Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

SharcHack.exe

Status: finished
Submission Time: 2024-12-28 22:19:07 +01:00
Malicious
Trojan
Spyware
Evader
Miner
Ades Stealer, BlackGuard, NitroStealer,

Comments

Tags

  • exe

Details

  • Analysis ID:
    1581756
  • API (Web) ID:
    1581756
  • Analysis Started:
    2024-12-28 22:19:09 +01:00
  • Analysis Finished:
    2024-12-28 22:32:22 +01:00
  • MD5:
    796310542e9fb2886de3f8cbdf88c9fa
  • SHA1:
    01dc8e64ff23db2f177e3d999c12329bfcd206d3
  • SHA256:
    9f3b062a0f8caf16be80ac44ade55a8b8e8928ef87ae909f5d6d52aa44208193
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 56/72
malicious
Score: 24/24
malicious

IPs

IP Country Detection
208.95.112.1
 United States
3.165.135.3
 United States
18.66.161.123
 United States
Click to see the 5 hidden entries
65.9.108.148
 United States
104.21.85.189
 United States
65.9.108.93
 United States
172.67.160.84
 United States
13.226.4.166
 United States

Domains

Name IP Detection
shield.reasonsecurity.com
 0.0.0.0
bg.microsoft.map.fastly.net
 199.232.214.172
cheatengine.org
 104.20.94.94
Click to see the 10 hidden entries
d31tu1fsc224h4.cloudfront.net
 13.226.4.166
eu-api.openweathermap.org
 57.129.2.123
ipbase.com
 104.21.85.189
d34hwk9wxgk5fi.cloudfront.net
 65.9.108.148
ip-api.com
 208.95.112.1
freegeoip.app
 172.67.160.84
d2axwe94icddzf.cloudfront.net
 18.66.161.99
d14mh4uvqj4iiz.cloudfront.net
 18.66.161.123
api.openweathermap.org
 0.0.0.0
electron-shell.reasonsecurity.com
 0.0.0.0

URLs

Name Detection
https://www.avast.com/e
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
https://www.premieropinion.com/privacy-policy-
Click to see the 97 hidden entries
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://t.me/VegaStealer_bot-/sendDocument?chat_id=
https://www.sqlite.org/lang_c
http://cacerts.di
https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
https://freegeoip.app/xml/
https://www.avast.com/p
https://www.avast.com
https://ipbase.com
https://t.me/VegaStealer_bot
https://aka.ms/winsvr-2022-pshelpX
http://go.microsoft
https://reasonlabs.com/policies67r
https://d34hwk9wxgk5fi.cloudfront.net:443/zbd
http://ip-api.com/json/
https://reasonlabs.com/policies
https://webcompanion.com/terms5/=
https://www.avast.co
http://ip-api.com/json/?fieldsTDl
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
https://www.avg.com/ww-en/privacy..$
https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipTEM32-xL
https://www.sqlite.org/lang
https://d34hwk9wxgk5fi.cloudfront.net/K
https://api.telegram.org/bot
https://www.avast.com/eula-avast-consumer-products
http://www.microsoft.cx
https://d31tu1fsc224h4.cloudfront.net:443/
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://webcompanion.com/privacys/
https://www.nortonlifelock.com/us/en/privacy/Op
https://d31tu1fsc224h4.cloudfront.net:443/bdp
https://system.data.sqlite.org/
https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipp.png4
https://www.premieropinion.com/privacy-policyG
https://system.data.sqlite.org/X
https://www.ccleaner.com/legal/end-usecense-agreem
https://d31tu1fsc224h4.cloudfront.net/FbN
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
http://go.micro
https://www.ccleaner.com/legal/end-use
https://freegeoip.app/xml/9https://api.telegram.org/botGhttps://api.vimeworld.ru/user/name/1--------
http://www.dk-soft.org/
https://www.sqlite.org/copyright.html2
https://d34hwk9wxgk5fi.cloudfront.net/f/RAV_Triple_NCB/images/DOTPS-855/EN.pnge
https://d31tu1fsc224h4.cloudfront.net:443/gd
https://www.avast.com/eula
https://www.premieropinion.com/common/termsofservice-v1
https://d34hwk9wxgk5fi.cloudfront.net:443/zbdk5fi.cloudfront.net:443/zbdv
https://d34hwk9wxgk5fi.cloudfront.net/f/WeatherZero/images/969/EN.png
https://www.mcafee.com/consumer/en-us/policy/legal.htmlReplaced/OperaSetup.zipnet
https://assets.razerzone.com/downloads/software/RazerEndUser
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.sqlite.org/lang_corefunc.html
https://www.innosetup.com/
https://nuget.org/nuget.exe
https://www.remobjects.com/ps
http://go.microsof
http://ns.adobe.0/
https://d34hwk9wxgk5fi.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippM32-xL
http://crl3.digicert.cPom/D
https://www.mcafee.com/consumer/en-us/policy/legal.htmles/969/EN.pngzipMSSP
https://freegeoip.app
https://d34hwk9wxgk5fi.cloudfront.net/f/
https://shield.reasonsecurity.com/rsStubActivator.exe.
https://www.premieropinion.com/privacy-policyl
https://home.mcafee.com/Root/AboutUs.aspx?id=eula
https://d34hwk9wxgk5fi.cloudfront.net:443/zbdWgI
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ip-api.com/json/?fields=61439
https://duckduckgo.com/ac/?q=
https://webcompanion.com/terms
https://www.opera.com/he/eula/computers
http://ocsp.sectigo.com0
https://d31tu1fsc224h4.cloudfront.net/IN
https://d34hwk9wxgk5fi.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipjy
https://shield.reasonsecurity.com/rsStubActivator.exeles/969/WZSetup.zip
https://github.com/novotnyllc/bc-csharp
https://urn.to/r/sds_see
https://www.opera.com/he/eula/computersl
http://schemas.xmlsoap.org/wsdl/
https://www.mcafee.com/consumer/en-us/policy/legal.html4
https://github.com/Pester/Pester
https://www.ecosia.org/newtab/
https://reasonlabs.com/policiesx
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://shield.reasonsecurity.com/rsStubActivator.exem
https://d34hwk9wxgk5fi.cloudfront.net/f/WeatherZero/images/969/EN.pngzip)yH
https://contoso.com/Icon
http://www.microsoft.cxx
https://d31tu1fsc224h4.cloudfront.net:443//WebAdvisor/images/943/EN.png
http://www.apache.org/licenses/LICENSE-2.0.html
http://crl3.digicert
https://steamcommunity.com/profiles/ASOFTWARE
http://pesterbdd.com/images/Pester.png
https://www.ccleaner.com/legal/end-user-license-agreement

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Windows\Temp\cfoutowi.tmp
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\v2.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 20 hidden entries
C:\Users\user\AppData\Local\Temp\is-O39K6.tmp\CheatEngine75.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\zbShieldUtils.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod2.exe (copy)
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod2 (copy)
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod1_extract\WZSetup.exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\prod0_extract\saBSI.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\is-L3QGH.tmp
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\is-3E079.tmp\CheatEngine75.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\VegaStealer_v2.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\Google\Chrome\updater.exe
 PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\SQLite.Interop.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\EntityFramework.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\EntityFramework.SqlServer.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\CheatEngine75.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\3.exe
 PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Program Files\Google\Libs\WR64.sys
 PE32+ executable (native) x86-64, for MS Windows
 #