Register Login

sloganpng

top title background image

Ref. No INV088002904SINO.vbs

Status: finished

Submission Time: 2022-09-08 07:30:10 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
699422
API (Web) ID:
1066890
Analysis Started:

2022-09-08 07:30:11 +02:00
Analysis Finished:

2022-09-08 07:35:59 +02:00
MD5:
78f2e521d65cd356494edd52bfa2eb94
SHA1:
abd02c0ece3445944708037fcfeffa0f69c14319
SHA256:
e844196a40b506f2d00760b7dfcb2474c56f30c705d078cb265b8871aeca8e79
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 23/88

Open Full Report

malicious

Score: 5/25

malicious

Score: 7/26

malicious

IPs

IP	Country	Detection
20.7.14.99	United States

URLs

Name	Detection
http://20.7.14.99
http://20.7.14.99/server/dll.txt
http://nuget.org/NuGet.exe
Click to see the 8 hidden entries
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/Pester/Pester
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k3rm35jv.ftv.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjajxajs.yzb.psm1	very short file (no magic)	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rv5m2ibe.fsd.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tigd1obk.kyu.ps1	very short file (no magic)	#