Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

Document_45.doc.lnk

Status: finished
Submission Time: 2023-11-29 19:06:47 +01:00
Malicious
Ransomware
Evader

Comments

Tags

Details

  • Analysis ID:
    1350057
  • API (Web) ID:
    1350057
  • Analysis Started:
    2023-11-29 19:06:48 +01:00
  • Analysis Finished:
    2023-11-29 19:12:39 +01:00
  • MD5:
    be8d932a97b84c2eb77549a365ee0388
  • SHA1:
    bd71aad439ec4a5d6f4a13b9c6a2fb0df85f766d
  • SHA256:
    23bcf2f2da0225cf81ab90bef7a9e57cf91cc41f625745b032fe69e7e8f96e9a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 18/37
malicious
malicious

IPs

IP Country Detection
185.215.113.84
 Portugal

Domains

Name IP Detection
twizt.net
 185.215.113.84

URLs

Name Detection
http://twizt.net/prl.exe
http://twizt.net/spml.exe
http://twizt.net/prl.exeLMEM8X
Click to see the 29 hidden entries
http://ip-api.com/json/
http://twizt.net/prl.exeKit/537.36
http://twizt.net/prl.exe9A.
http://twizt.net/prl.exe5
http://twizt.net/prl.exe6
http://twizt.net/prl.exev
http://twizt.net/prl.exe%s:Zone.Identifier%windir%%s
http://twizt.net/prl.exeC:
http://twizt.net/prl.exem
http://twizt.net/prl.exe.
http://twizt.net/prl.exe0o8
http://twizt.net/prl.exen
http://twizt.net/prl.exes
http://putinsucks.ua/
http://185.215.113.66/drive%dMozilla/5.0
http://twizt.net/prl.exeE
http://twizt.net/prl.exens
http://twizt.net/prl.exe&
http://twizt.net/prl.exeN
http://twizt.net/prl.exeLMEM8
http://twizt.net/prl.exeKl
http://twizt.net/prl.exeLMEM88
http://185.215.113.66/drive
http://twizt.net/prl.exeHu
http://twizt.net/prl.exeA
http://twizt.net/prl.exe~
http://twizt.net/prl.exeNA
http://putinsucks.ua/arhf8ahr8rhfh8rhf82dgd828d8g8fg8g8gfeu8gf8g2gf8g2fgaefafugaugfgauegfaefyaiegfay
http://twizt.net/prl.exeQQC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\prl[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1250429262.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\windrv.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 1 hidden entries
C:\Windows\winsvc.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #