gets.ps1

Status: finished

Submission Time: 2025-04-03 08:55:54 +02:00

Malicious

Trojan

Exploiter

Evader

Comments

Details

Analysis ID:
1655332
API (Web) ID:
1655332
Analysis Started:

2025-04-03 09:18:57 +02:00
Analysis Finished:

2025-04-03 09:32:25 +02:00
MD5:
3067318825b97743200017e62acec2c6
SHA1:
17802b5bb0f6ab311252c53666f6b3a804d968f1
SHA256:
4254813129d474b8170496d0b711e9b32dfe814e602a19bb37fadeeeb9bc26d6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 11/24

malicious

IPs

IP	Country	Detection
185.255.122.94	Netherlands
104.21.24.156	United States
185.199.110.133	Netherlands

Domains

Name	IP	Detection
updateappdd.com	185.255.122.94
activated.win	104.21.24.156
massgravs.com	185.255.122.94
Click to see the 5 hidden entries
raw.githubusercontent.com	185.199.110.133
windatem.com	185.255.122.94
winpopcach.com	185.255.122.94
www.google.com	142.250.65.164
updatecheck30.activated.win	104.21.24.156

URLs

Name	Detection
https://updateappdd.co
https://updateappdd.com/apps/getapp2.ps1
https://updateappdd.com
Click to see the 70 hidden entries
https://updateappdd.com/apps/StartApp2.ps1
http://crl.ver)
https://massgrave.dev/d
https://updateappdd.com/apps/get(
https://massgrave.dev/masver=3.0NUMBER_OF_P
https://github.com/Pester/Pester
http://epscd2.catcert.net/crl/ec-acc.crl0
https://massgravs.com/core/
https://git.activated.win/massgrave/Microsoft-Activation-Scripts/raw/commit/313f240448953cd5fe3c5631
https://stackoverflow.com/a/35843420
https://g.live.com/odclientsettings/ProdV21C:
https://contoso.com/Icon
https://massgravs.com/coreIT/
https://massgrave.dev/z
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
https://updateappdd.com/apps/StartApp.ps1
http://schemas.xmlsoap.org/soap/encoding/
https://updateappdd.com/apps/StartAppIT.ps1
https://stackoverflow.com/a/46268232
https://massgrave.dev/troubleshoot
https://oneget.org
https://massgravs.com/coreoff/
https://massgrave.dev/masver=3.0nceline=echo:
https://aka.ms/pscore68
http://ocsp.catcert.cat0
https://massgrave.dev/R
https://massgrave.dev/masver=3.0nul=
http://www.catcert.cat/descarrega/acc.crt0#
http://schemas.xmlsoap.org/wsdl/
https://winpopcach.com/install1/
https://raw.githubusercontent.com
http://crl.micro
https://www.catcert.net/verarrel
http://www.apache.org/licenses/LICENSE-2.0
https://g.live.com/odclientsettings/Prod1C:
https://1.1.1.1
https://updateappdd.com/apps/startapp2.ps1
https://get.activated.win
https://eskonr.com/2012/01/how-to-fix-wmi-issues-automatically/
http://epscd.catcert.net/crl/ec-acc.crl0.
https://updateappdd.coLR
https://updateappdd.com/apps/nVPN.crt
https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.8-I602-Win10.exe
http://crl.microsoftv
https://updateappdd.com/apps/w46dbb66.ovpn
https://contoso.com/License
https://windatem.com/app.zip
http://crl.microsoft
https://massgrave.dev/=
https://github.com/asdcorp/clic
https://github.com/asdcorp/Set-WindowsCbsEdition
https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/313f240448953cd5fe3c5631f4
https://nuget.org/nuget.exe
https://massgravs.com
https://massgrave.dev/masver=3.k
http://nuget.org/NuGet.exe
https://massgrave.dev/
https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/313f240448953cd5fe3c5631f4e4de502f23fc9a/MAS/All-In-One-Version-KL/MAS_AIO.cmd
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://massgrave.dev/masver=3.0NUMBER_OF_PROCESSORS=4OneDrive=C:
https://oneget.orgX
http://pesterbdd.com/images/Pester.png
https://contoso.com/
https://aka.ms/pscore6lB
https://www.catcert.cat/verCIT-10
https://windatem.com
https://massgrave.dev/get
https://dev.azure.com/massgrave/Microsoft-Activation-Scripts/_apis/git/repositories/Microsoft-Activa
http://updateappdd.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\304\NavegadorExclusivo.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\304\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartAppWin2.bat	DOS batch file, ASCII text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\Users\user\AppData\Roaming\StartApp2.ps1	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\WindowsLoadStart2.bat	DOS batch file, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\getapp2.ps1	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\MAS_afd0929e-1015-40f0-b4b9-a094f6801c2f.cmd	ASCII text, with very long lines (348), with CRLF line terminators	#

Deep Malware Analysis

gets.ps1

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

gets.ps1 Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

gets.ps1