top title background image
flash

EPAYMENT.exe

Status: finished
Submission Time: 2022-05-11 10:16:05 +02:00
Malicious
Trojan
Evader
GuLoader

Comments

Tags

  • exe

Details

  • Analysis ID:
    624181
  • API (Web) ID:
    991685
  • Analysis Started:
    2022-05-11 10:16:05 +02:00
  • Analysis Finished:
    2022-05-11 10:40:04 +02:00
  • MD5:
    9811d64e29ef53e107f9379526cfd338
  • SHA1:
    b6e84580f902a0c3d3f77748a2a027c9fe42db68
  • SHA256:
    e94bcf64e3affd0a755df05fc1f8c7fba1fb98303e433edff4d98f75d1e4fdf8
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 88
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

malicious
Score: 7/41

IPs

IP Country Detection
162.159.129.233
United States

Domains

Name IP Detection
cdn.discordapp.com
162.159.129.233

URLs

Name Detection
https://cdn.discordapp.com/attachments/973717070128771135/973718274879651920/divinbot_LnXMPAfP50.bin
http://www.symauth.com/cps0(
https://cdn.discordapp.com/attachments/973717070128771135/973717952987820073/a1.exehttps://cdn.disco
Click to see the 17 hidden entries
http://nsis.sf.net/NSIS_ErrorError
https://cdn.discordapp.com/
https://cdn.discordapp.com/X
https://sectigo.com/CPS0D
https://cdn.discordapp.com/soft
http://www.nero.com
http://ocsp.thawte.com0
https://cdn.discordapp.com/lowedCert_AutoUpdate_1
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://www.symauth.com/rpa00
http://ocsp.sectigo.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://creativecommons.org/licenses/by-sa/4.0/
https://cdn.discordapp.com/attachments/973717070128771135/973717952987820073/a1.exe
https://cdn.discordapp.com/H
https://cdn.discordapp.com/(
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\ArmouryCrate.AppServiceBridge.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\NeroCmd.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Nysene7.Bru4
data
#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Temp\a1.exe
XML 1.0 document text
#
C:\Users\user\AppData\Local\Temp\audio-x-generic.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Temp\camera-photo.png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Temp\libtclsqlite3.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\list-drag-handle-symbolic.svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Temp\nsm2F8C.tmp\LangDLL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsm2F8C.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#