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmpG759.tmp (copy)
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmpG223.tmp (copy)
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\rem.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\ori4.0dec23sta.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\ori2.0dec23sta.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\hawkstartup.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\bin.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\images.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SW0P9o9ksjpBsnr.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_223659.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_002712.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_001710.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_000709.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_235707.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_234706.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_233705.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_232703.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_231702.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_230701.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_225700.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_224700.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_220657.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_222659.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_221658.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_210644.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_040730.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_211648.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_212650.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_213652.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_214654.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_215655.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_021724.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_035730.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_034729.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_033729.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_032728.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_031728.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_030727.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_025727.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_024726.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_023725.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_022725.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_003716.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_020724.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_015723.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_014723.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_013722.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_012722.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_011721.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_010719.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_005718.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220105_004717.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_152610.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_170621.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_165621.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_164620.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_163620.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_162619.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_161618.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_160618.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_155617.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_154611.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_153610.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_171622.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_151605.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_150604.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_who4ph3w.f4y.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ssu14o0g.t05.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhvqfjsx.lnn.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f30gmf23.2tk.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eu3ejk2l.dei.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4rgqrzb1.mio.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\SysInfo.txt
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_190632.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_204640.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_203640.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_202639.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_201639.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_200638.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_195638.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_194637.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_193634.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_192634.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_191633.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_205642.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_185631.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_184628.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_183627.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_182626.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_181626.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_180625.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_175625.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_174624.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_173623.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Roaming\Screenshots\time_20220104_172623.png
 PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
 #