Register Login

sloganpng

top title background image

Original Shipment_Document.PDF.exe

Status: finished

Submission Time: 2022-08-05 11:23:09 +02:00

Malicious

Trojan

Evader

GuLoader, Nanocore

Comments

Tags

Details

Analysis ID:
679174
API (Web) ID:
1046680
Analysis Started:

2022-08-05 11:23:09 +02:00
Analysis Finished:

2022-08-05 11:46:20 +02:00
MD5:
626cdeaa4696c819fd07921073f6c740
SHA1:
b094f5e4c3792a05b7f307ad78d2e52cfcbf87b4
SHA256:
d8519cee2bbf5c257375b339d530b33f275db40c06de0f96911eb5b4f207f2c5
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

Open Full Report

malicious

Score: 23/71

malicious

Score: 9/40

IPs

IP	Country	Detection
142.250.181.225	United States
188.127.230.176	Russian Federation
142.250.179.174	United States

Domains

Name	IP	Detection
drive.google.com	142.250.179.174
tuk.linkpc.net	188.127.230.176
googlehosted.l.googleusercontent.com	142.250.181.225
Click to see the 1 hidden entries
doc-14-70-docs.googleusercontent.com	0.0.0.0

URLs

Name	Detection
https://doc-14-70-docs.googleusercontent.com/
https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie
http://nsis.sf.net/NSIS_ErrorError
Click to see the 6 hidden entries
http://google.com
https://doc-14-70-docs.googleusercontent.com/%%doc-14-70-docs.googleusercontent.com
https://drive.google.com/
https://doc-14-70-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bcmtj5ie1disn24fvm7mb2d8jibr4j1v/1659691950000/06422039211485589527/*/1RTjXzM3oLxMQRuQuQg9TR4kX_hPJtp2r?e=download&uuid=fa4270ed-3082-4e6e-8e77-e38f9ee0c1fd
https://drive.google.com/x~
https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\tmp6DD1.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat	Non-ISO extended-ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\caspol.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsaB9E2.tmp\nsExec.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\subfolder1\windows.exe	data	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\catalog.dat	data	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\settings.bin	data	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\storage.dat	data	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\task.dat	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\Integrationsprvens.Adg72	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\format-text-bold-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\location-services-disabled-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\timelrer\Tdlen\uforfrdetheden.Rid	data	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#