026910003102350.pdf.scr.exe

Status: finished

Submission Time: 2023-02-02 08:08:10 +01:00

Malicious

Trojan

Evader

Nanocore

Comments

Details

Analysis ID:
796783
API (Web) ID:
1164012
Analysis Started:

2023-02-02 08:08:12 +01:00
Analysis Finished:

2023-02-02 08:24:04 +01:00
MD5:
c2a80ccf6362bba805072de9ce963ea5
SHA1:
c7a0ca8b35e2c08e69f48d754dbdbf20f2d1d53f
SHA256:
592217d2590ae9ca688346688b2d7d13a78190f9562889597ebb79060136034c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/70

malicious

Score: 18/39

malicious

IPs

IP	Country	Detection
212.193.30.230	Russian Federation

Domains

Name	IP	Detection
december2nd.ddns.net	212.193.30.230
december2n.duckdns.org	212.193.30.230

URLs

Name	Detection
december2nd.ddns.net
december2n.duckdns.org
https://www.autoitscript.com/autoit3/
Click to see the 1 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name	File Type	Hashes
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat	data	#
C:\Users\user\AppData\Local\Temp\tmp897A.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
Click to see the 39 hidden entries
C:\Users\user\AppData\Local\Temp\RegSvcs.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Folder8_410\itugx.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Folder8_410\vjdtaskm.txt	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\mujswngck.docx	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\nbmc.pdf	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\quxisn.ini	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\rbtj.dat	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\rnnsh.xls	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\tpfplabhr.ppt	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\vgbluarp.xl	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\vgpgtuex.bmp	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\lvgkma.msc	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\vtmv.xls	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\xnhbpesj.pdf	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\xopcgkw.xl	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp8D34.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat	ASCII text, with no line terminators	#
C:\Users\user\temp\lvgkma.msc	ASCII text, with CRLF line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\dldgexp.dll	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\Update.vbs	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\accdciolx.icm	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\adietmenbj.mp3	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\cgkjjhlj.icm	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\chcekckp.gfh	ASCII text, with very long lines (65536), with no line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\daitsfsh-waune.icm.vbe	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\dbhplsxd.msc	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\mlvmtln.bin	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\fedenpfm.xml	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\gfgrxolm.dat	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\gvcjf.ppt	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\gvguxlvv.xls	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\kulqol.dat	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\laaa.ini	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\ldgreqiiqi.msc	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\lhtfibp.docx	Unicode text, UTF-8 text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Folder8_410\lulajc.bmp	Unicode text, UTF-8 text, with CRLF line terminators	#

026910003102350.pdf.scr.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

026910003102350.pdf.scr.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

026910003102350.pdf.scr.exe