file.exe

Status: finished

Submission Time: 2024-10-11 16:52:10 +02:00

Malicious

Trojan

Evader

Comments

Details

Analysis ID:
1531723
API (Web) ID:
1531723
Analysis Started:

2024-10-11 16:52:10 +02:00
Analysis Finished:

2024-10-11 17:02:39 +02:00
MD5:
31d649663149dabd99c51b71e60a4a91
SHA1:
f5f515e1818388c9360bde15a7dfcb265e86a812
SHA256:
2acb9052db5b304a822f8cd1169e31327e967e06ff78064997ea8a5003e783ec
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 18/24

IPs

IP	Country	Detection
77.54.240.255	Portugal
23.128.248.23	Reserved
23.137.250.108	Reserved
Click to see the 23 hidden entries
173.68.123.78	United States
217.255.81.237	Germany
80.74.145.70	Switzerland
151.242.80.51	Iran (ISLAMIC Republic Of)
99.174.64.226	United States
50.100.197.208	Canada
80.46.94.241	United Kingdom
87.225.96.167	Russian Federation
173.47.97.119	United States
45.30.192.252	United States
83.255.145.146	Sweden
82.38.134.93	United Kingdom
124.169.148.215	Australia
62.210.85.80	France
2.191.228.230	Iran (ISLAMIC Republic Of)
91.149.236.241	Poland
89.87.222.219	France
95.68.156.35	Russian Federation
23.137.249.66	Reserved
85.236.190.252	Russian Federation
146.70.24.213	United Kingdom
45.126.126.80	Australia
2.178.241.192	Iran (ISLAMIC Republic Of)

Domains

Name	IP	Detection
banana.incognet.io	23.137.250.108
reseed.diva.exchange	80.74.145.70

URLs

Name	Detection
https://banana.incognet.io/
https://www2.mk16.de/
https://i2p.ghativega.in/
Click to see the 47 hidden entries
https://reseed.onion.im/w
https://i2p.novg.net/
https://reseed.onion.im/O
https://reseed-fr.i2pd.xyz/
https://reseed.diva.exchange/
https://reseed2.i2p.net/
https://reseed.onion.im/
https://reseed.i2pgit.org/
https://i2pseed.creativecowpat.net:8443/
http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
https://reseed.memcpy.io/
https://reseed-pl.i2pd.xyz/
https://reseed.stormycloud.org/
https://legit-website.com/i2pseeds.su3
https://banana.incognet.io:443/i2pseeds.su3
http://reg.i2p/hosts.txt
https://reseed.stormycloud.org/HWUm~GTa
https://banana.incognet.io/i2pseeds.su3
https://reseed.diva.exchange/b.c
https://reseed-pl.i2pd.xyz/F
https://reseed.memcpy.io/%
http://reg.i2p/hosts.txt?~
https://reseed2.i2p.net/vp/p_lib.c
http://identiguy.i2p/hosts.txt
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
http://reg.i2p/hosts.txtf?
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txttp://
http://reg.i2p/hosts.txtei
http://rus.i2p/hosts.txt
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
https://i2p.novg.net/K
https://reseed-fr.i2pd.xyz/I
http://stats.i2p/cgi-bin/newhosts.txt
http://127.0.0.1:8118
https://banana.incognet.io:443/i2pseeds.su3W
https://banana.incognet.io/W
https://i2p.mooo.com/netDb/
http://reg.i2p/hosts.txty-
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/
https://www2.mk16.de/m
https://reseed.i2pgit.org/L
https://reseed.i2p-projekt.de/
https://reseed-pl.i2pd.xyz/3
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3/)
https://netdb.i2p2.no/
https://reseed.i2pgit.org/6
http://upx.sf.net

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\w3LkirgH	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\t291wOio	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
Click to see the 18 hidden entries
C:\Windows\Temp\ogg99SMu	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\eKTTDy2k	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\bMZx4vGr	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\TsG1eHIt	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\ROF9A37w	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Windows\Temp\6rRRlGVV	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat	DOS batch file, ASCII text	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_59e5c191145a7e657df69e5cbadfff4911e783_61e28721_381d6b4d-05a1-4382-babe-90fa558ea39b\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe