xy4V0UyNNa.exe

Status: finished

Submission Time: 2022-01-14 21:27:08 +01:00

Malicious

Trojan

Spyware

Evader

RedLine SmokeLoader Tofsee Vidar

Comments

Details

Analysis ID:
553418
API (Web) ID:
920940
Analysis Started:

2022-01-14 21:27:08 +01:00
Analysis Finished:

2022-01-14 21:44:30 +01:00
MD5:
c824b279afee8c274d1c7072cdd13e4e
SHA1:
5e22c9999eb74db217eca616961cabbc3c2d86d6
SHA256:
e1c6bc104782e17ee286ebcf3a480136a08aad725360ed13cf6bd2bd1f5ce9e6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 24/67

Open Full Report

malicious

Score: 16/35

malicious

Score: 25/28

malicious

IPs

IP	Country	Detection
188.166.28.199	Netherlands
185.233.81.115	Russian Federation
185.7.214.171	France
Click to see the 10 hidden entries
185.186.142.166	Russian Federation
94.142.143.116	Russian Federation
172.67.139.105	United States
86.107.197.138	Romania
8.209.70.0	Singapore
54.38.220.85	France
162.159.133.233	United States
52.101.24.0	United States
144.76.136.153	Germany
81.163.30.181	Russian Federation

Domains

Name	IP	Detection
ipwhois.app	136.243.172.101
unicupload.top	54.38.220.85
host-data-coin-11.com	8.209.70.0
Click to see the 9 hidden entries
patmushta.info	94.142.143.116
c9d0e790b353537889bd47a364f5acff43c11f248.xyz	185.112.83.97
cdn.discordapp.com	162.159.133.233
microsoft-com.mail.protection.outlook.com	52.101.24.0
goo.su	172.67.139.105
transfer.sh	144.76.136.153
api.telegram.org	149.154.167.220
data-host-coin-8.com	8.209.70.0
api.ip.sb	0.0.0.0

URLs

Name	Detection
http://81.163.30.181/l3.exe
http://unicupload.top/install5.exe
http://81.163.30.181/l2.exe
Click to see the 23 hidden entries
http://185.7.214.171:8080/6.php
http://data-host-coin-8.com/files/9030_1641816409_7037.exe
http://data-host-coin-8.com/files/6961_1642089187_2359.exe
http://data-host-coin-8.com/files/7729_1642101604_1835.exe
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://duckduckgo.com/chrome_newtab
http://help.disneyplus.com.
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://www.tiktok.com/legal/report
https://watson.telemetry.microsoft
https://disneyplus.com/legal.
http://data-host-coin-8.com/game.exe
https://www.disneyplus.com/legal/privacy-policy
https://ac.ecosia.org/autocomplete?q=
https://www.tiktok.com/legal/report/feedback
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://crl.ver)
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://host-data-coin-11.com/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://duckduckgo.com/ac/?q=
https://api.ip.sb/ip
https://www.disneyplus.com/legal/your-california-privacy-rights

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\A18E.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\SysWOW64\jusiylah\lnagngtg.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\jcewded:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 21 hidden entries
C:\Users\user\AppData\Roaming\jcewded	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\lnagngtg.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\F5CD.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\F377.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\EB0E.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\EA4E.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DD90.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\CB8E.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ADE3.exe	MS-DOS executable	#
C:\Users\user\AppData\Local\Temp\9642.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\8152.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\5CD1.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\55A1.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\4341.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_4341.exe_a0a96da5a23a017df6ab2ee7cdd0a3d6d0621e_0e995d71_1a4c4ae2\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\F377.exe.log	ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERACB0.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA7FC.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F31.tmp.dmp	Mini DuMP crash report, 14 streams, Sat Jan 15 05:29:03 2022, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E79.tmp.txt	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2967.tmp.csv	data	#

xy4V0UyNNa.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

xy4V0UyNNa.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

xy4V0UyNNa.exe