Register Login

sloganpng

top title background image

SecuriteInfo.com.Gen.Variant.Lazy.175154.8129.exe

Status: finished

Submission Time: 2022-05-22 12:32:06 +02:00

Malicious

Phishing

Trojan

Spyware

Exploiter

Evader

AveMaria, UACMe

Comments

Tags

Details

Analysis ID:
631792
API (Web) ID:
999296
Analysis Started:

2022-05-22 12:32:06 +02:00
Analysis Finished:

2022-05-22 12:43:24 +02:00
MD5:
dabc6f0c75c134e5310ba3526adba833
SHA1:
854ec103a64182c97e8f25e45da04889dbbbf3ff
SHA256:
9f9bae001065a649a78ce6de997f160ef32d03a2c28f4633a8386f75c938cadf
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/65

Open Full Report

malicious

Score: 7/35

malicious

Score: 13/26

malicious

IPs

IP	Country	Detection
23.227.202.157	United States

URLs

Name	Detection
23.227.202.157
https://support.google.com/chrome/?p=plugin_flash
http://stascorp.comDVarFileInfo$
Click to see the 9 hidden entries
http://www.microsoft.
http://crl.micro
https://github.com/syohex/java-simple-mine-sweeperC:
http://schemas.xmlsoap.org/soap/encoding/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://crl.microsof
https://support.google.com/chrome/answer/6258784
https://github.com/syohex/java-simple-mine-sweeper
http://schemas.xmlsoap.org/wsdl/

Dropped files

Name	File Type	Hashes	Detection
C:\Program Files\Microsoft DN1\sqlmap.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\ProgramData:ApplicationData	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
C:\ProgramData\images.exe	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed	#
Click to see the 15 hidden entries
C:\ProgramData\images.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat	ASCII text, with no line terminators	#
\Device\ConDrv	ASCII text, with CRLF, CR line terminators	#
C:\Program Files\Microsoft DN1\rdpwrap.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20220522\PowerShell_transcript.301389.c9F2HF06.20220522123314.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20220522\PowerShell_transcript.301389.NKMfFw_y.20220522123330.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\pBlACIg.tmp	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Roaming\GmCssxF.tmp	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ujlz1kts.jjg.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oeqxrick.g20.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_caqnsxdv.wy2.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b1iuid1f.5zn.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#