Register Login

sloganpng

top title background image

New Order 000212.exe

Status: finished

Submission Time: 2022-08-08 15:26:06 +02:00

Malicious

Trojan

Evader

FormBook

Comments

Tags

Details

Analysis ID:
680420
API (Web) ID:
1047926
Analysis Started:

2022-08-08 15:26:08 +02:00
Analysis Finished:

2022-08-08 15:35:55 +02:00
MD5:
989e8988e2ed04a3e86a6faf2727c00f
SHA1:
6a5397ef11996176e5c5ec5b94004591a77208e5
SHA256:
c19a3d6f7af18f9fae141a7234341d0bf8e1038638c13a625194eb3fece6a540
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 25/71

malicious

Score: 11/26

malicious

malicious

URLs

Name	Detection
www.bitp0ker.com/ch0y/
https://www.nuget.org/packages/Newtonsoft.Json.Bson
http://google.com
Click to see the 2 hidden entries
http://james.newtonking.com/projects/json
https://www.newtonsoft.com/jsonschema

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New Order 000212.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2pz5sadz.0kr.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hhwx0ezb.tco.ps1	very short file (no magic)	#
C:\Users\user\Documents\20220808\PowerShell_transcript.472847.ilae6BhB.20220808152730.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#