JFAaEh5hB6.exe

Status: finished

Submission Time: 2021-02-20 11:55:12 +01:00

Malicious

Ransomware

Trojan

Spyware

Evader

Comments

Details

Analysis ID:
355650
API (Web) ID:
613268
Analysis Started:

2021-02-20 11:55:13 +01:00
Analysis Finished:

2021-02-20 12:02:56 +01:00
MD5:
7eab81a8c3d73c5a40309317d8a618ce
SHA1:
0c0dc197a1d109c2cd70f4164ad9264b23efff3a
SHA256:
3d2bd69871c0a443d1e4c2a5ec37833dbcbce929aba368745f10d7b981a5264c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 42/71

Open Full Report

malicious

Score: 13/37

malicious

Score: 22/28

malicious

IPs

IP	Country	Detection
149.154.167.220	United Kingdom
208.95.112.1	United States
104.22.18.188	United States
Click to see the 3 hidden entries
172.67.141.244	United States
185.199.108.133	Netherlands
45.148.16.42	Sweden

Domains

Name	IP	Detection
180.182.11.0.in-addr.arpa	0.0.0.0
api.anonfiles.com	45.148.16.42
raw.githubusercontent.com	185.199.108.133
Click to see the 4 hidden entries
ip-api.com	208.95.112.1
api.mylnikov.org	172.67.141.244
api.telegram.org	149.154.167.220
icanhazip.com	104.22.18.188

URLs

Name	Detection
http://www.codeplex.com/DotNetZip
http://ip-api.com/line/?fields=hosting
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Click to see the 17 hidden entries
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://certificates.godaddy.com/repository/gdig2.crt0
https://certs.godaddy.com/repository/0
http://icanhazip.com/
http://crl.godaddy.com/gdig2s1-1823.crl0
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://ac.ecosia.org/autocomplete?q=
http://crl.godaddy.com/gdroot.crl0F
http://certs.godaddy.com/repository/1301
https://java.sun.com
http://certificates.godaddy.com/repository/0
https://duckduckgo.com/?q=
https://github.com/LimerBoy/StormKitty
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
http://crl.godaddy.com/gdroot-g2.crl0F

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\AnonFileApi.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\down.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\edge.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\fae094a012ae11e476f764a34f0630d6\user@767668_en-US\Grabber\DRIVE-C\Users\user\Desktop\GAOBCVIQIJ\QCFWYSKMHA.pdf	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\fae094a012ae11e476f764a34f0630d6\user@767668_en-US\Grabber\DRIVE-C\Users\user\Desktop\PWCCAWLGRE.xlsx	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\fae094a012ae11e476f764a34f0630d6\user@767668_en-US\Grabber\DRIVE-C\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docx	ASCII text, with very long lines, with CRLF line terminators	#

Deep Malware Analysis

JFAaEh5hB6.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

JFAaEh5hB6.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

JFAaEh5hB6.exe