inquiry.pdf.exe

Status: finished

Submission Time: 2022-10-03 17:19:08 +02:00

Malicious

Phishing

Trojan

Exploiter

Evader

AveMaria, DarkTortilla, UACMe

Comments

Details

Analysis ID:
715157
API (Web) ID:
1082599
Analysis Started:

2022-10-03 17:27:44 +02:00
Analysis Finished:

2022-10-03 17:40:14 +02:00
MD5:
6236e43da1b2c6279760e6b2b7e2d40f
SHA1:
a24221417ff9c0d169bf17b7f242824fe61d3b72
SHA256:
b4056e17199edd889d2b77c02865136c47ab29566717c2f86ae8911c02e2994a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 5/88

Open Full Report

malicious

Score: 5/37

malicious

Score: 20/26

malicious

IPs

IP	Country	Detection
23.105.131.206	United States
142.250.203.100	United States

Domains

Name	IP	Detection
hannoyputa.giize.com	23.105.131.206
www.google.com	142.250.203.100

URLs

Name	Detection
hannoyputa.giize.com
http://www.jiyu-kobo.co.jp/jp/
http://www.founder.com.cn/cn
Click to see the 82 hidden entries
http://www.carterandcone.commbe
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn/
http://www.jiyu-kobo.co.jp/Y0=
http://www.carterandcone.coml
http://www.fontbureau.comdva
http://www.fontbureau.comalsF5
http://www.fontbureau.comI.TTF6
http://www.fontbureau.comd
http://www.carterandcone.comIta
http://www.jiyu-kobo.co.jp/O
http://www.carterandcone.comTC
http://www.galapagosdesign.com/
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.comdv
http://www.jiyu-kobo.co.jp/Y
http://www.jiyu-kobo.co.jp/ueT
http://ns.ado/1Imt
http://ns.adobe.cobjImt
http://www.fontbureau.comsief
http://www.fontbureau.com/designers/
https://www.google.com/
http://www.founder.com.cn/cn&
https://github.com/syohex/java-simple-mine-sweeperC:
http://www.jiyu-kobo.co.jp/nyg
http://www.carterandcone.comers
http://www.fontbureau.com/designers8
http://www.zhongyicts.com.cno.
http://www.carterandcone.comgo
http://www.fontbureau.comR.TTF
http://www.jiyu-kobo.co.jp/k-u
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.comm
http://www.carterandcone.como.(
http://www.jiyu-kobo.co.jp/vad
http://www.fontbureau.com/designers/cabarga.html
http://www.jiyu-kobo.co.jp/s-e
http://www.jiyu-kobo.co.jp/v
http://www.fontbureau.com/designers/frere-jones.html
http://www.goodfont.co.kr
http://www.jiyu-kobo.co.jp/Y0f
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.comony/O
https://www.google.com
http://www.typography.netD
http://www.founder.com.cn/cnt-b
http://www.fontbureau.com/designers/frere-jones.html4j-
http://www.sajatypeworks.com
http://www.fontbureau.comrz
http://www.carterandcone.com
http://www.fontbureau.com/designers/frere-jones.htmlI
http://www.fontbureau.com/designersZ
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.founder.com.cn/cnT
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.carterandcone.comize
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cnQ
http://www.jiyu-kobo.co.jp/Y0
http://www.fontbureau.com/designersG
http://www.fontbureau.comB.TTFd
http://www.fontbureau.com.TTF
http://www.sakkal.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.fontbureau.com/designers/cabarga.htmln-uO
http://www.sandoll.co.kr
http://www.fonts.com
http://ns.adobe.c/gImt
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/
http://www.carterandcone.comintTV
http://www.fontbureau.comav
http://www.founder.com.cn/cn4j4
http://www.jiyu-kobo.co.jp/6
http://www.fontbureau.com/designersl
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\inquiry.pdf.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\jhFFFffkl.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\glonkjhg.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 4 hidden entries
C:\Users\user\AppData\Roaming\glonkjhg.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jhFFFffkl.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\jhFFFffkl.txt	ASCII text, with CRLF line terminators	#
\Device\Null	ASCII text, with CRLF line terminators	#

inquiry.pdf.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

inquiry.pdf.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

inquiry.pdf.exe