file.exe

Status: finished

Submission Time: 2024-06-19 14:39:07 +02:00

Malicious

Trojan

Spyware

Evader

Vidar

Comments

Details

Analysis ID:
1459509
API (Web) ID:
1459509
Analysis Started:

2024-06-19 14:39:07 +02:00
Analysis Finished:

2024-06-19 14:45:36 +02:00
MD5:
2a042e0136d2125e744724a757f33950
SHA1:
d3f5304872ff4b795cde48914fa4d81768abba5d
SHA256:
65746b8a8fddc5dfb1602a3a5605cd039476bab5e66076bc729b987793986e0e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 28/74

malicious

IPs

IP	Country	Detection
149.154.167.99	United Kingdom
162.55.53.18	United States

Domains

Name	IP	Detection
t.me	149.154.167.99

URLs

Name	Detection
https://t.me/
https://t.me/m
https://t.me/memve4erin
Click to see the 66 hidden entries
https://steamcommunity.com/profiles/76561199699680841
https://162.55.53.18:9000/vcruntime140.dllA
https://162.55.53.18:9000/ZG
https://162.55.53.18:9000/$
https://162.55.53.18:9000nbfoldnt-Disposition:
https://162.55.53.18:9000/Zm
https://ac.ecosia.org/autocomplete?q=
https://162.55.53.18:9000/vcruntime140.dll
https://www.ecosia.org/newtab/
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
https://162.55.53.18:9000ming
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://162.55.53.18:9000/nss3.dlloft
http://upx.sf.net
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://162.55.53.18:9000tel
https://162.55.53.18:9000tacrosoft
https://162.55.53.18:9000/freebl3.dll
https://162.55.53.18:9000/cG4
https://162.55.53.18:9000/vcruntime140.dllppet
https://162.55.53.18:9000/nss3.dllJ
https://162.55.53.18:9000
https://162.55.53.18:9000/softokn3.dll2
https://162.55.53.18:90001234567890hrome
https://162.55.53.18:9000/nss3.dll
https://162.55.53.18:9000/4
https://162.55.53.18/
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
https://162.55.53.18:9000/freebl3.dll~
https://162.55.53.18:9000/mozglue.dll
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://162.55.53.18:9000/.53.18:9000/
https://duckduckgo.com/chrome_newtab
https://162.55.53.18:9000/freebl3.dllu
https://162.55.53.18:9000/softokn3.dll
https://162.55.53.18:9000/tm
https://162.55.53.18:9000/msvcp140.dll
https://162.55.53.18:9000/46ff6le
https://162.55.53.18:9000646ff6le
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://162.55.53.18:9000/sqlt.dll
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
https://162.55.53.18:9000/softokn3.dll10.15;
https://web.telegram.org
https://162.55.53.18:9000/B
https://duckduckgo.com/ac/?q=
https://162.55.53.18:9000/A
https://162.55.53.18:9000/softokn3.dllEdge
https://162.55.53.18:9000FID
https://162.55.53.18:9000al
https://162.55.53.18:9000/msvcp140.dllEdge
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://t.me/memve4erin&
https://162.55.53.18:9000/vcruntime140.dllUser
https://162.55.53.18:9000/p
https://162.55.53.18:9000/MH
https://162.55.53.18:9000/l
http://www.sqlite.org/copyright.html.
https://162.55.53.18:9000/freebl3.dllsposition:
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://162.55.53.18:9000/bW
https://162.55.53.18:9000/vcruntime140.dlle
https://162.55.53.18:9000/
https://162.55.53.18:9000/sqlt.dllB

Dropped files

Name	File Type	Hashes
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_9fe2b44b45cabaf5e9b80eb2becdba8923fcbda_d2f759d2_2d8cec74-354d-460a-95ad-bf7884ef09de\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\ECGDBFCBKFID\AEBGHD	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11	#
C:\ProgramData\ECGDBFCBKFID\BAEHIE	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
Click to see the 12 hidden entries
C:\ProgramData\ECGDBFCBKFID\CBKFBA	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\ECGDBFCBKFID\DBGHJE	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\ECGDBFCBKFID\DGHIDH	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\ECGDBFCBKFID\GDBFHD	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4	#
C:\ProgramData\ECGDBFCBKFID\KKEHDB	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCA4.tmp.dmp	Mini DuMP crash report, 14 streams, Wed Jun 19 12:39:59 2024, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD31.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD52.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe