Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

RIP_YOUR_PC_LOL.exe

Status: finished
Submission Time: 2022-03-08 17:54:15 +01:00
Malicious
Trojan
Adware
Spyware
Evader
HawkEye Nanocore njRat AsyncRAT Azorult

Comments

Tags

  • exe

Details

  • Analysis ID:
    585264
  • API (Web) ID:
    952781
  • Analysis Started:
    2022-03-08 17:59:22 +01:00
  • Analysis Finished:
    2022-03-08 18:16:43 +01:00
  • MD5:
    52867174362410d63215d78e708103ea
  • SHA1:
    7ae4e1048e4463a4201bdeaf224c5b6face681bf
  • SHA256:
    37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 43/68
Open Full Report
malicious
Score: 29/34
malicious
Score: 28/28
malicious

IPs

IP Country Detection
179.13.1.253
 Colombia
172.98.92.42
 United States
41.249.51.34
 Morocco
Click to see the 2 hidden entries
52.20.78.240
 United States
80.87.192.115
 Russian Federation

Domains

Name IP Detection
kazya1.hopto.org
 41.249.51.34
yabynennet.xyz
 45.129.99.212
api.ipify.org.herokudns.com
 52.20.78.240
Click to see the 13 hidden entries
whatismyipaddress.com
 104.16.154.36
pool.usa-138.com
 220.86.85.75
hackerinvasion.f3322.net
 127.0.0.1
us-east-1.route-1000.000webhost.awex.io
 145.14.144.149
gfhhjgh.duckdns.org
 179.13.1.253
files.000webhost.com
 0.0.0.0
22ssh.com
 0.0.0.0
123.105.12.0.in-addr.arpa
 0.0.0.0
store-images.s-microsoft.com
 0.0.0.0
pretorian.ac.ug
 0.0.0.0
api.ip.sb
 0.0.0.0
api.ipify.org
 0.0.0.0
prepepe.ac.ug
 0.0.0.0

URLs

Name Detection
http://www.zhongyicts.com.cnts
https://login.yahoo.com/config/login
http://www.founder.com.cn/cnv
Click to see the 97 hidden entries
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm
http://www.fontbureau.com/designersh
http://www.typography.netD
http://www.carterandcone.com.
http://www.fontbureau.comoX
http://www.carterandcone.com
http://www.goodfont.co.kr
http://www.tiro.com
http://www.fontbureau.comrsiv
http://www.founder.com.cn/cnT
http://www.jiyu-kobo.co.jp/jp/J
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.jiyu-kobo.co.jp/jp/C
http://www.fontbureau.com/designers/?
http://www.urwpp.deMTq
http://www.fontbureau.com/designersG
http://www.fontbureau.comFX
http://www.jiyu-kobo.co.jp/ls
http://www.carterandcone.comkC
http://www.fontbureau.comsiv/C
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.comd
http://www.fontbureau.coma
http://www.fontbureau.com/designers/cabarga.htmlf
http://www.jiyu-kobo.co.jp/jp/
http://whatismyipaddress.com
https://whatismyipaddress.comx&
http://www.fontbureau.comtu
http://www.urwpp.deR
http://www.founder.com.cp
http://ocsp.thawte.com0
http://www.carterandcone.comTC
http://www.founder.com.cn/cn$
http://www.fontbureau.comF
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
https://whatismyipaddress.com/
http://www.fontbureau.comonyn
http://www.jiyu-kobo.co.jp/jp/X
http://www.carterandcone.como.W
http://www.sakkal.com
http://www.urwpp.de
http://www.sandoll.co.kr
http://www.fonts.com
http://www.ascendercorp.com/typedesigners.html
http://www.zhongyicts.com.cno.W
http://www.carterandcone.comY
http://www.jiyu-kobo.co.jp/Q
http://www.jiyu-kobo.co.jp/X
http://www.i.
http://schemas.microsof
http://www.zhongyicts.com.cn
http://www.nirsoft.net/
http://whatismyipaddress.com/
http://www.urwpp.deDPlease
http://www.tiro.com&
http://www.site.com/logs.php
http://www.jiyu-kobo.co.jp/J
http://www.jiyu-kobo.co.jp/)
http://www.galapagosdesign.com/DPlease
http://whatismyipaddress.com/-
http://www.fontbureau.comlicd
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
http://www.sakkal.comm
http://www.founder.com.cn/cn/cThe
http://www.sajatypeworks.com
http://www.fontbureau.com/designers
http://www.fontbureau.comd&
http://www.urwpp.derasg
http://www.jiyu-kobo.co.jp/jp/)
http://api.ipify.org/?format=xml
http://www.founder.com.cn/cncz$
http://www.tiro.comic
http://www.freeeim.com/D
https://www.google.com/accounts/servicelogin
http://www.jiyu-kobo.co.jp/g
http://www.fontbureau.comitu
http://www.jiyu-kobo.co.jp/i
http://www.fontbureau.com/C
http://www.zhongyicts.com.cnY
http://www.jiyu-kobo.co.jp/n
http://www.jiyu-kobo.co.jp/eu-e
http://www.tiro.com=
http://www.symauth.com/rpa00
http://www.fonts.comC
http://www.fontbureau.com/designers/frere-jones.html
http://www.zhongyicts.co
http://www.founder.com.cn/cn/
https://www.cloudflare.com/5xx-error-landing
http://www.carterandcone.coml
http://www.symauth.com/cps0(
http://www.founder.com.cn/cncz
http://www.carterandcone.comt
http://www.zhongyicts.com.cnm

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
 data
 #
C:\Windows\Help\active_desktop_render.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Help\Winlogon.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 29 hidden entries
C:\Windows\Cursors\WUDFhosts.exe
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Roaming\test.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\mediaget.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\healastounding.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\gay.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\aaa.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\a.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\___11.19.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\Pluto Panel.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\Opus.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a797c6ca3f5e7aff8fa1149c47fe9466.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\4.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RIP_YOUR_PC_LOL.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\healastounding.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\Dcvxaamev.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\FFDvbcrdfqs.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmp4896.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\0fd7de5367376231a788872005d7ed4f.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\22.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\3.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\8f1c8b40c7be588389a8d382040b23bb.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmp5D87.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\5JOCE52U.txt
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\gay.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\aaa.exe.log
 ASCII text, with CRLF line terminators
 #
C:\ProgramData\kaosdma.txt
 ASCII text, with no line terminators
 #