Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

file.exe

Status: finished
Submission Time: 2024-11-22 15:11:07 +01:00
Malicious
Trojan
Spyware
Evader
LummaC, Amadey, CredGrabber, Credential

Comments

Tags

  • exe

Details

  • Analysis ID:
    1560970
  • API (Web) ID:
    1560970
  • Analysis Started:
    2024-11-22 15:11:08 +01:00
  • Analysis Finished:
    2024-11-22 15:24:53 +01:00
  • MD5:
    1daa3a0aa5ed7e06b400a47309ba5003
  • SHA1:
    8d475fd4be28ee701dbe5e2fe489fe9e9b3e826d
  • SHA256:
    c3d0427b8bc9d084ac65b881ec50f55be52650f60850ac05010ccc8d56e3d1cb
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 18/38
malicious
malicious

IPs

IP Country Detection
185.215.113.43
 Portugal
109.107.181.162
 Russian Federation
185.215.113.206
 Portugal
Click to see the 9 hidden entries
185.215.113.16
 Portugal
104.21.66.38
 United States
34.107.221.82
 United States
35.244.181.201
 United States
34.117.188.166
 United States
35.190.72.216
 United States
142.250.181.78
 United States
31.41.244.11
 Russian Federation
172.67.74.152
 United States

Domains

Name IP Detection
tse1.mm.bing.net
 0.0.0.0
prod.remote-settings.prod.webservices.mozgcp.net
 34.149.100.209
ax-0001.ax-msedge.net
 150.171.27.10
Click to see the 36 hidden entries
youtube.com
 142.250.181.78
youtube-ui.l.google.com
 216.58.208.238
reddit.map.fastly.net
 151.101.129.140
api.ipify.org
 172.67.74.152
telemetry-incoming.r53-2.services.mozilla.com
 34.120.208.123
www.reddit.com
 0.0.0.0
spocs.getpocket.com
 0.0.0.0
dyna.wikimedia.org
 185.15.58.224
content-signature-2.cdn.mozilla.net
 0.0.0.0
support.mozilla.org
 0.0.0.0
firefox.settings.services.mozilla.com
 0.0.0.0
www.youtube.com
 0.0.0.0
www.facebook.com
 0.0.0.0
detectportal.firefox.com
 0.0.0.0
normandy.cdn.mozilla.net
 0.0.0.0
shavar.services.mozilla.com
 0.0.0.0
www.wikipedia.org
 0.0.0.0
prod.ads.prod.webservices.mozgcp.net
 34.117.188.166
prod.detectportal.prod.cloudops.mozgcp.net
 34.107.221.82
home.fvtekk5pn.top
 34.116.198.130
services.addons.mozilla.org
 151.101.193.91
fp2e7a.wpc.phicdn.net
 192.229.221.95
contile.services.mozilla.com
 34.117.188.166
fvtekk5pn.top
 34.116.198.130
prod.content-signature-chains.prod.webservices.mozgcp.net
 34.160.144.191
us-west1.prod.sumo.prod.webservices.mozgcp.net
 34.149.128.2
ipv4only.arpa
 192.0.0.171
example.org
 93.184.215.14
push.services.mozilla.com
 34.107.243.93
www.google.com
 142.250.181.68
normandy-cdn.services.mozilla.com
 35.201.103.21
star-mini.c10r.facebook.com
 157.240.195.35
prod.classify-client.prod.webservices.mozgcp.net
 35.190.72.216
prod.balrog.prod.cloudops.mozgcp.net
 35.244.181.201
twitter.com
 104.244.42.1
cook-rain.sbs
 104.21.66.38

URLs

Name Detection
http://185.215.113.206/c4becf79229cb002.phps
https://cook-rain.sbs/apisN
https://blocked.cdn.mozilla.net/
Click to see the 97 hidden entries
https://cook-rain.sbs/d
http://x1.i.lencr.org/0
http://x1.c.lencr.org/0
https://coverage.mozilla.org
http://185.215.113.16/well/random.exe&p
http://185.215.113.43/Zu7JuNko/index.php9
https://cook-rain.sbs/n
http://185.215.113.43/Zu7JuNko/index.php5
http://mozilla.org/MPL/2.0/.
https://monitor.firefox.com/about
p10tgrace.sbs
http://185.215.113.206/c4becf79229cb002.phpn
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
https://cook-rain.sbs/8
https://monitor.firefox.com/user/dashboard
https://safebrowsing.google.com/safebrowsing/diagnostic?site=
https://cook-rain.sbs/A
http://185.215.113.206/c4becf79229cb002.php/p
https://cook-rain.sbs/H
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
https://monitor.firefox.com/user/breach-stats?includeResolved=true
http://185.215.113.43/Zu7JuNko/index.phpY
http://185.215.113.16/steam/random.exe
http://185.215.113.43/Zu7JuNko/index.php~
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
https://www.google.com/complete/search
http://185.215.113.16/
http://185.215.113.43/ineer
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
http://31.41.244.11/files/random.exe5d9.exe
p3ar11fter.sbs
http://185.215.113.16/well/random.exec.exeed
https://youtube.com/account?=https://acZ
https://topsites.services.mozilla.com/cid/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
https://cook-rain.sbs:443/apiLocal
https://relay.firefox.com/api/v1/
https://www.google.com/search
https://screenshots.firefox.com/
https://monitor.firefox.com/user/preferences
http://185.215.113.16/steam/random.exeH
https://contile.services.mozilla.com/v1/tiles
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://mozilla.cloudflare-dns.com/dns-query
https://api.ipify.org/
https://support.mozilla.org/products/firefoxgro.all
https://profiler.firefox.com
https://spocs.getpocket.com/spocs
https://tracking-protection-issues.herokuapp.com/new
https://services.addons.mozilla.org/api/v4/addons/addon/
https://github.com/mozilla-services/screenshots
http://185.215.113.43/Zu7JuNko/index.php/1
https://www.amazon.com/exec/obidos/external-search/
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
https://monitor.firefox.com/breach-details/
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
https://completion.amazon.com/search/complete?q=
https://addons.mozilla.org/user-media/addon_icons/784/784287-64.png?modified=mcrushed
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
http://185.215.113.206/ws
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
http://185.215.113.16/luma/random.exet~
https://merino.services.mozilla.com/api/v1/suggest
https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
http://185.215.113.206/
https://duckduckgo.com/ac/?q=
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
https://duckduckgo.com/chrome_newtab
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
https://cook-rain.sbs/X=
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
https://services.addons.mozilla.org/api/v4/abuse/report/addon/
https://spocs.getpocket.com/
http://185.215.113.16/off/def.exe
http://185.215.113.16/steam/random.exeqvY
https://mitmdetection.services.mozilla.com/
https://cook-rain.sbs:443/api
http://127.0.0.1:
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
https://cook-rain.sbs/api5
https://www.youtube.com/
https://www.ecosia.org/newtab/
http://ocsp.rootca1.amazontrust.com0:
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
https://api.accounts.firefox.com/v1
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
https://youtube.com/account?=https://ac
https://youtube.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\Crypt_Medusa[1].exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[2].exe
 PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1008207001\Crypt_Medusa.exe
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1008208001\5f99d60ce3.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1008209001\3d87ccaf3c.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1008210001\4ae2e93440.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1008211001\f31c1b65d9.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\1008212001\c25b3d79d9.exe
 PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #