MultiHack Menu.exe

Status: finished

Submission Time: 2022-11-14 09:29:27 +01:00

Malicious

Trojan

Spyware

Evader

RedLine

Comments

Details

Analysis ID:
745400
API (Web) ID:
1112704
Analysis Started:

2022-11-14 09:29:29 +01:00
Analysis Finished:

2022-11-14 09:41:03 +01:00
MD5:
a88063e15a8ef3950e7ac3360b67498a
SHA1:
8ba734c86c9256303f735e181d3c793d3f28d24a
SHA256:
059c47f1fb93e65580c59415a40a376c8fc3168f13282f2f5efddd4c54ce0fac
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 28/72

malicious

IPs

IP	Country	Detection
77.73.134.2	Kazakhstan
172.217.168.46	United States
172.65.251.78	United States
Click to see the 1 hidden entries
65.21.213.208	United States

Domains

Name	IP	Detection
youtube-ui.l.google.com	172.217.168.46
gitlab.com	172.65.251.78
www.youtube.com	0.0.0.0

URLs

Name	Detection
77.73.134.2:24200
http://tempuri.org/Entity/Id19Responseon
http://tempuri.org/Entity/Id4y/
Click to see the 97 hidden entries
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
https://apis.google.com
http://tempuri.org/Entity/Id13Response
https://studio.youtube.com/youtubei/v1/att/esr?alt=json&key=https://studio.youtube.com/youtubei/v1/a
https://studio.youtube.com/youtubei/v1/security/get_web_reauth_url?alt=json&key=t
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
https://gitlab.com/assets/
https://studio.youtube.com28421709430404007434844970703125:
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
http://schemas.xmlsoap.org/ws/2004/06/addressingex
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
https://gitlab.com/proswapper/sdgsgs/-/raw/main/651387795.exe
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
https://studio.youtube.com/youtubei/v1/ars/grst?alt=json&key=net/http:
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
http://ocsp.sectigo.com0
http://tempuri.org/Entity/Id8Response
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
http://schemas.xmlsoap.org/soap/actor/next
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
http://schemas.xmlsoap.org/ws/2005/02/rm
http://tempuri.org/Entity/Id3Response
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
http://tempuri.org/Entity/Id18Response
http://schemas.xmlsoap.org/ws/2005/02/sc
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
https://search.yahoo.com?fr=crmas_sfp
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://schemas.xmlsoap.org/ws/2002/12/policy
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
https://www.youtube.com
https://www.youtube.com/getAcc
http://tempuri.org/Entity/Id15Response
https://studio.youtube.com/youtubei/v1/att/get?alt=json&key=invalid
http://schemas.xmlsoap.org/ws/2004/10/wsat
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
https://studio.youtube.com/youtubei/v1/security/get_web_reauth_url?alt=json&key=tls:
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
https://youtube.com/inconsistent
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
http://tempuri.org/Entity/Id21Response
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
http://tempuri.org/Entity/Id2Response
http://tempuri.org/
http://tempuri.org/Entity/Id12Response
https://duckduckgo.com/ac/?q=
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
https://duckduckgo.com/chrome_newtab
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
http://tempuri.org/Entity/Id5Response
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
https://www.youtube.comindex
https://www.google.com/recaptcha/
https://gitlab.com/-/speedscope/index.html
https://gitlab.com/admin/
http://schemas.xmlsoap.org/ws/2004/08/addressing
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
http://tempuri.org/Entity/Id10Response
http://tempuri.org/Entity/Id24Response
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
https://api.ip.sb/ip
https://www.recaptcha.net/
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
http://65.21.213.208:3000inconsistent
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
https://studio.youtube.com/reauth

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MultiHack Menu.exe.log	CSV text	#
C:\Users\user\AppData\Local\Temp\651387795.exe	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	#

Deep Malware Analysis

MultiHack Menu.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

MultiHack Menu.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

MultiHack Menu.exe