Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

DocumentoSENAMHI20222103.exe

Status: finished
Submission Time: 2022-03-21 14:21:34 +01:00
Malicious
Evader
Trojan
Exploiter
AveMaria LimeRAT UACMe

Comments

Tags

  • AveMariaRAT
  • exe
  • RAT

Details

  • Analysis ID:
    593268
  • API (Web) ID:
    960785
  • Analysis Started:
    2022-03-21 14:31:54 +01:00
  • Analysis Finished:
    2022-03-21 14:59:28 +01:00
  • MD5:
    81ba3d2de48272d692c4e6604e6b1db9
  • SHA1:
    921e7008881d5e0e9a788ee310ddef60b343c647
  • SHA256:
    eef5ae48384a5c5dff5d4c7b1a768c4eb1fe5d3df0347c85c9c1b404327dbba9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 56
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

Open Full Report
malicious
Score: 11/35
malicious
Score: 38/41
malicious
malicious

IPs

IP Country Detection
172.111.242.20
 United States
104.23.98.190
 United States

Domains

Name IP Detection
pastebin.com
 104.23.98.190

URLs

Name Detection
http://172.111.242.20/Chrome.exeTTC:
http://172.111.242.20/Chrome.exer
http://172.111.242.20/Chrome.exe
Click to see the 18 hidden entries
http://172.111.242.20/Chrome.exen
172.111.242.20
http://172.111.242.20/Chrome.exelr
http://pki.goog/repo/certs/gtsr1.der04
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://pki.goog/repository/0
https://github.com/syohex/java-simple-mine-sweeperC:
http://ocsp.rootca1.amazontrust.com0:
http://crl.pki.goog/gtsr1/gtsr1.crl0W
http://crl.rootca1.amazontrust.com/rootca1.crl0
http://www.mozilla.com0
http://crt.rootca1.amazontrust.com/rootca1.cer0?
https://pastebin.com/raw/03PEm7js
http://ocsp.thawte.com0
http://x1.i.lencr.org/0
http://x1.c.lencr.org/0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://www.mozilla.com/en-US/blocklist/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\Chrome[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\IconLib.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\chrome.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 13 hidden entries
C:\Users\user\AppData\Roaming\wtqsCpda..exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\chrome.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wtqsCpda..exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\freebl3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\mozglue.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\msvcp140.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\nss3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\softokn3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\vcruntime140.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\EGyCDiG.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Roaming\G.yeqff.tmp
 SQLite 3.x database, last written using SQLite version 3036000
 #
C:\Users\user\AppData\Roaming\tbvIBlF.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Roaming\xKvvlF..tmp
 SQLite 3.x database, last written using SQLite version 3035005
 #