Register Login

sloganpng

top title background image

file.exe

Status: finished

Submission Time: 2022-10-03 17:06:13 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
715145
API (Web) ID:
1082588
Analysis Started:

2022-10-03 17:12:32 +02:00
Analysis Finished:

2022-10-03 17:40:01 +02:00
MD5:
2d9b13584ab871c81ff24c473468cffa
SHA1:
fc29f8a56d9b3ec01bfe432f83e88585df3aa32d
SHA256:
dd1f7353d20b255088e50490aaa88d53d56156842f2d235792f69be05fc3d56f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 46/71

malicious

Score: 19/26

URLs

Name	Detection
http://nuget.org/NuGet.exe
http://www.apache.org/licenses/LICENSE-2.0
http://pesterbdd.com/images/Pester.png
Click to see the 10 hidden entries
http://www.apache.org/licenses/LICENSE-2.0.html
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon
https://oneget.orgX
https://oneget.orgformat.ps1xmlagement.dll2040.missionsand
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://github.com/Pester/Pester
https://oneget.org

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\7zS872.tmp\Install.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\7zSFD85.tmp\Install.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\LhLAIbjVjtdXSeCjh\NRKtMpzzQqeBbPa\iZqzyKf.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 12 hidden entries
C:\Windows\System32\GroupPolicy\gpt.ini	ASCII text	#
C:\Windows\Temp\fwhiGQHhSfnZUzkc\sjPeeWCTnrqbGVf\GPooAyT.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\7zSFD85.tmp\__data__\config.txt	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bdb0qitz.bkl.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oso25ttd.2p4.psm1	very short file (no magic)	#
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Windows\System32\GroupPolicy\Machine\Registry.pol	RAGE Package Format (RPF),	#
C:\Windows\Tasks\bGZpGlqvDNKjraWjlZ.job	data	#
C:\Windows\Temp\__PSScriptPolicyTest_4m4fvhis.grl.ps1	very short file (no magic)	#
C:\Windows\Temp\__PSScriptPolicyTest_xfb5zmft.y1e.psm1	very short file (no magic)	#
\Device\ConDrv	ASCII text, with CRLF, CR line terminators	#