We are hiring! Windows Kernel Developer (Remote), apply here!
flash

inquiry.pdf.exe

Status: finished
Submission Time: 2022-10-03 17:19:08 +02:00
Malicious
Phishing
Trojan
Exploiter
Evader
AveMaria, DarkTortilla, UACMe

Comments

Tags

  • exe

Details

  • Analysis ID:
    715157
  • API (Web) ID:
    1082599
  • Analysis Started:
    2022-10-03 17:27:44 +02:00
  • Analysis Finished:
    2022-10-03 17:40:14 +02:00
  • MD5:
    6236e43da1b2c6279760e6b2b7e2d40f
  • SHA1:
    a24221417ff9c0d169bf17b7f242824fe61d3b72
  • SHA256:
    b4056e17199edd889d2b77c02865136c47ab29566717c2f86ae8911c02e2994a
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
5/88

malicious
5/37

malicious
20/26

malicious

IPs

IP Country Detection
23.105.131.206
United States
142.250.203.100
United States

Domains

Name IP Detection
hannoyputa.giize.com
23.105.131.206
www.google.com
142.250.203.100

URLs

Name Detection
hannoyputa.giize.com
http://www.jiyu-kobo.co.jp/jp/
http://www.founder.com.cn/cn
Click to see the 82 hidden entries
http://www.carterandcone.commbe
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn/
http://www.jiyu-kobo.co.jp/Y0=
http://www.carterandcone.coml
http://www.fontbureau.comdva
http://www.fontbureau.comalsF5
http://www.fontbureau.comI.TTF6
http://www.fontbureau.comd
http://www.carterandcone.comIta
http://www.jiyu-kobo.co.jp/O
http://www.carterandcone.comTC
http://www.galapagosdesign.com/
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.comdv
http://www.jiyu-kobo.co.jp/Y
http://www.jiyu-kobo.co.jp/ueT
http://ns.ado/1Imt
http://ns.adobe.cobjImt
http://www.fontbureau.comsief
http://www.fontbureau.com/designers/
https://www.google.com/
http://www.founder.com.cn/cn&
https://github.com/syohex/java-simple-mine-sweeperC:
http://www.jiyu-kobo.co.jp/nyg
http://www.carterandcone.comers
http://www.fontbureau.com/designers8
http://www.zhongyicts.com.cno.
http://www.carterandcone.comgo
http://www.fontbureau.comR.TTF
http://www.jiyu-kobo.co.jp/k-u
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.comm
http://www.carterandcone.como.(
http://www.jiyu-kobo.co.jp/vad
http://www.fontbureau.com/designers/cabarga.html
http://www.jiyu-kobo.co.jp/s-e
http://www.jiyu-kobo.co.jp/v
http://www.fontbureau.com/designers/frere-jones.html
http://www.goodfont.co.kr
http://www.jiyu-kobo.co.jp/Y0f
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.comony/O
https://www.google.com
http://www.typography.netD
http://www.founder.com.cn/cnt-b
http://www.fontbureau.com/designers/frere-jones.html4j-
http://www.sajatypeworks.com
http://www.fontbureau.comrz
http://www.carterandcone.com
http://www.fontbureau.com/designers/frere-jones.htmlI
http://www.fontbureau.com/designersZ
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.founder.com.cn/cnT
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.carterandcone.comize
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cnQ
http://www.jiyu-kobo.co.jp/Y0
http://www.fontbureau.com/designersG
http://www.fontbureau.comB.TTFd
http://www.fontbureau.com.TTF
http://www.sakkal.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.fontbureau.com/designers/cabarga.htmln-uO
http://www.sandoll.co.kr
http://www.fonts.com
http://ns.adobe.c/gImt
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/
http://www.carterandcone.comintTV
http://www.fontbureau.comav
http://www.founder.com.cn/cn4j4
http://www.jiyu-kobo.co.jp/6
http://www.fontbureau.com/designersl
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\inquiry.pdf.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\jhFFFffkl.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\glonkjhg.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Roaming\glonkjhg.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jhFFFffkl.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\jhFFFffkl.txt
ASCII text, with CRLF line terminators
#
\Device\Null
ASCII text, with CRLF line terminators
#