Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Noua lista de comenzi.exe

Status: finished
Submission Time: 2022-01-28 19:00:55 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    562316
  • API (Web) ID:
    929842
  • Analysis Started:
    2022-01-28 19:01:13 +01:00
  • Analysis Finished:
    2022-01-28 19:18:35 +01:00
  • MD5:
    c6c9905431f32998369ba3fce5743a2b
  • SHA1:
    7523dc8923179973879c227ad1776ff583660e3d
  • SHA256:
    527036f9e449de86dc23ca03f80ea7da2d0ee7d7752203bbfad4ffb9237a19a8
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 23/70
malicious

IPs

IP Country Detection
198.54.117.217
 United States
52.89.53.122
 United States
172.120.156.91
 United States
Click to see the 13 hidden entries
162.0.214.189
 Canada
23.227.38.74
 Canada
192.0.78.240
 United States
162.159.130.233
 United States
162.0.232.169
 Canada
119.28.141.142
 China
154.90.64.134
 Seychelles
34.90.73.145
 United States
34.102.136.180
 United States
157.90.247.57
 United States
198.54.117.215
 United States
206.188.193.90
 United States
162.159.134.233
 United States

Domains

Name IP Detection
www.20dzwww.com
 172.120.156.91
www.pkem.top
 52.89.53.122
www.handejqr.com
 0.0.0.0
Click to see the 29 hidden entries
www.game2plays.com
 0.0.0.0
www.kreativevisibility.net
 0.0.0.0
www.awp.email
 0.0.0.0
www.librairie-adrienne.com
 0.0.0.0
www.mehfeels.com
 0.0.0.0
www.alifdanismanlik.com
 0.0.0.0
www.bendyourtongue.com
 0.0.0.0
www.alert78.info
 0.0.0.0
www.protection-onepa.com
 0.0.0.0
www.fabio.tools
 0.0.0.0
www.rematedeldia.com
 0.0.0.0
www.cielotherepy.com
 0.0.0.0
www.byausorsm26-plala.xyz
 0.0.0.0
www.the-pumps.com
 0.0.0.0
www.ahmadfaizlajis.com
 0.0.0.0
alifdanismanlik.com
 157.90.247.57
www.anniebapartments.com
 206.188.193.90
game2plays.com
 162.0.232.169
a58e4c82ccde743a88da9ce6c3a75eed-962232103.ap-southeast-1.elb.amazonaws.com
 3.1.123.15
librairie-adrienne.com
 192.0.78.240
www.bubu3cin.com
 162.0.214.189
dns.zhanh.com
 119.28.141.142
shops.myshopify.com
 23.227.38.74
bendyourtongue.com
 34.102.136.180
mehfeels.com
 34.102.136.180
www.t1uba.com
 154.90.64.134
cdn.discordapp.com
 162.159.134.233
parkingpage.namecheap.com
 198.54.117.215
www.bestpleasure4u.com
 34.90.73.145

URLs

Name Detection
http://www.game2plays.com/euv4/?BXxXk=cI3g5knJJqXkP8IW+Xza8klzbxDoXV64MSKEiVzom8B632K++iscclio36YMg8rUOzdW&x6VPE=5jf8Bvhx9
http://www.handejqr.com/euv4/?x6VPE=5jf8Bvhx9&BXxXk=85mQjwU+wMRs83r0GOSrcIreOiba9zyWW+CS0GLKbh9gHly9YGpiGKD2AN9MIjoCEE7/
http://www.the-pumps.com/euv4/?x6VPE=5jf8Bvhx9&BXxXk=HAa1B5AppjYU5aCns58Lm/lX0LPKjP/AouTCOfgyvRhMztBouTXibUsUAqGI4dNLtbsU
Click to see the 28 hidden entries
www.rematedeldia.com/euv4/
http://www.rematedeldia.com/euv4/?x6VPE=5jf8Bvhx9&BXxXk=E+AdldMsUtuIxZV3GzeilCEOXtaM5yG6oWVR/2hlbhe5LZ2inqV2BFV3XKjv+n3r1qMt
http://www.bubu3cin.com/euv4/?nN6=6lpDqpn0n2Bl9fTP&BXxXk=VDDx94hhTdSNTCzmF9hTsMJmJeW9wjNyCbqxx3PVlc1UBFQ0O06RW6LJ7Dcbeoyo6ajj
http://www.alifdanismanlik.com/euv4/?x6VPE=5jf8Bvhx9&BXxXk=TRVfPireTl1Is9Bc/KiHpdfMWo5oXu88iiOyppyrwJSTQqYmoSBf8ZBQ12CtfhZ4Lehs
http://www.librairie-adrienne.com/euv4/?x6VPE=5jf8Bvhx9&BXxXk=oa9knNpzlYsET7a400NCf8AEb2m6hfIC7IipfrPHZRwez4UH0nI2ep6CPiEzZPUmbJ08
http://www.anniebapartments.com/euv4/?BXxXk=2pA74KfmfI5hbfJaDEWFAi8e35ziQ8w4QN1jZFvj4D6XG6sLMhvt5UuKdjwJiJArEaUB&x6VPE=5jf8Bvhx9
http://www.ahmadfaizlajis.com/euv4/
http://www.pkem.top/euv4/?nN6=6lpDqpn0n2Bl9fTP&BXxXk=rHTt4/gAXbFdLDnVce2ivV2H4joOeuBJUkkeDtonXvza2SG7LjkAPmebStjpTvpYTNdp
http://www.20dzwww.com/euv4/?x6VPE=5jf8Bvhx9&BXxXk=cWiJLLMFkNIAGeNHPwohgYgPINYIsRPE+G/+VQN9zUpY6o9lKCFsb+tpXVk1tI7skOBU
http://www.t1uba.com/euv4/?BXxXk=a7oTRd/pafA2z6myMPYHhwtmlIDdFKKQLm2w9Ocm2aQfWI2wtWEKtniCrep29h+E27Ao&x6VPE=5jf8Bvhx9
http://www.cielotherepy.com/euv4/?BXxXk=HPV4Q5EPJeH3saw4EFBeN7zL1ZdIcL1Uj7IqLRyb3oQKdylxfekoquh9Ej8w+ItW/Czf&nN6=6lpDqpn0n2Bl9fTP
http://www.bubu3cin.com/euv4/?BXxXk=VDDx94hhTdSNTCzmF9hTsMJmJeW9wjNyCbqxx3PVlc1UBFQ0O06RW6LJ7Dcbeoyo6ajj&x6VPE=5jf8Bvhx9
https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngQcd
https://www.google.com/chrome/g
http://www.msn.com/ocid=iehp141
http://www.bendyourtongue.com/euv4/?BXxXk=dD0iDvhn43tXR1Irz5moIEmsbBY1tPeSvnURlL34d3R1xCqqo0E9W1015A+nmD7pBEru&x6VPE=5jf8Bvhx9
https://cdn.discordapp.com/attachments/935207028299796504/936481003038449725/Tdfgwnfyyvslxmhqyfimidqqywchnji
http://www.msn.com/de-ch/ocid=iehp
http://www.msn.com/de-ch/?ocid=iehp3
http://www.mehfeels.com/euv4/?BXxXk=QBHbLVxXFBQ8vZs3HYaMEcVKayZ3Jv10zmSp74hjINFs4RkrUT15e8jtDg9xTHBGuf3s&nN6=6lpDqpn0n2Bl9fTP
http://www.msn.com/?ocid=iehp
http://www.msn.com/de-ch/?ocid=iehp
http://www.mehfeels.com/euv4/
http://www.ahmadfaizlajis.com
https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0
https://www.google.com/chrome/
http://www.bestpleasure4u.com/euv4/?nN6=6lpDqpn0n2Bl9fTP&BXxXk=0/dJtH7M4g2rGzhc4ssn0iUTCcnOaabGkVzvgj8FSqwfpf+jwBLQmuE48r3s2Xb3yHtY
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png

Dropped files

Name File Type Hashes Detection
C:\Users\user\Contacts\Tdfgwnfyyv.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\Contacts\Tdfgwnfyyv.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Tdfgwnfyyvslxmhqyfimidqqywchnji[1]
 data
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Tdfgwnfyyvslxmhqyfimidqqywchnji[1]
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Tdfgwnfyyvslxmhqyfimidqqywchnji[2]
 data
 #
C:\Users\user\AppData\Local\Temp\Fg00t0t5x\6ld01n28q8c.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\Contacts\vyyfnwgfdT.url
 MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Contacts\\Tdfgwnfyyv.exe">), ASCII text, with CRLF line terminators
 #