Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

file.exe

Status: finished
Submission Time: 2024-03-25 15:37:11 +01:00
Malicious
Evader
NetSupport RAT

Comments

Tags

  • exe

Details

  • Analysis ID:
    1415186
  • API (Web) ID:
    1415186
  • Analysis Started:
    2024-03-25 15:37:12 +01:00
  • Analysis Finished:
    2024-03-25 15:50:18 +01:00
  • MD5:
    fec0fc54e19faa3a08692e09cb2e9863
  • SHA1:
    8b105845550efe89c51d8f7ba269d9d077d3a59d
  • SHA256:
    271d519dff8d3a7db53b291c7345fdb05fc7a9d1e3862ea073287976a14fcb74
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 27/72
malicious
Score: 15/38

IPs

IP Country Detection
51.195.145.91
 France
198.187.29.22
 United States
104.26.0.231
 United States

URLs

Name Detection
http://www.codeplex.com/DotNetZip
https://niklomertie.shop/hope.zip
https://netsupportschool.com/whats_newAn
Click to see the 37 hidden entries
http://geo.netsupportsoftware.com/location/latlong.asp?lat=%s&lng=%s&lang=%sGet
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://localhost/weblock.htmForcePowerOffConfirmationDisablePrintSurveyAnswerCountStudentVolumeLockS
http://www.intel.com/support/eduhttp://www.hp.com/go/hpclassroommanagerEndClassWhenTimerStopsNSSMain
http://www.netsupportsoftware.com/support/clients.asp?version=1400KEYSHOWCLOSEKEYSHOWSTOPKEYSHOWRESU
http://www.symauth.com/rpa00
https://provisionserver.domain/amtscsTechLogHotKeyPauseHotKeyEndScrapeShowApp225.16.8.69KeepAspectSe
http://geo.netsupportsoftware.com/location/loca.aspLatLongclose
http://www.google.com
http://%s/gateway.htm
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.flexerasoftware.com0
https://niklomertie.shop
http://www.netsupportschool.com/tutor-assistant.asp
http://zmezzw.duckdns.org:2533/G
http://62.172.138.12/url_redirect.htm
http://www.idk.co.jpPA
http://www.netsupportschool.com/tutor-assistant.asp111
http://www.pci.co.uk/support
https://activate.netsupportsoftware.com/update/?s=%s?s=1234%s5678noactlc
http://%s/testpage.htmwininet.dll%s:%sCredUIPromptForCredentialsWcredui.dll
http://geo.netsupportsoftware.com/location/loca.asp
http://www.acer-group.com/public/index/privacy.htm%scountry.dat
http://www.pci.co.uk/supportsupport
http://geo.netsupportsoftware.com/location/loca.asp8
http://ocsp.thawte.com0
http://zmezzw.duckdns.org:2533/kd
http://www.netsupportsoftware.com
http://zmezzw.duckdns.org:2533/3
http://zmezzw.duckdns.org:2533/
http://127.0.0.1RESUMEPRINTING
https://www.netsupportschool.com/ios-android/111
http://geo.netsupportsoftware.com/tQ
http://www.symauth.com/cps0(
https://activate.netsupportsoftware.com/update
http://%s/favicon.icoshcore.dllGetDpiForMonitorPCI
http://localhost/ApprovedWebList.htmPrintSurveyInternet6

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\NetSupport\NetSupport Manager\IsMetro.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClient32UI.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\NSClientTB.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 113 hidden entries
C:\Program Files (x86)\NetSupport\NetSupport Manager\NSToast.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICHEK.DLL
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCICL32.DLL
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIHOOKS.DLL
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIIMAGE.DLL
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIMSG.DLL
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIRES.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIVDD.DLL
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIhtmlgen.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\PCIinv.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\StoreInvDll.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\TCCTL32.DLL
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWVI.DLL
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\VolumeControlWXP.DLL
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\WINSTALL.EXE
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\checkdvd.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\clhook4.dll
 PE32+ executable (DLL) (native) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\client32.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\injlib.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\libcrypto-1_1.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\libssl-1_1.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr.sys
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nskbfltr2.sys
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmexec.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres_125.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres_150.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres_200.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres_250.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nsmres_300.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nspowershell.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nspscr.sys
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres_125.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres_150.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres_200.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres_250.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\nssres_300.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicapi.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pcicfgui_client.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pciconn.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pcictl.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pcisys.sys
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\pscrinst64.dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\remcmdstub.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\shfolder.dll
 PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\supporttool.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\winst64.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.dll
 PE32+ executable (DLL) (native) x86-64, for MS Windows
 #
C:\Program Files (x86)\NetSupport\NetSupport Manager\x64\gdihook5.sys
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Windows\Installer\MSI1662.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI268F.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI26DF.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI2CBC.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI3E41.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI3E61.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSI3E91.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIC7E.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID31B.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID37A.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID3C9.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID3F9.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID419.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID8ED.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID91D.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID93D.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID97D.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID9AD.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSID9DD.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDE04.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDE24.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDE45.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDE65.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDE85.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDEA5.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDEC6.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDEF6.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDF16.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDF36.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDF56.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDF77.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDF97.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDFB7.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDFD7.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIDFF8.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE018.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE067.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE097.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE0F6.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE2AC.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE2EC.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE32B.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE35B.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE37B.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE39B.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE3BC.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE478.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE4A8.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE4F7.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE779.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIE817.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIEA2B.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIEAA9.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIEAD9.tmp
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIEB28.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\MSIEDAA.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Windows\Installer\{FC61B946-B9CF-4AD3-9042-4FF8CFF0440A}\ARPPRODUCTICON.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\loca[1].htm
 ASCII text, with no line terminators
 #
C:\Windows\SysWOW64\pcimsg.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Windows\System32\client32provider.dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Windows\System32\drivers\nskbfltr.sys
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Windows\System32\drivers\nskbfltr2.sys
 PE32+ executable (native) x86-64, for MS Windows
 #