Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

1740558663fba8aff4c7c9187527d0292224380fe565dc48ebdc9038b1a59a986e6eb756e5339.dat-decoded.exe

Status: finished
Submission Time: 2025-02-26 09:31:24 +01:00
Malicious
Ransomware
Phishing
Trojan
Spyware
Exploiter
Evader
Remcos

Comments

Tags

  • base64-decoded
  • exe

Details

  • Analysis ID:
    1624426
  • API (Web) ID:
    1624426
  • Analysis Started:
    2025-02-26 09:37:48 +01:00
  • Analysis Finished:
    2025-02-26 09:47:06 +01:00
  • MD5:
    3d8389b6b4b7f459e747220f522031ca
  • SHA1:
    198c13ae640ad4ad235fa14c689ad4b1962651c7
  • SHA256:
    4cfc84d46074142fa3204777ac1a0cbd7ea155fcaf0739388df5d098abf8d7f4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 42/71
malicious
Score: 27/38
malicious

IPs

IP Country Detection
45.74.46.35
 United States
178.237.33.50
 Netherlands

Domains

Name IP Detection
hftook7lmoutsg1.duckdns.org
 45.74.46.35
geoplugin.net
 178.237.33.50

URLs

Name Detection
hftook7lmoutsg5.duckdns.org
hftook7lmoutsg3.duckdns.org
hftook7lmoutsg1.duckdns.org
Click to see the 31 hidden entries
hftook7lmoutsg2.duckdns.org
hftook7lmoutsg4.duckdns.org
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
https://www.google.com
https://aefd.nelreports.net/api/report?cat=bingaot
https://fp-afd.azurefd.us/apc/trans.gif?69c749c200c753dfb00f5bc8299ab8eb
http://geoplugin.net/json.gp/C
http://geoplugin.net/json.gp
http://geoplugin.net/json.gpM
https://aefd.nelreports.net/api/report?cat=bingrms
https://www.google.com/accounts/servicelogin
https://login.yahoo.com/config/login
http://www.nirsoft.net/
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
http://www.ebuddy.com
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
http://geoplugin.net/json.gpll
https://ecfdb90f321c52ef6e93077f63413543.azr.footprintdns.com/apc/trans.gif?bd78002c55888096ce060c58
https://ecfdb90f321c52ef6e93077f63413543.azr.footprintdns.com/apc/trans.gif?c2fcd52267835a3e34f9ac05
https://deff.nelreports.net/api/report?cat=msn
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
https://aefd.nelreports.net/api/report?cat=bingaotak
http://www.nirsoft.net
http://www.imvu.comppData
https://aefd.nelreports.net/api/report?cat=wsb
http://www.imvu.com
https://aefd.nelreports.net/api/report?cat=bingth
http://www.imvu.comr
https://fp-afd.azurefd.us/apc/trans.gif?a2555e10569a45fe03b885d268c50da9
https://www.office.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\jastisot.dat
 data
 #