Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

CuteWriter.exe

Status: finished
Submission Time: 2023-09-14 23:34:17 +02:00
Malicious
Trojan
Spyware
Evader
Mars Stealer, Vidar

Comments

Tags

  • binder
  • exe
  • marstealer
  • stealer
  • trojan

Details

  • Analysis ID:
    1308529
  • API (Web) ID:
    1308529
  • Analysis Started:
    2023-09-15 00:23:07 +02:00
  • Analysis Finished:
    2023-09-15 00:45:34 +02:00
  • MD5:
    568ffcfaa64ab5839567cd712dc89f3f
  • SHA1:
    54c20e8c4cd9ea9bbc2ad0556a123ec83538010e
  • SHA256:
    5c860b74570161b2dd12484a69682907e6f48b163094be586e06fad45d580a03
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 74
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report
malicious
Score: 38/71
malicious
Score: 15/36
malicious
malicious

IPs

IP Country Detection
52.116.53.150
 United States
104.26.2.190
 United States
34.149.135.28
 United States
Click to see the 9 hidden entries
142.251.32.78
 United States
172.217.165.2
 United States
142.251.32.66
 United States
64.34.201.145
 Canada
172.217.1.4
 United States
64.34.201.144
 Canada
239.255.255.250
 Reserved
142.251.41.77
 United States
34.117.26.124
 United States

Domains

Name IP Detection
www.criminalaffair.com
 0.0.0.0
accounts.google.com
 142.251.41.77
googleads.g.doubleclick.net
 142.251.41.34
Click to see the 13 hidden entries
www3.l.google.com
 142.251.33.174
www.googletagservices.com
 142.251.32.66
8proof.com
 52.116.53.150
www.google.com
 172.217.1.4
cdn.8proof.com
 34.117.26.124
clients.l.google.com
 142.251.32.78
cutepdf-editor.com
 64.34.201.144
cdn.rtbrain.app
 104.26.2.190
download.cutepdf.com
 64.34.201.145
g.bidbrain.app
 34.149.135.28
fundingchoicesmessages.google.com
 0.0.0.0
clients2.google.com
 0.0.0.0
www.cutepdf-editor.com
 0.0.0.0

URLs

Name Detection
www.criminalaffair.com/07516e72fc86fad83aead3ae7.php
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
http://www.criminalaffair.com/requesth
Click to see the 97 hidden entries
https://www.google.com/recaptcha/api2/aframe
http://crl3.digi
http://www.criminalaffair.com/requestn
https://www.cutepdf-editor.com/editor.asp
https://www.cutepdf-editor.com/Images/PDF_Editor.GIF
https://cdn.8proof.com/ads/assets/fonts/montserrat-v25-latin-800.woff2
http://www.criminalaffair.com/07516e72fc86fad83aead3ae7.php
https://www.cutepdf-editor.com/images/headerbg.gif
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://www.cutepdf-editor.com/support/writerhelp.aspr_y
http://download.cutepdf.com/download/converter2.asp#
https://www.cutepdf-editor.com/support/writerhelp.asp0
https://www.CutePDF.com/Support
http://www.aiim.org/pdfa/ns/id/xmlns:pdfaidNo
http://download.cutepdf.com/download/converter2.asp
http://crl.godaddy.com/gdig2s5-1.crl0S
https://www.CutePDF.com
http://www.xfa.org/schema/xfa-data/1.0/dataNodedataGroupdataValueexclGroupsubform#subformfieldoccuri
https://www.cutepdf-editor.comShortcut
http://googleads.g.doubleclick.net
http://download.acrosoftware.com/download/converter.asp?V=P1
https://www.cutepdf.com/Products/CutePDF/Pro.asphttps://www.cutepdf-editor.com/support/writerhelp.as
https://www.cutepdf-editor.com/L
https://googleads.g.doubleclick.net
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
http://download.cutepdf.com/download/converter2.aspW
http://download.cutepdf.com/download/converter2.aspU
http://www.aiim.org/pdfa/ns/id/
https://www.cutepdf-editor.com/images/DocProp.png
http://www.cutepdf.com
http://www.criminalaffair.com/07516e72fc86fad83aead3ae7.phpjF
http://www.apache.org/licenses/LICENSE-2.0
https://www.google.com/pagead/drt/ui
http://www.xfa.org/schema/xfa-data/1.0/
https://www.cutepdf-editor.com/suppo
http://www.criminalaffair.com/requestqZ
https://www.cutepdf-editor.com/support/writer.asp
https://g.bidbrain.app/rtimp?sid=7f29e2ea-534d-11ee-b979-36d0ccf2acff&d=www.cutepdf-editor.com&cr=ext_gen2_v10_start_fires5&a=imp&p=ZQOIKAAIOTYEppGqAAxA3EIfSJ-EBv3CtApahg&im=7ma91AhKxAWOemIBiI8nGSvoOMuJ1zeLqQiJUbBJVhe1x1FOmg-Ei7nTbomRk2JQhn1Wrr3khnwf5a-MIl9dgDUTDpAclRGNYARrySaxuOOfLYvawjZQ21uoL6zTNPJYXrt2__yePCK_AILDM87oyJiu3TGYZQAnIQO3X9SS8XSXs5p266CWMOOENEB7dI1ljQhFithKJecTvexf_bk0LGQUs3xU9mLoEKkBKvMdakVwRk-FK9IAIdO4WpZcKPDIgwtA_FVi3AbDiBX_xDW4qSGSzk7s97EGce5nV3KzlPtrPA6PzD3Ue7T3m3nr5EVW&cbvp=2
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
http://www.criminalaffair.com/requestn5D
https://www.cutepdf-editor.com/V
http://www.artifex.com
http://www.criminalaffair.com/requestZ
https://googleads.g.doubleclick.net/pagead/adview?ai=CoCAMKIgDZbbyIKqjmtUP3IGx0A2Lv4iuZvG66fX_DsCNtwEQASAAYMnGqYvApNgPggEXY2EtcHViLTY1NTU2NTg4MjAwNjg4NDjIAQmoAwHIAwKqBN8BT9BO71o7vxfMHwBHOL16JN2YJD2xqWL8K9MKWudXFlR8D0c0UYlqlo74EfV4FbRiO85rn_YlZr21eSv46t255GCHNmHIKqO4834vrjZVjm1XmBBHycxK4HyNsjmSMFysGwXgb_h1L_qHiREBd3hHd4DuKmUBYyVGA8AXtA7Nob6qeL1XerXV1n4r5Q_Bi5zjuGo-D2qhcOkNDP6k0bM1Sxf_WKwTG-AcQWgPumSubbW8rindjzwvwd7Z6hYaNwZvR4HKSJ3-uN-8sm3subyoeGpA8vORGCeXq-ZNdJfp64AGu9zDga6ej9d1oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIEgiAYRABMgKKAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi02NTU1NjU4ODIwMDY4ODQ4GAA&sigh=5izRu7J-ito&uach_m=[UACH]&cid=CAQSGwBpAlJW1nS7PThwL_RIDnDVNYazzMB-dFzioxgB&cbvp=2&vis=1
https://8proof.com/app/rtbmarkup/5111?id=612094799907&ctd=10034&crid=1210&ap=ZQOIKAAIrEEEpo7nAAAvy23fsrqaIjxvc-CCzw
http://download.cutepdf.com/download/gplgs.exe
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
https://www.cutepdf-editor.com/images/NEW.GIF
https://googleads.g.doubleclick.net/pagead/html/$
https://g.bidbrain.app/rtimp?sid=7f2d7420-534d-11ee-9c8e-be8bf01312ee&d=www.cutepdf-editor.com&cr=ext_gen2_v10_start_fires5&a=imp&p=ZQOIKAAIWWoEppE5AAA1Eyn7QqoOoTwmtSTW-Q&im=6RBkOu_ic1rTizOa-b1niMplFiS_8ZDdsIGFjOn0WVyfQ_sFyjOeGXBd2w9JbiD0dyrTGZ6b9ZhMjN4oofkXM4hwyk1rNIzMK2xXH3kOq7fV7mdHKU2iMcJGUWdk_Y3L9OZDHgQi8tq4I2nUPofjkzKKFpQuOEQESq3v6nYYKT_TINVPZoQ5avB7cvvwEB47HBZ1rwT9pa11O6I6jbJ2yS4vJuhb-xRF6OBkE4ebuAwGm18aZ20V0Bhj-_t-HhqKLcGCGevNBQjBtpwKn3ryMapPB3dNTWqzk8xYfu9GRBlQLSees-heayYj95Cq5Q-p&cbvp=2
http://www.criminalaffair.com/07516e72fc86fad83aead3ae7.phpnMF
https://www.cutepdf-editor.com/images/Security.png
http://www.cutepdf-editor.com
https://www.cutepdf-editor.com/support/writer.aspee
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6555658820068848&output=html&adk=1812271804&adf=3025194257&lmt=1694730279&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=174x714_l%7C193x714_r&format=0x0&url=https%3A%2F%2Fwww.cutepdf-editor.com%2Fsupport%2Fwriter.asp&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyJXaW5kb3dzIiwiNi4wLjAiLCJ4ODYiLCIiLCIxMTUuMC41NzkwLjE3MSIsW10sMCxudWxsLCI2NCIsW1siTm90L0EpQnJhbmQiLCI5OS4wLjAuMCJdLFsiR29vZ2xlIENocm9tZSIsIjExNS4wLjU3OTAuMTcxIl0sWyJDaHJvbWl1bSIsIjExNS4wLjU3OTAuMTcxIl1dLDBd&dt=1694730278366&bpp=4&bdt=1199&idt=1060&shv=r20230913&mjsv=m202309130101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C160x600%2C336x280&nras=1&correlator=1473442433813&frm=20&pv=1&ga_vid=1033309483.1694730278&ga_sid=1694730279&ga_hid=1288370596&ga_fc=1&u_tz=120&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31076839%2C31077698%2C44795921%2C44801484%2C31077890%2C44796632&oid=2&pvsid=4019311944139775&tmod=1311884913&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=1074
https://editor.cutepdf.com/
http://download.cutepdf.com/download/converter2.aspo
http://download.cutepdf.com/download/converter2.aspl
https://www.cutepdf-editor.com/support/writer.aspe
https://cdn.8proof.com/ads/assets/fonts/montserrat-v25-latin-600.woff2
https://www.google.com/recaptcha/api2/aframe
http://www.color.org
https://www.cutepdf.com/Info/privacy.asp
https://www.cutepdf-editor.com/support/writerhelp.asp
https://www.cutepdf-editor.com/support/writerhelp.aspCahe
https://www.acrosoftware.com/info/contact.asp
https://www.cutepdf-editor.com
https://cdn.rtbrain.app/fonts/Roboto-Regular.ttf
http://www.cutepdf.com/products/cutepdf/Writer.asp#download
https://www.cutepdf-editor.com/support/writer.aspY
https://www.cutepdf-editor.com/support/writer.aspW
http://www.color.orgstartxref
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://www.criminalaffair.com/07516e72fc86fad83aead3ae7.phpxF
http://www.criminalaffair.com/request
https://www.cutepdf-editor.com/Images/space.gif
http://crl.godaddy.com/gdroot-g2.crl0F
http://www.winzip.comThis
http://www.CutePDF.comInstallLocationDisplayIconPublisherAcro
http://www.color.org)
https://www.cutepdf-editor.com/images/companybg.jpg
https://www.cutepdf-editor.com/support/writerhelp.aspry
https://certs.godaddy.com/repository/0
https://www.cutepdf-editor.com/images/Save.png
https://googleads.g.doubleclick.net/pagead/html/r20230913/r20190131/zrt_lookup.html
https://www.cutepdf-editor.com/images/htabs3.gif
http://certs.godaddy.com/repository/1301
https://www.cutepdf-editor.com/support/writerhelp.aspr
http://download.acrosoftware.com/download/converter.asp?V=P1http://download.cutepdf.com/download/con
about:blank
http://www.innosetup.com/
https://googleads.g.doubleclick.net/pagead/html/r20230913/r20110914/zrt_lookup.html?fsb=1
https://www.google.com/adsense
https://www.cutepdf-editor.com/images/htabs1.gif
https://www.cutepdf-editor.com/include/main.css
https://www.cutepdf-editor.com/support/writer.asphttps://www.cutepdf-editor.com/supportp
http://certificates.godaddy.com/repository/gdig2.crt0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Adobe\EBZN043V.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #