67CdpRzUI7.exe

Status: finished

Submission Time: 2020-09-18 06:26:05 +02:00

Malicious

Trojan

Evader

FormBook

Comments

Details

Analysis ID:
287287
API (Web) ID:
469720
Analysis Started:

2020-09-18 06:26:06 +02:00
Analysis Finished:

2020-09-18 06:36:13 +02:00
MD5:
09a45ac53ebec83fbc268e26f49359dd
SHA1:
cd5679717a6f2721c6c8707d33a0d2cb3c858163
SHA256:
20307ce6b95ddf5b77edab8e733ec48f4925fcaa1e184cae538a450c63dc7ba9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 32/67

malicious

Score: 9/48

URLs

Name	Detection
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\67CdpRzUI7.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpFE57.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\tOWpkfkEQkpDPd.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 42 hidden entries
C:\Users\user\AppData\Roaming\tOWpkfkEQkpDPd.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.2tfvDpF+.20200918062706.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3rifdbu.bp3.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqkraush.qfr.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x2ic4abl.rjm.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmig2ct4.du5.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zty1ixpy.gjc.psm1	very short file (no magic)	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.+K_MFW49.20200918062705.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.05xsmnAV.20200918062709.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tx4t4i0d.ubj.psm1	very short file (no magic)	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.4xwntqkf.20200918062712.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.BgHYNPEQ.20200918062658.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.LgtgmmaC.20200918062702.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.PFlAt5se.20200918062702.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.V5P4DUwg.20200918062705.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.d1F0YTWO.20200918062703.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.jF7cgiVF.20200918062712.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.tbLRiJj7.20200918062704.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.wSEGsd1I.20200918062712.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20200918\PowerShell_transcript.715575.wvsU3erY.20200918062707.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g55v5qgm.afs.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0i1nhcti.4oe.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0whafc3a.lrl.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2fgdbglz.cvg.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ucitoxd.gfx.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0hienfz.4so.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cn2lziv5.w5p.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cultvf32.0ju.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_enmo4pfg.x0r.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tyco31l0.qx5.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gheeje5z.crb.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hazjys1w.t0d.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mh5k1mzm.yql.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmhn2whc.c2n.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p4hsgw0n.p52.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pjt51k02.1do.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qghjrwxy.je4.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1izqoyu.hfy.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjiogkdb.bzg.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_swaddp3q.ohx.ps1	very short file (no magic)	#

67CdpRzUI7.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

67CdpRzUI7.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

67CdpRzUI7.exe