EP2E1yYJyT.exe

Status: finished

Submission Time: 2024-10-16 13:57:08 +02:00

Malicious

Trojan

Evader

Comments

Details

Analysis ID:
1535022
API (Web) ID:
1535022
Original Filename:
59cc39c5af4d48bd23daf9c000dc3c794d1748253c31b16a8a6a9482c9b7f067.exe
Analysis Started:

2024-10-16 13:57:09 +02:00
Analysis Finished:

2024-10-16 14:03:59 +02:00
MD5:
0083b5be4a600a4529ac5ee153cc03b4
SHA1:
1787fd910bf388fc68f6b2ed677eae52e12a1bfb
SHA256:
59cc39c5af4d48bd23daf9c000dc3c794d1748253c31b16a8a6a9482c9b7f067
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 30/38

malicious

IPs

IP	Country	Detection
154.216.40.175	Seychelles
223.6.6.6	China

Domains

Name	IP	Detection
down.nugong.asia	0.0.0.0
yzzcommon.tyui54345.xyz	0.0.0.0
5d77815913ef34de.tyui54345.xyz	0.0.0.0
Click to see the 2 hidden entries
dns.alidns.com	223.6.6.6
down.zhangyaping.top	154.216.40.175

URLs

Name	Detection
http://223.5.5.5/resolve?name=down.nugong.asia&type=1j
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16O
https://223.5.5.5/4
Click to see the 97 hidden entries
http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16=
http://223.5.5.5/resolve?name=5d77815913ef34de.tyui54345.xyz&type=58;
https://down.nugong.asia/pgm/mpr/c995ec7fd4f57c0d/5d77815913ef34de.zipCi
https://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16=
https://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16H
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16pe=16e
https://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16$
https://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16F
https://223.5.5.5/resolve?name=%s&type=%d
https://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16e=16
http://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=5p
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16o
http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=161TJ
https://dns.alidns.com/ography
http://223.5.5.5/resolve?name=down.nugong.asia&type=1c
https://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16e=16c
https://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=165$
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16P
https://223.5.5.5/resolve?name=yzzcommon.tyui54345.xyz&type=5e=5=5
http://223.5.5.5/resolve?name=5d77815913ef34de.tyui54345.xyz&type=5u
http://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=50
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16
http://223.5.5.5/resolve?name=yzzcommon.tyui54345.xyz&type=545.xyz&type=5
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16pe=16
https://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16k
https://%s/report.php?type=client&data=%sHost:
http://223.5.5.5/resolve?name=down.nugong.asia&type=1ny
https://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16d
https://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16g
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=160
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=161
https://dns.alidns.com/resolve?name=spi2.tyui54345.xyz&type=16o
https://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16z
http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16C
http://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=5h
http://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=55
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16e=165$
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16_
http://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16N
http://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16e=16
https://dns.alidns.com/resolve?name=spi1.tyui54345.xyz&type=16
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16F
https://223.5.5.5/&
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16/
http://223.5.5.5/resolve?name=spi1.tyui54345.xyz&type=16P
https://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16=16
https://223.5.5.5//
https://%s/report.php?type=client&data=%s
https://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=5i54345.xyz&type=5
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16c
http://dns.alidns.com/5
https://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16oI
http://223.5.5.5/resolve?name=5d77815913ef34de.tyui54345.xyz&type=5
http://223.5.5.5/
http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16C
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16p
http://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16&I
http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=16=
http://ds.com/
http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16=16
https://down.nugong.asia/pgm/mpr/c995ec7fd4f57c0d/5d77815913ef34de.zip
http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=161
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16=
https://223.5.5.5/resolve?name=spi2.tyui54345.xyz&type=16e=16t
http://dns.alidns.com/resolve?name=spi3.tyui54345.xyz&type=165
https://dns.alidns.com/resolve?name=spi1.zxcv56745.xyz&type=16
https://223.5.5.5/d=#
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16=16=
http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16
http://223.5.5.5/resolve?name=&type=1
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16E
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16pe=16
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16F
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16q
http://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=5H
https://down.zhangyaping.top/pgm/mpr/c995ec7fd4f57c0d/5d77815913ef34de.zip~
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16n
https://dns.alidns.com/icies
http://223.5.5.5/resolve?name=5d77815913ef34de.tyui54345.xyz&type=5H
https://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=5i54345.xyz&type=5$
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16o
https://223.5.5.5/:
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=160
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16?
http://223.5.5.5/resolve?name=5d77815913ef34de.tyui54345.xyz&type=5R
http://223.5.5.5/resolve?name=spi3.tyui54345.xyz&type=16e=16
http://dns.alidns.com/resolve?name=spi3.zxcv56745.xyz&type=16t
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16~
https://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16e=165$
http://223.5.5.5/resolve?name=spi1.zxcv56745.xyz&type=16O
https://223.5.5.5/N
http://dns.alidns.com/resolve?name=yzzcommon.tyui54345.xyz&type=5V
http://223.5.5.5/resolve?name=yzzcommon.tyui54345.xyz&type=5;Z
https://dns.alidns.com/resolve?name=down.zhangyaping.top&type=1UI
http://223.5.5.5/resolve?name=down.nugong.asia&type=1(
https://223.5.5.5/resolve?name=spi2.zxcv56745.xyz&type=16=165913ef34de.zip7F
https://dns.alidns.com/resolve?name=spi2.zxcv56745.xyz&type=16U

Dropped files

Name	File Type	Hashes	Detection
C:\Windows\SysWOW64\93ab9c14	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	#

EP2E1yYJyT.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

EP2E1yYJyT.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

EP2E1yYJyT.exe