Register Login

sloganpng

top title background image

NEW ROM 01-002361_PDF.exe

Status: finished

Submission Time: 2020-07-31 12:19:08 +02:00

Malicious

Phishing

Trojan

Spyware

Evader

HawkEye MailPassView

Comments

Tags

Details

Analysis ID:
255292
API (Web) ID:
405895
Analysis Started:

2020-07-31 21:20:15 +02:00
Analysis Finished:

2020-07-31 21:30:11 +02:00
MD5:
2cb9093f20d6541f7cf7286f697ab0d2
SHA1:
271a2e64eee0d7c2ef11e941408e0dfc1221f3cf
SHA256:
3afef2476572d24d320f6d9b0aea76022bbc6690826544a69a0f3409d904e76a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
https://a.pomf.cat/
https://login.yahoo.com/config/login
http://pomf.cat/upload.php&https://a.pomf.cat/
Click to see the 6 hidden entries
http://www.nirsoft.net
http://pomf.cat/upload.php
http://www.nirsoft.net/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://bot.whatismyipaddress.com/
http://pomf.cat/upload.phpCContent-Disposition:

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW ROM 01-002361_PDF.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp220D.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\&startupname&.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\&startupname&.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\a93a47c3-0eb5-fd5a-bfa5-ade9e3fad938	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\tmp3BAF.tmp	Little-endian UTF-16 Unicode text, with no line terminators	#