YogaDNSSetup.exe

Status: finished

Submission Time: 2022-03-30 00:01:30 +02:00

Suspicious

Trojan

Comments

Details

Analysis ID:
599656
API (Web) ID:
967170
Analysis Started:

2022-03-30 00:02:03 +02:00
Analysis Finished:

2022-03-30 00:19:20 +02:00
MD5:
ac752df0ebb3fc9fcbb3b906b4050c17
SHA1:
7f4686f519ffcab1510a6c422206387b3a89c134
SHA256:
2224b2d7b8fc7782f59ef6cbf8b15f98051309b2c6ab395836563954ce63b1e9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	suspicious Score: 28	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
172.104.9.252	United States

Domains

Name	IP	Detection
yogadns.com	172.104.9.252
www.yogadns.com	0.0.0.0

URLs

Name	Detection
https://download.dnscrypt.info/blacklists/
https://fr.dnscrypt.info
https://www.yogadns.com/download/
Click to see the 52 hidden entries
https://dnscrypt.info/doc
https://cdome.comodo.com/shield/
https://userspace.com.au
https://dnswarden.com
https://fr.dnscrypt.info/sfw.html
https://www.dnscrypt.uk
https://yogadns.com/resolvers/resolvers.md
https://www.yogadns.com/download
http://www.yogadns.comQ6(
http://nawala.id
https://yogadns.com/docs/#serviceOpen%Ts
http://www.micft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crl0
https://blahdns.com/
https://www.yogadns.com/last_versions/windows/13100/
https://www.yogadns.com
https://quad9.net/
https://www.openssl.org/H
http://www.yogadns.com
https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md
https://cruisemaniac.com)
https://yogadns.com/resolvers/resolvers.mdesb_
https://www.yogadns.com/pricing/
https://powerdns.org
https://www.yogadns.com/pricing/buy.html
https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md
https://www.quad9.net/quad9-resolvers.md
http://127.0.0.1:8888
https://dns.seby.io
https://github.com/DNSCrypt/dnscrypt-resolvers
https://dnscrypt-tupi.org/
https://cleanbrowsing.org/
https://www.rubyfish.cn/
https://www.yogadns.com/last_versions/windows/(Update
https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md
https://www.yogadns.comIncorrect
https://yogadns.com/docs/runasCannot
https://arvind.io).
https://dnscrypt.info/public-servers
https://dnscrypt.nl
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
https://yogadns.com/resolvers/resolvers.mdhttps://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolv
https://www.yogadns.com/pricing/buy.htmlsystemunknown
https://download.dnscrypt.info/resolvers-list/v2/parental-control.md
https://www.remobjects.com/ps
https://www.innosetup.com/
https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md
https://yogadns.com/resolvers/resolvers.mdWS
https://www.yogadns.com/last_versions/windows/
http://dnscrypt.me
https://my.nextdns.io/startOpen
https://www.yogadns.com/download/f

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\is-HAI0J.tmp\YogaDNSSetup.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\libcrypto-1_1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Windows\system32\DRIVERS\DnsFltEngineDrv.sys (copy)	PE32+ executable (native) x86-64, for MS Windows	#
Click to see the 29 hidden entries
C:\Windows\System32\drivers\SET3827.tmp	PE32+ executable (native) x86-64, for MS Windows	#
C:\Users\user\AppData\Roaming\YogaDNS\Configuration.xml	XML 1.0 document, ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\is-BAV9K.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl	data	#
C:\Users\Public\Desktop\YogaDNS.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 29 21:03:54 2022, mtime=Tue Mar 29 21:03:54 2022, atime=Thu Feb 3 10:55:10 2022, length=4972464, window=hide	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YogaDNS\YogaDNS.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 29 21:03:54 2022, mtime=Tue Mar 29 21:03:54 2022, atime=Thu Feb 3 10:55:10 2022, length=4972464, window=hide	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YogaDNS\YogaDNS Service Manager.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 29 21:03:59 2022, mtime=Tue Mar 29 21:03:59 2022, atime=Mon Sep 27 15:45:52 2021, length=740272, window=hide	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YogaDNS\Uninstall YogaDNS.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 29 21:03:54 2022, mtime=Tue Mar 29 21:03:54 2022, atime=Tue Mar 29 21:03:16 2022, length=3202504, window=hide	#
C:\Program Files (x86)\YogaDNS\unins000.msg	data	#
C:\Program Files (x86)\YogaDNS\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\unins000.dat	data	#
C:\Program Files (x86)\YogaDNS\root.key (copy)	ASCII text	#
C:\Program Files (x86)\YogaDNS\public-resolvers.md (copy)	UTF-8 Unicode text	#
C:\Program Files (x86)\YogaDNS\Driver\DnsFltEngineDrv.inf (copy)	Windows setup INFormation, ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\YogaDNS\is-VKNMA.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\is-VCP4T.tmp	UTF-8 Unicode text	#
C:\Program Files (x86)\YogaDNS\is-S3AL5.tmp	ASCII text	#
C:\Program Files (x86)\YogaDNS\is-QTSO1.tmp	ASCII text	#
C:\Program Files (x86)\YogaDNS\is-OA2B1.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\is-MENUL.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\is-GG959.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Program Files (x86)\YogaDNS\is-44LQ8.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\dnscrypt.dll (copy)	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\dnscrypt-proxy.toml (copy)	ASCII text	#
C:\Program Files (x86)\YogaDNS\YogaDNS.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\ServiceManager.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\YogaDNS\Driver\is-UMI1O.tmp	Windows setup INFormation, ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\YogaDNS\Driver\is-A6E8V.tmp	PE32+ executable (native) x86-64, for MS Windows	#
C:\Program Files (x86)\YogaDNS\Driver\DnsFltEngineDrv.sys (copy)	PE32+ executable (native) x86-64, for MS Windows	#

YogaDNSSetup.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

YogaDNSSetup.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

YogaDNSSetup.exe