SFNM~12345HBV-09876567.exe

Status: finished

Submission Time: 2022-09-26 07:53:35 +02:00

Malicious

Trojan

Evader

Nanocore, DarkTortilla

Comments

Details

Analysis ID:
709714
API (Web) ID:
1077173
Analysis Started:

2022-09-26 07:57:54 +02:00
Analysis Finished:

2022-09-26 08:05:12 +02:00
MD5:
54e31b7e289bea078ed769a046c3842e
SHA1:
bf7d74cb34792b258f46e29221c4cbff57bb6979
SHA256:
9cf831ec812b6928eb2fe0c9625da78e8f294d6a5b255ddf894bbbe5b3f7698a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 57/72

Open Full Report

malicious

Score: 6/18

malicious

Score: 22/25

malicious

IPs

IP	Country	Detection
142.250.185.164	United States

Domains

Name	IP	Detection
www.google.com	142.250.185.164

URLs

Name	Detection
91.193.75.133
9812.hopto.org
http://www.zhongyicts.com.cna
Click to see the 57 hidden entries
http://www.founder.com.cn/cnz.
http://www.jiyu-kobo.co.jp/P
http://www.tiro.comt
http://www.jiyu-kobo.co.jp/wl
http://www.jiyu-kobo.co.jp/Rl
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.coma
http://www.jiyu-kobo.co.jp/jp/Yl
http://www.carterandcone.coml
http://www.carterandcone.comk
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-user.html
http://www.tiro.comslnt
http://www.jiyu-kobo.co.jp/Y0/
http://www.monotype.
http://www.carterandcone.como.-
http://www.jiyu-kobo.co.jp/Yl
http://www.jiyu-kobo.co.jp/
http://www.jiyu-kobo.co.jp/i
http://www.fontbureau.com/designers8
http://www.jiyu-kobo.co.jp/6l8
http://www.jiyu-kobo.co.jp/jp/=l/
http://www.jiyu-kobo.co.jp/Dl&
https://www.google.com/
http://www.fontbureau.com/designers/
http://www.carterandcone.com_Z
http://ns.ado/1
http://www.tiro.comgo
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers
http://ns.adobe.c/g
http://www.goodfont.co.kr
http://www.carterandcone.com
http://www.sajatypeworks.com
http://www.typography.netD
https://www.google.com
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://ns.adobe.cobj
http://www.jiyu-kobo.co.jp/it-i
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/Y0
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
http://www.jiyu-kobo.co.jp//lA
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.fontbureau.com/designersG

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SFNM#U007e12345HBV-09876567.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\Favorites\SFNM~12345HBV-09876567.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Favorites\SFNM~12345HBV-09876567.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 1 hidden entries
\Device\Null	ASCII text, with CRLF line terminators	#

SFNM~12345HBV-09876567.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

SFNM~12345HBV-09876567.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

SFNM~12345HBV-09876567.exe