Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

IMG-000284794.exe

Status: finished
Submission Time: 2022-01-14 15:06:24 +01:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • xloader

Details

  • Analysis ID:
    553254
  • API (Web) ID:
    920776
  • Analysis Started:
    2022-01-14 15:06:26 +01:00
  • Analysis Finished:
    2022-01-14 15:13:17 +01:00
  • MD5:
    abd28466f7cb80d6da36fed9f3e6bef4
  • SHA1:
    fb2911028f32b2b3c07004a21e84773e3efd1519
  • SHA256:
    5686f840b9b2834952367cd9c37ec4c8385bcc90348dd3a92e488c0faebed85a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 24/69

URLs

Name Detection
www.129qihu.com/c6si/
http://upx.sf.net

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IMG-000284794.exe.log
 ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aspnet_regbrowse_f95c31a2fdc9c125db8ce65728fe31536eece7ae_029cb4bf_1487ecfd\Report.wer
 Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER52C0.tmp.dmp
 Mini DuMP crash report, 14 streams, Fri Jan 14 23:08:24 2022, 0x1205a4 type
 #
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER56D8.tmp.WERInternalMetadata.xml
 XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5AC1.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Windows\appcompat\Programs\Amcache.hve
 MS Windows registry file, NT/2000 or above
 #
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
 MS Windows registry file, NT/2000 or above
 #