Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Desligar Tr. SE SSR.lnk

Overview

General Information

Sample name:Desligar Tr. SE SSR.lnk
Analysis ID:1467015
MD5:46f8d7e32948c41618897eda16b531f6
SHA1:916f301acea34f93fc63138b762291972e4be6e3
SHA256:36c86fe2b4eb9c37228c1a52fc61c9d1f6affba3af18803ba756659b28a657f3
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: The operation was canceled by the user.

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: unknown0.winLNK@0/0@0/0
Source: Desligar Tr. SE SSR.lnkLNK file: ..\..\..\..\..\Desktop\Desligar Tr. SE SSR

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalse
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1467015
    Start date and time:2024-07-03 16:28:18 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 1m 48s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:1
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Desligar Tr. SE SSR.lnk
    Detection:UNKNOWN
    Classification:unknown0.winLNK@0/0@0/0
    Cookbook Comments:
    • Found application associated with file extension: .lnk
    • Unable to launch sample, stop analysis

    Errors

    • No process behavior to analyse as no analysis process or sample was found
    • Corrupt sample or wrongly selected analyzer. Details: The operation was canceled by the user.

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe
    • Excluded IPs from analysis (whitelisted): 20.190.159.64, 20.190.159.0, 20.190.159.73, 20.190.159.75, 20.190.159.4, 20.190.159.23, 40.126.31.73, 40.126.31.67, 40.115.3.253, 2.16.100.168, 88.221.110.91, 40.113.103.199
    • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, client.wns.windows.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, wns.notify.trafficmanager.net, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
    • VT rate limit hit for: Desligar Tr. SE SSR.lnk

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    fp2e7a.wpc.phicdn.netkZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
    • 192.229.221.95
    https://m.exactag.com/ai.aspx?tc=d9177038bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Atheannapolis250.org%2Fwinner%2F14136%2F%2FYnJhbndlbGwubW9mZmF0QGtwcy5jb20=Get hashmaliciousHTMLPhisherBrowse
    • 192.229.221.95
    https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//maansaa.com/new/auth//xp8tpwsulfhjn/%2F/YW5keS5ncmVmcmF0aEBrcHMuY29tGet hashmaliciousHTMLPhisherBrowse
    • 192.229.221.95
    SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.6737.3783.exeGet hashmaliciousAgentTeslaBrowse
    • 192.229.221.95
    https://liga-rosta.rest/Get hashmaliciousUnknownBrowse
    • 192.229.221.95
    http://beonlineboo.comGet hashmaliciousUnknownBrowse
    • 192.229.221.95
    1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.exeGet hashmaliciousScreenConnect ToolBrowse
    • 192.229.221.95
    https://inpzk.useringimportdulcimer.ink/?=vxkncwole9Get hashmaliciousHTMLPhisherBrowse
    • 192.229.221.95
    1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.exeGet hashmaliciousScreenConnect ToolBrowse
    • 192.229.221.95
    https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3DGet hashmaliciousHTMLPhisherBrowse
    • 192.229.221.95

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jul 3 08:49:03 2024, mtime=Wed Jul 3 12:08:03 2024, atime=Wed Jul 3 12:08:03 2024, length=4096, window=hide
    Entropy (8bit):5.1111422761559595
    TrID:
    • Windows Shortcut (20020/1) 100.00%
    File name:Desligar Tr. SE SSR.lnk
    File size:625 bytes
    MD5:46f8d7e32948c41618897eda16b531f6
    SHA1:916f301acea34f93fc63138b762291972e4be6e3
    SHA256:36c86fe2b4eb9c37228c1a52fc61c9d1f6affba3af18803ba756659b28a657f3
    SHA512:9c5f5db60de2e5652a5e73d3ded378603c4009f237643b0129b254ca6f7ea70d75f55cc0f4ad2070b58ce0139fbf4091a7c578af023b4a946ffbac0174027eeb
    SSDEEP:12:8iFi8pzYNbRvcXkBl4wcjCtOV9n5BMqQ/Lm4pBm:8K8nqOluC49nHwm4pBm
    TLSH:6CF08B3257823F9BF275A03789B55267EA22AC5BFAB05B0906D4439548B8A00A584F3A
    File Content Preview:L..................F.. .....v/.<.....?..J.......J................................P.O. .:i.....+00.:...:...,.LB.).....A&...&........C).......3mH...A.7mH.....t.1......X.i..DESLIG~1.SES..X........X"N.X.i..........P...............@.x.D.e.s.l.i.g.a.r. .T.r...

    File Icon

    Icon Hash:30b4b4b464696d0d

    Static Windows Shortcut Info

    General

    Relative Path:..\..\..\..\..\Desktop\Desligar Tr. SE SSR
    Command Line Argument:
    Icon location:

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jul 3, 2024 16:29:24.037846088 CEST1.1.1.1192.168.2.50x842aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
    Jul 3, 2024 16:29:24.037846088 CEST1.1.1.1192.168.2.50x842aNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

    Statistics

    No statistics

    System Behavior

    No system behavior

    Disassembly

    No disassembly