Register Login

sloganpng

top title background image

Receipt.exe

Status: finished

Submission Time: 2022-10-03 13:18:14 +02:00

Malicious

Trojan

Evader

Nanocore

Comments

Tags

Details

Analysis ID:
714970
API (Web) ID:
1082412
Analysis Started:

2022-10-03 13:26:47 +02:00
Analysis Finished:

2022-10-03 13:38:32 +02:00
MD5:
59082912cb9d1d4ece0567b1354d0f34
SHA1:
a3c3e88b6c905eaee872bb21916c792a3ec1d7e7
SHA256:
7ef24f6499dd9fc7809783a98febc44c2dc25a3f74d02c9bf8ddbae0d3b781c6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 14/39

malicious

URLs

Name	Detection
https://www.newtonsoft.com/json
https://www.nuget.org/packages/Newtonsoft.Json.Bson
http://james.newtonking.com/projects/json
Click to see the 1 hidden entries
https://www.newtonsoft.com/jsonschema

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Receipt.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Bouqi\Jzqbsob.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Bouqi\Jzqbsob.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjzqitn5.ybc.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twhdr2os.ade.ps1	very short file (no magic)	#