wzkp8c4Z3F.exe

Status: finished

Submission Time: 2022-09-23 08:22:12 +02:00

Malicious

Trojan

Evader

Nanocore

Comments

Details

Analysis ID:
708261
API (Web) ID:
1075719
Analysis Started:

2022-09-23 08:25:08 +02:00
Analysis Finished:

2022-09-23 08:37:21 +02:00
MD5:
c143cac623fbf082adedd43cad691a69
SHA1:
62bd3d43d6e897922cf557d4e40f7d6d9035a4bf
SHA256:
3a542858ddb263f3b60a1c7340d508e7f392443e9ee8521d0c9e4a8289173fdf
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 27/72

malicious

Score: 12/39

malicious

IPs

IP	Country	Detection
79.110.62.187	Germany

Domains

Name	IP	Detection
jasonbourne.bounceme.net	79.110.62.187

URLs

Name	Detection
127.0.0.1
jasonbourne.bounceme.net
http://www.sakkal.com-e0$
Click to see the 63 hidden entries
http://www.fontbureau.com/designers/frer
http://www.jiyu-kobo.co.jp/jp/
http://www.jiyu-kobo.co.jp/H
http://www.fontbureau.comice
http://www.fontbureau.com/designers/frere-jones.htmlp
http://www.founder.com.cn/cnTF
http://www.jiyu-kobo.co.jp/Q
http://www.fontbureau.comd
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.comditam
http://www.fontbureau.como5
http://www.sakkal.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.fontbureau.come.com
http://www.jiyu-kobo.co.jp/jp/z
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.comkz
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.jiyu-kobo.co.jp/Y0/
http://www.jiyu-kobo.co.jp/m
http://www.agfamonotype.7
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.fontbureau.comitu
http://www.fontbureau.comdsed
http://www.fontbureau.comals
http://www.sajatypeworks.com
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.jiyu-kobo.co.jp/jp/C
http://www.founder.com.cn/cn/bThe
http://www.ascendercorp.com/typedesigners.htmllkA
http://www.fontbureau.com/designers?
http://www.fontbureau.comonyd5
http://www.tiro.com
http://www.jiyu-kobo.co.jp/Y0x
http://www.fontbureau.com/designers
http://www.jiyu-kobo.co.jp/Y0r1
http://www.goodfont.co.kr
http://www.jiyu-kobo.co.jp/jp/5
http://google.com
http://www.jiyu-kobo.co.jp/Y0r:
http://www.fontbureau.com/designers/cabarga.html.
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://www.jiyu-kobo.co.jp/en-u
http://fontfabrik.com
http://www.fontbureau.comgrita
http://www.jiyu-kobo.co.jp/5
http://www.jiyu-kobo.co.jp/liqu
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.comgrito
http://www.ascendercorp.com/typedesigners.html
http://www.itcfonts.
http://www.jiyu-kobo.co.jp/jp/Q
http://www.fonts.com
http://www.sandoll.co.kr

Dropped files

Name	File Type	Hashes
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wzkp8c4Z3F.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Temp\tmpDBD9.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat	Non-ISO extended-ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpF6C5.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bak	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat	ASCII text, with no line terminators	#

wzkp8c4Z3F.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

wzkp8c4Z3F.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

wzkp8c4Z3F.exe