file.exe

Status: finished

Submission Time: 2024-09-20 02:36:04 +02:00

Malicious

Trojan

Spyware

Evader

LummaC, Vidar

Comments

Details

Analysis ID:
1514289
API (Web) ID:
1514289
Analysis Started:

2024-09-20 02:36:05 +02:00
Analysis Finished:

2024-09-20 02:47:10 +02:00
MD5:
7ee5fd9d304831f5c6862c705f3bc489
SHA1:
9ef929a65b2d5a694fb0a2b8de158650e9fdefc7
SHA256:
79f55e512650a285ebf179fa0c39eafac956174dc28518fa4280ce765cdea0dd
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 30/73

malicious

Score: 12/38

malicious

IPs

IP	Country	Detection
172.67.173.81	United States
188.114.97.3	European Union
172.67.184.9	United States
Click to see the 7 hidden entries
104.21.81.254	United States
116.202.0.195	Germany
172.67.204.62	United States
23.197.127.21	United States
188.114.96.3	European Union
147.45.44.104	Russian Federation
149.154.167.99	United Kingdom

Domains

Name	IP	Detection
milldymarskwom.shop	188.114.97.3
chickerkuso.shop	172.67.173.81
opponnentduei.shop	188.114.97.3
Click to see the 10 hidden entries
carrtychaintnyw.shop	104.21.81.254
steamcommunity.com	23.197.127.21
quotamkdsdqo.shop	188.114.96.3
t.me	149.154.167.99
puredoffustow.shop	188.114.96.3
achievenmtynwjq.shop	188.114.97.3
questionmwq.shop	172.67.204.62
metallygaricwo.shop	172.67.184.9
genedjestytw.shop	0.0.0.0
gacan.zapto.org	0.0.0.0

URLs

Name	Detection
quotamkdsdqo.shop
http://gacan.zapto.org_DEBUG.zip/c
https://116.202.0.195/vcruntime140.dll
Click to see the 97 hidden entries
http://gacan.zapto.orgHDBKEontent-Disposition:
https://questionmwq.shop/api
milldymarskwom.shop
http://147.45.44.104/prog/66ecb44c35444_vfdhsgdf.exe
https://milldymarskwom.shop/api
https://116.202.0.195/nss3.dll
questionmwq.shop
https://steamcommunity.com/profiles/76561199724331900
metallygaricwo.shop
https://puredoffustow.shop/api
https://t.me/
https://opponnentduei.shop/api
https://116.202.0.195/sqlp.dll
https://steamcommunity.com/profiles/76561199768374681
http://gacan.zapto.org/C4
https://metallygaricwo.shop/api
https://quotamkdsdqo.shop/api
https://116.202.0.195/freebl3.dll
https://t.me/edm0d
https://116.202.0.195/softokn3.dll
achievenmtynwjq.shop
https://achievenmtynwjq.shop/api
http://gacan.zapto.org/5K(
http://147.45.44.104/prog/66ecb44c35444_vfdhsgdf.exeWebKit/537.36
https://carrtychaintnyw.shop/api
http://gacan.zapto.org/
opponnentduei.shop
chickerkuso.shop
https://116.202.0.195/
http://ocsp.entrust.net02
https://116.202.0.195
https://www.entrust.net/rpa0
https://store.steampowered.com/;
http://gacan.zapto.
http://crl.entrust.net/2048ca.crl0
https://www.google.com/recaptcha/
https://steamcommunity.com/profiles/76561199768374681i11ihellosqlp.dllMozilla/5.0
https://checkout.steampowered.com/
http://147.45.44.104/prog/66ecb454d2b4a_lgfdsjgds.exeR
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
http://gacan.zaptoKECGIIJ
https://medal.tv
https://carrtychaintnyw.shop/6
https://116.202.0.195/msvcp140.dll8:v
https://recaptcha.net/recaptcha/;
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
http://store.steampowered.com/subscriber_agreement/
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://carrtychaintnyw.shop/i
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
https://community.akamai.steamstatic.com/
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
https://116.202.0.195KJKF
http://147.45.44.104/prog/66ecb44c35444_vfdhsgdf.exel
https://sketchfab.com
https://116.202.0.195.5938.132
http://ocsp.entrust.net03
https://web.telegram.org
https://t.me/edm0di11iMozilla/5.0
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
https://steam.tv/
https://s.ytimg.com;
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
https://www.google.com
https://www.youtube.com
https://116.202.0.195/freebl3.dllv:
http://gacan.DHDBKEVWXYZ1234567890isposition:
https://milldymarskwom.shop/P
http://147.45.44.104/prog/66ecb454d2b4a_lgfdsjgds.exedata;
https://www.gstatic.cn/recaptcha/
https://116.202.0.195GIIJ
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
https://metallygaricwo.shop/
https://duckduckgo.com/ac/?q=
https://player.vimeo.com
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
https://116.202.0.195/msvcp140.dllb:
https://116.202.0.195/mozglue.dllN:
https://www.youtube.com/
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://lv.queniujq.cn
http://gacan.DHDBKECGIIJ
https://www.ecosia.org/newtab/
https://duckduckgo.com/chrome_newtab
https://genedjestytw.shop/apiZ
https://116.202.0.195/sqlp.dllr:
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://116.202.0.195ECAE
http://store.steampowered.com/privacy_agreement/
http://www.entrust.net/rpa03
https://mozilla.org0/
http://www.mozilla.com/en-US/blocklist/
https://genedjestytw.shop/api

Dropped files

Name	File Type	Hashes
C:\ProgramData\CBFIJEGIDB.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\FHCBGDAAFB.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 6 hidden entries
C:\ProgramData\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66ecb44c35444_vfdhsgdf[1].exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66ecb454d2b4a_lgfdsjgds[1].exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#

Deep Malware Analysis

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe