file.exe

Status: finished

Submission Time: 2024-05-17 23:44:08 +02:00

Malicious

Trojan

Spyware

Evader

Clipboard Hijacker, RisePro Stealer

Comments

Details

Analysis ID:
1443534
API (Web) ID:
1443534
Analysis Started:

2024-05-17 23:44:10 +02:00
Analysis Finished:

2024-05-17 23:55:01 +02:00
MD5:
3d09739846543f4962f2b432da671c29
SHA1:
2247e38b1f5257df93db091328488c652f6bea0a
SHA256:
70aaa6e67944e919f8c7bbdf71b6b09deed41f51166bc1dc15fc6f66efc1b014
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 20/24

malicious

IPs

IP	Country	Detection
5.42.96.65	Russian Federation
5.42.96.170	Russian Federation
34.117.186.192	United States
Click to see the 1 hidden entries
172.67.75.166	United States

Domains

Name	IP	Detection
kuljyftgjk.online	0.0.0.0
198.187.3.20.in-addr.arpa	0.0.0.0
ipinfo.io	34.117.186.192
Click to see the 1 hidden entries
db-ip.com	172.67.75.166

URLs

Name	Detection
http://5.42.96.170/server/k/l2.exe
https://kuljyftgjk.online/server/k/l2.exeo
https://ipinfo.io/
Click to see the 45 hidden entries
https://kuljyftgjk.online:80/I
http://5.42.96.170/server/k/l2.exeDTl
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
http://5.42.96.170/server/k/l2.exe5
https://ipinfo.io/t
https://kuljyftgjk.online:80/server/k/l2.exe5G
https://kuljyftgjk.online/server/k/l2.exexefN
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
https://t.me/risepro_botisepro_bot
https://db-ip.com/demo/home.php?s=12.205.151.60
http://www.winimage.com/zLibDll
https://ipinfo.io:443/widget/demo/12.205.151.60
https://support.mozilla.org
https://kuljyftgjk.online/server/k/l2.exe
https://kuljyftgjk.online:80/Mi&/
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://kuljyftgjk.online:80/server/k/l2.exeJG
https://kuljyftgjk.online/
https://kuljyftgjk.online/Bb
https://t.me/risepro_bot%(
https://kuljyftgjk.online/ons
https://kuljyftgjk.online:80/
https://kuljyftgjk.online:80/server/k/l2.exe
https://duckduckgo.com/chrome_newtab
https://kuljyftgjk.online:80/server/k/l2.exemespace
https://duckduckgo.com/ac/?q=
https://sectigo.com/CPS0
https://db-ip.com/z-
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://ocsp.sectigo.com0
https://db-ip.com:443/demo/home.php?s=12.205.151.60
https://ipinfo.io/widget/demo/12.205.151.60
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
https://t.me/risepro_bot
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://kuljyftgjk.online/server/k/l2.exe5P#.
https://t.me/RiseProSUPPORT
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://www.ecosia.org/newtab/
https://ipinfo.io/Mozilla/5.0
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://kuljyftgjk.online/server/k/l2.exedwzLnNKYB4T0Vnw.exe
https://ac.ecosia.org/autocomplete?q=
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\l2[1].exe	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS	#
Click to see the 28 hidden entries
C:\Users\user\AppData\Local\Temp\dZGGvSkztfgYu5jqSY21Wne.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	#
C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS	#
C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\llmcrdwzLnNKYB4T0Vnw.exe	MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\g85sD372nZcyCookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Fri May 17 20:45:15 2024, mtime=Fri May 17 20:45:15 2024, atime=Fri May 17 20:45:15 2024, length=4563640, window=hide	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\qUesDvlJI_ZiWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\sl01HQPBKH54Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\tnqSg6erqMxtWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\yDHoBcv6VALYLogin Data For Account	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\trixy1UB98D2D2zeo\Cookies\Chrome_Default.txt	ASCII text, with very long lines (369), with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy1UB98D2D2zeo\History\Firefox_v6zchhhv.default-release.txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy1UB98D2D2zeo\information.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy1UB98D2D2zeo\passwords.txt	Unicode text, UTF-8 text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\trixy1UB98D2D2zeo\screenshot.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\VCEccbr_cvO2Cookies	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\UdeNZdOQSPDWWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\Pe4W1HgFYxyTHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\OaQuGlYHO2B0Web Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\M2i6MTywpfRAHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\Ln2ferf9cd9cHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\KNCS9xAjcy97Login Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\HYMDMNDHbpvCLogin Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\GNGpmTFam5reWeb Data	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\D87fZN3R3jFeplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\5PaUKQKCn1cOHistory	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\3b6N2Xdh3CYwplaces.sqlite	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\span1UB98D2D2zeo\02zdBXl47cvzcookies.sqlite	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe