top title background image
flash

ZzmGwgpHuJ.exe

Status: finished
Submission Time: 2021-03-10 11:59:04 +01:00
Malicious
Trojan
Evader
Ramnit

Comments

Tags

Details

  • Analysis ID:
    366089
  • API (Web) ID:
    634236
  • Analysis Started:
    2021-03-10 11:59:04 +01:00
  • Analysis Finished:
    2021-03-10 12:05:50 +01:00
  • MD5:
    ff5e1f27193ce51eec318714ef038bef
  • SHA1:
    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
  • SHA256:
    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 66/70
malicious
Score: 34/37
malicious
Score: 45/48
malicious

IPs

IP Country Detection
104.20.184.68
United States
87.248.118.22
United Kingdom
151.101.1.44
United States

Domains

Name IP Detection
contextual.media.net
23.57.80.37
tls13.taboola.map.fastly.net
151.101.1.44
lg3.media.net
23.57.80.37
Click to see the 8 hidden entries
geolocation.onetrust.com
104.20.184.68
edge.gycpi.b.yahoodns.net
87.248.118.22
s.yimg.com
0.0.0.0
web.vortex.data.msn.com
0.0.0.0
www.msn.com
0.0.0.0
srtb.msn.com
0.0.0.0
img.img-taboola.com
0.0.0.0
cvision.media.net
0.0.0.0

URLs

Name Detection
https://client-s.gateway.messenger.live.com
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://twitter.com/i/notifications;Ich
Click to see the 88 hidden entries
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24903118&epi=ch-de
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
https://www.msn.com/de-ch
https://twitter.com/
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://www.msn.com/de-ch/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=LXmBTFUGIS8mguGU6HsjCqiedp9H5711z.VhSPcVngMW
http://popup.taboola.com/german
https://onedrive.live.com/about/en/download/
https://www.bidstack.com/privacy-policy/
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
http://www.nytimes.com/
https://www.msn.com/de-ch/nachrichten/regional
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
https://i.geistm.com/l/HFCH_DTS_LP?bcid=602422ab6ae9074ae28c1cce&bhid=5f624df5866933554eb1ec8a&a
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
https://login.skype.com/login/oauth/microsoft?client_id=738133
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
http://www.live.com/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
http://www.wikipedia.com/
https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656
http://ogp.me/ns#
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
http://www.youtube.com/
https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://support.skype.com
https://www.msn.com?form=MY01O4&OCID=MY01O4
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://onedrive.live.com/#qt=mru
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
https://outlook.live.com/calendar
https://srtb.msn.com:443/notify/viewedg?rid=672b76eb35534933bda4c96400feacea&r=infopane&i=2&
https://cdn.cookielaw.org/vendorlist/googleData.json
https://policies.oath.com/us/en/oath/privacy/index.html
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-ss&ued=htt
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://www.twitter.com/
http://ogp.me/ns/fb#
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
http://www.amazon.com/
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://outlook.com/
https://onedrive.live.com;Fotos
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
http://searchads.msn.net/.cfm?&&kp=1&
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.msn.com/de-ch/homepage/api/modules/fetch"
https://www.skype.com/
http://www.reddit.com/
https://s.yimg.com/lo/api/res/1.2/bgZeVyGlA0W3Cxv8.lln_w--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://web.vortex.data.msn.com/collect/v1
https://www.msn.com/de-ch/?ocid=iehp
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
https://onedrive.live.com/?qt=mru;Aktuelle
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=hc_ALMIGIS9BBpmSf5h_lwuiRpn0psExzrsg5wILeeZzb0S9
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://rover.ebay.com/rover/1/5222-53480-19255-0/1?mpre=https%3A%2F%2Fwww.ebay.ch&campid=533862
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://outlook.live.com/mail/deeplink/compose;Kalender

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
#
C:\Program Files (x86)\Microsoft\DesktopLayer.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#