Register Login

sloganpng

top title background image

63.exe

Status: finished

Submission Time: 2022-05-13 14:01:14 +02:00

Malicious

Trojan

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
626030
API (Web) ID:
993534
Analysis Started:

2022-05-13 14:03:35 +02:00
Analysis Finished:

2022-05-13 14:12:35 +02:00
MD5:
638161fea451ac9d2cff99a9b9a7446c
SHA1:
0ebd57241094f53ce80470edd61bfc0c8361eb2a
SHA256:
f144a51298e1e037133ad60094a271af9d65501a3ab5e41527efb6bcb56ccf58
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 48/71

malicious

Score: 26/40

malicious

URLs

Name	Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://api.telegram.org/bot1160330796:AAF3SAwgW-OTi9M5kDhSZUlENwhKRvFOWe8/sendDocumentdocument-----
Click to see the 9 hidden entries
http://crl.thawte.com/ThawteTimestampingCA.crl0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://api.telegram.org/bot1160330796:AAF3SAwgW-OTi9M5kDhSZUlENwhKRvFOWe8/
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://ocsp.thawte.com0
http://ZPEHvd.com
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\63.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\RegAsm.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\851a6346-8539-40b9-b694-d1d5343c092e\o.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#