GgNhpv.exe

Status: finished

Submission Time: 2020-04-21 00:49:29 +02:00

Malicious

Trojan

Evader

Nanocore

Comments

Details

Analysis ID:
224019
API (Web) ID:
344637
Analysis Started:

2020-04-21 00:49:30 +02:00
Analysis Finished:

2020-04-21 01:04:49 +02:00
MD5:
1931c289254c302b2774aecb11378c5e
SHA1:
37f6faf326308012f416962e0c5a87e949bc3192
SHA256:
cfa971612c0b5646e1fcd66033e827bbf1256707224be20874f537bd23f9b8e0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
151.80.8.11	Italy
104.18.49.20	United States
104.18.48.20	United States

Domains

Name	IP	Detection
alice2019.myftp.biz	151.80.8.11
paste.ee	104.18.48.20

URLs

Name	Detection
http://www.fonts.com
http://www.sajatypeworks.com
http://secureteam.net/webservices/TU
Click to see the 21 hidden entries
http://secureteam.net/ErrorReporting.asmxY
http://www.carterandcone.coml
http://secureteam.net/webservices/T
http://www.sakkal.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://paste.ee/r/yaEzF
http://www.zhongyicts.com.cn
http://www.goodfont.co.kr
http://www.sandoll.co.kr
http://www.typography.netD
http://www.tiro.com
http://www.sajatypeworks.comhr
http://www.jiyu-kobo.co.jp/
http://secureteam.net/webservices/$
http://secureteam.net/webservices/CreateErrorReport
http://www.founder.com.cn/cn/bThe
http://www.founder.com.cn/cn
http://fontfabrik.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.founder.com.cn/cn/cThe
http://secureteam.net/ErrorReporting.asmx

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GgNhpv.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat	data	#
Click to see the 32 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yy2dm54c.txy.ps1	ASCII text, with no line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zznvryas.0wh.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\WPA Service\wpasv.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\catalog.dat	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\settings.bin	data	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\storage.dat	data	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.8e5DVsxy.20200421005130.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.ACpugxHH.20200421005032.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.AcYzDbUR.20200421005018.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.JsCpoOAZ.20200421005131.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.MyWoFULh.20200421005030.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.YHQfqqxA.20200421005112.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.pQoJ9U0B.20200421005016.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.xgwDSDKc.20200421005111.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_drs5twxd.myu.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wpasv.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1djyoqla.cgt.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1lhymjxj.kfz.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1u3t34eh.as0.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4gxgbq4p.tot.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ircppmr.cnw.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yl2tt2od.syr.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fiieimg5.41q.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ikzuz3ku.qxx.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lhc4fd1p.xbi.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_od4nbngh.yez.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_osulfv0a.f21.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prtsbvfc.nov.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szytjllq.c4w.ps1	ASCII text, with no line terminators	#

GgNhpv.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

GgNhpv.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

GgNhpv.exe