Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

WeLyNA2xUj.exe

Status: finished
Submission Time: 2024-10-19 16:29:17 +02:00
Malicious
Exploiter
Evader

Comments

Tags

  • 64
  • exe
  • trojan

Details

  • Analysis ID:
    1537788
  • API (Web) ID:
    1537788
  • Original Filename:
    2652675979dc7b7dcad56934a4bdbe01.exe
  • Analysis Started:
    2024-10-19 16:29:23 +02:00
  • Analysis Finished:
    2024-10-19 16:39:37 +02:00
  • MD5:
    2652675979dc7b7dcad56934a4bdbe01
  • SHA1:
    c6fad78ee0751bfa5e0b45c3d7f4e569d9b78762
  • SHA256:
    fbebbf3575752e33863bf3d8eef2fc109400c4d80dfd78bf6d006a8d24ce0365
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 14/38

IPs

IP Country Detection
83.140.241.4
 Sweden

Domains

Name IP Detection
my.cloudme.com
 83.140.241.4
nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
 0.0.0.0

URLs

Name Detection
https://my.cloudme.com
https://my.cloudme.com/v1/ws2/:studentworknow/:medium_1/medium
https://contoso.com/License
Click to see the 18 hidden entries
https://oneget.org
http://my.cloudme.com
https://github.com/Pester/Pester
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.autoitscript.com/autoit3/
https://aka.ms/pscore68
https://my.cloudme.com/v1/ws2/:studentworknow/:medium/medium.txt
https://oneget.orgX
https://contoso.com/Icon
http://www.autoitscript.com/autoit3/J
https://nuget.org/nuget.exe
https://contoso.com/
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png
https://my.cloHz
http://www.apache.org/licenses/LICENSE-2.0
http://nuget.org/NuGet.exe

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Guard.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\Public\PublicProfile.ps1
 ASCII text, with CRLF line terminators
 #
C:\Users\Public\Secure.au3
 Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
 #
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
 MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
 #