xblONM0W11.exe

Status: finished

Submission Time: 2020-04-02 03:40:04 +02:00

Malicious

Trojan

Evader

Nanocore

Comments

Details

Analysis ID:
219669
API (Web) ID:
336192
Analysis Started:

2020-04-02 03:40:04 +02:00
Analysis Finished:

2020-04-02 03:49:33 +02:00
MD5:
579090062d15633c58d1e9a37444ee8f
SHA1:
27af4e30ca4fd382ae20214c8d777d89b82cb356
SHA256:
7b2adf1c8ff725d7dd61b0fdc3ef9e6e3a8bd1b744fd209290a1bf65f9b9acb4
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 35/64

Open Full Report

malicious

Score: 8/40

IPs

IP	Country	Detection
45.81.148.133	Netherlands

Domains

Name	IP	Detection
24414.duckdns.org	45.81.148.133

URLs

Name	Detection
http://www.fonts.com
http://www.founder.com.cn/cn/cThe
http://fontfabrik.com
Click to see the 34 hidden entries
http://www.founder.com.cn/cn
http://www.typography.netroO
http://www.jiyu-kobo.co.jp/Y0/
http://www.typography.net
http://www.jiyu-kobo.co.jp/jp/)
http://www.jiyu-kobo.co.jp/
http://www.sajatypeworks.comd.
http://www.typography.netD
http://www.sandoll.co.kr
http://www.typography.net0
http://www.jiyu-kobo.co.jp/f
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.tiro.comic
http://www.goodfont.co.krd
http://www.founder.com.cn/cn/n
http://www.sajatypeworks.comed
http://www.jiyu-kobo.co.jp/Y0H
http://www.founder.com.cn/cn/bThe
http://www.founder.com.cn/cnM
http://www.tiro.comslnt
http://www.sajatypeworks.comn-u
http://www.typography.neterms
http://www.tiro.com
http://www.jiyu-kobo.co.jp/H
http://www.apache.org/licenses/LICENSE-2.0
http://www.sajatypeworks.comerm
http://www.goodfont.co.kr
http://www.jiyu-kobo.co.jp/jp/
http://www.jiyu-kobo.co.jp/B
http://www.jiyu-kobo.co.jp/aa
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.founder.com.cn/cn/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\xblONM0W11.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat	data	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.AeKx+Fc7.20200402034048.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 45 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqmc1pep.rna.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvzvxtb5.w5r.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xyoy43qp.yhc.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ybkxcql1.qsl.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yn52ioza.cml.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\catalog.dat	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\settings.bin	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\storage.dat	data	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.6PGtdCm9.20200402034046.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.7vz6AdVU.20200402034050.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_slrylp3g.zeq.psm1	ASCII text, with no line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.GiZHtaio.20200402034047.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.JnKzRVj+.20200402034041.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.MeVmJQ6n.20200402034040.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.Pbt6hIgv.20200402034051.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.SiFGD5nT.20200402034053.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.VnmqqAkc.20200402034035.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483._KHtzoto.20200402034045.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.b15w_lXO.20200402034044.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.bkjdukDu.20200402034040.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.gYr4M+k9.20200402034042.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200402\PowerShell_transcript.376483.jk1B+YWs.20200402034054.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwskxhu0.gvd.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_114u3sua.j2x.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cka5fug.oas.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3slunxai.dgg.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3xt1xjlp.3xb.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_450cdzk0.efl.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5s4uuqqy.ih0.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5x5r3fkv.uig.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aw5uprj2.shw.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b5s5kjyw.zwj.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_boxn33be.suh.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjloovya.54m.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqrvcnqn.11n.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fptenbli.xsm.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4biunab.ltv.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gg3qwh5g.ulh.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfxpsc2r.ywf.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_myqgkt23.n4t.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nijc43d5.sl5.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o1mb3y2o.1i2.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pp1fcq0u.5ja.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_py3ulubr.kui.psm1	ASCII text, with no line terminators	#

xblONM0W11.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

xblONM0W11.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

xblONM0W11.exe