Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

file.exe

Status: finished
Submission Time: 2024-05-17 18:05:07 +02:00
Malicious
Trojan
Spyware
Evader
Vidar

Comments

Tags

  • exe

Details

  • Analysis ID:
    1443407
  • API (Web) ID:
    1443407
  • Analysis Started:
    2024-05-17 18:05:08 +02:00
  • Analysis Finished:
    2024-05-17 18:12:58 +02:00
  • MD5:
    75db6dfdebb9bf0d98acfc15f2219c62
  • SHA1:
    5bc1ceec4269b4e893f2b00c1c4b3c0cb42a3291
  • SHA256:
    a2f94952c89ea440f82877365db5b4a5cf14a10e4168a22a92fce4a8fd98404f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
malicious

IPs

IP Country Detection
104.102.42.29
 United States
95.217.240.101
 Germany

Domains

Name IP Detection
steamcommunity.com
 104.102.42.29

URLs

Name Detection
https://95.217.240.101/nss3.dll
https://95.217.240.101/softokn3.dlleS
https://95.217.240.101/softokn3.dll
Click to see the 97 hidden entries
https://95.217.240.101/freebl3.dll
https://95.217.240.101/msvcp140.dllsS9
https://95.217.240.101/sqlx.dll
https://steamcommunity.com/profiles/76561199686524322
https://store.steampowered.com/legal/
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
https://95.217.240.101/O
https://steamcommunity.com/workshop/
https://steamcommunity.com/profiles/76561199686524322/badges
https://steamcommunity.com/profiles/76561199686524322/inventory/
https://95.217.240.101/D
https://t.me/k0mono
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://store.steampowered.com/steam_refunds/
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
https://store.steampowered.com/stats/
https://steamcommunity.com/discussions/
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
http://store.steampowered.com/subscriber_agreement/
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://steamcommunity.com/tIP
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=5CgcHEsWGAFt&a
https://95.217.240.101/msvcp140.dll
https://95.217.240.101
https://store.steampowered.com/mobile
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
https://duckduckgo.com/chrome_newtab
http://store.steampowered.com/account/cookiepreferences/
https://95.217.240.101/msvcp140.dllyS#
https://95.217.240.101/vcruntime140.dll
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
https://95.217.240.101/sqlx.dllI
https://ac.ecosia.org/autocomplete?q=
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
https://store.steampowered.com/
https://95.217.240.101/mozglue.dll
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=soQOTmUz
https://95.217.240.101KEG
http://www.sqlite.org/copyright.html.
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=L3Ed_Gybseku&l=e
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
https://www.valvesoftware.com/en/contact?contact-person=Translation%2
https://steamcommunity.com/login/home/?goto=profiles%2F76561199686524322
https://mozilla.org0/
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
http://www.mozilla.com/en-US/blocklist/
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
http://store.steampowered.com/privacy_agreement/
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=6MtR
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
https://95.217.240.101IDH
http://www.valvesoftware.com/legal.htm
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
https://store.steampowered.com/subscriber_agreement/
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
https://steamcommunity.com/?subsection=broadcasts
https://duckduckgo.com/ac/?q=
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
https://steamcommunity.com/market/
https://help.steampowered.com/en/
https://steamcommunity.com/my/wishlist/
https://store.steampowered.com/about/
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
https://95.217.240.101/freebl3.dllwT=
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
https://store.steampowered.com/news/
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
https://store.steampowered.com/privacy_agreement/
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://www.ecosia.org/newtab/
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://store.steampowered.com/points/shop/
http://store.st

Dropped files

Name File Type Hashes Detection
C:\ProgramData\FCGCGDHJEGHJ\freebl3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\76561199686524322[1].htm
 HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
Click to see the 24 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sqlx[1].dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\FCGCGDHJEGHJ\vcruntime140.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\ProgramData\FCGCGDHJEGHJ\softokn3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\FCGCGDHJEGHJ\nss3.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\FCGCGDHJEGHJ\msvcp140.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
C:\ProgramData\FCGCGDHJEGHJ\mozglue.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\FCGCGDHJEGHJ\DAKJDA
 SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
 #
C:\ProgramData\FCGCGDHJEGHJ\KKJEBA-shm
 data
 #
C:\ProgramData\FCGCGDHJEGHJ\KKJEBA
 SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
 #
C:\ProgramData\FCGCGDHJEGHJ\KJKJJJ-shm
 data
 #
C:\ProgramData\FCGCGDHJEGHJ\KJKJJJ
 SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
 #
C:\ProgramData\FCGCGDHJEGHJ\JDGCGD
 SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
 #
C:\ProgramData\FCGCGDHJEGHJ\HIEBAK
 SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
 #
C:\ProgramData\FCGCGDHJEGHJ\HDGIJJ
 SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
 #
C:\ProgramData\FCGCGDHJEGHJ\GCGDGH
 ASCII text, with very long lines (1743), with CRLF line terminators
 #
C:\ProgramData\FCGCGDHJEGHJ\FCGCGD
 SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
 #
C:\ProgramData\FCGCGDHJEGHJ\EBKJDB
 SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
 #
C:\ProgramData\FCGCGDHJEGHJ\EBGCBA
 SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
 #
C:\ProgramData\FCGCGDHJEGHJ\DHDHJJ
 SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
 #