file.exe

Status: finished

Submission Time: 2025-03-26 14:05:53 +01:00

Malicious

Evader

Comments

Details

Analysis ID:
1649095
API (Web) ID:
1649095
Analysis Started:

2025-03-26 14:14:20 +01:00
Analysis Finished:

2025-03-26 14:22:08 +01:00
MD5:
eaec2a371a60db1ce1d1f9d51289b885
SHA1:
3f915fdffe5ed186cbb56e73842bb9bd09eb838a
SHA256:
5c7c0d176b77a0b98bd3eb41e7fd5aee526e1b5710fa03d9f7c9c437ded52c11
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 10/73

malicious

Score: 6/36

malicious

IPs

IP	Country	Detection
104.21.83.80	United States

Domains

Name	IP	Detection
app-updater1.app	104.21.83.80

URLs

Name	Detection
https://app-updater1.app/api/getUpdates
https://app-updater1.app/
https://app-updater$s.app$ap
Click to see the 95 hidden entries
https://app-updater1.app/api/connect?hwid=BD315097EE35E27E25926E6470CBCF02&buildId=twitter1&os=Windows%2010%20x64
https://app-updater1.app
https://app-updater1.app/api/getFile?fn=twitter1.exe
https://app-updater1.app/api/getFile?fn=twitter1.hta
https://github.com/kiyolee/pcre-win-build/
https://app-updater1.app/api/getFile?fn=twitter1.hta9
http://.jpg
http://www.gnu.org/licenses/
http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
https://www.qt.io/licensing/
http://nuget.org/NuGet.exe
http://www.apache.org/licenses/LICENSE-2.0
http://www.cnri.reston.va.us)
https://app-updater1.app/J3
https://cs.chromium.org/chromium/src/LICENSE
https://app-updater1.app/api/getFile?fn=twitter1.hta=
http://www.pythonware.com
https://oneget.orgX
https://app-updater$i.app/api/getFile?fn=twitX
https://datatracker.ietf.org/ipr/1914/
https://contoso.com/
http://www.vmware.com/download/open_source.html
http://purl.oclc.org/dsdl/schematronhttp://www.ascc.net/xml/schematronFailed
http://www.fsf.org
https://app-updater1.app/api/getFile?fn=twitter1.htaP
https://app-updater1.app/api/getFile?fn=twitter1.htac
https://app-updater1.app/api/getFile?fn=twitter1.htas
http://crl.micros
https://oneget.org
http://jquery.com/
https://app-updater1.app/api/getFile?fn=twitter1.htao
https://app-updater1.app/api/getFile?fn=twitter1.htap
https://app-updater1.app/api/getFile?fn=twitter1.htaq
https://aka.ms/pscore68
http://relaxng.org/ns/structure/1.0
http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
https://app-updater$i.app/api/getFile?fn=twitter1.hta
https://www.gnu.org/licenses/
http://opensource.org/licenses/ms-rl
http://hdl.handle.net/1895.22/1013
https://app-updater1.app/api/getFile?fn=twitter1.htan
https://app-updater1.app/api/getFile?fn=twitter1.htaryHistory.IE5nt
http://web.cs.ucdavis.edu/~rogaway/ocb/license1.pdf
http://www.bis.doc.gov/.
https://app-updater1.app/api/connect?hwid=BD315097EE35E27E25926E6470CBCF02&buildId=twitter1&os=Windo
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
http://www.vmware.com/0/
http://creativecommons.org/licenses/publicdomain.
https://app-updater1.app/api/getFile?fn=twitter1.exeP
http://www.opensource.org
https://www.python.org/psf/)
http://pcre.org/
https://contoso.com/Icon
http://mail.gnome.org/archives/gtk-devel-list/2001-October/msg00087.html
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png
https://app-updater1.app/api/getFile?fn=twitter1.htaC:
http://www.xiph.org/
http://www.cl.cam.ac.uk/~mgk25/
https://github.com/Pester/Pester
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://app-updater1.app
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
https://nuget.org/nuget.exe
http://www.zope.com/Marks).
https://www.openssl.org/source/license.html
https://datatracker.ietf.org/ipr/1526/
http://www.ascc.net/xml/schematron
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd-//OASIS//DTD
http://www.microsoft.co
http://ccodearchive.net/
http://html4/loose.dtd
https://app-updater1.app/api/getFile?fn=twitter1.htaO
http://www.levien.com/gdkrgb/
http://www.freetype.org)
http://purl.oclc.org/dsdl/schematron
http://creativecommons.org/publicdomain/zero/1.0/
http://.css
https://contoso.com/License
http://sizzlejs.com/
http://invisible-island.net/ncurses/ncurses-examples.html
http://jquery.org/license
https://app-updater1.app/api/getFile?fn=twitter1.htahttps://app-updater1.app/api/getFile?fn=twitter1
http://www.mico.org/
https://www.ribose.com).
http://www.openismus.com/
http://www.openssl.org/)
https://gitlab.gnome.org/GNOME/libxml2D
https://app-updater1.app/api/getFile?fn=twitter1.htap0O
https://datatracker.ietf.org/ipr/1524/
http://www.apache.org/licenses/LICENSE
http://tools.ietf.org/html/rfc1950
http://www.cwi.nl)
http://www.pythonlabs.com/logos.html

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log	ASCII text, with CRLF line terminators	#

Deep Malware Analysis

file.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

file.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

file.exe