Register Login

sloganpng

top title background image

PROFORMA020005057R1RINVOICE25809654567543456654334 Spec_scan.exe

Status: finished

Submission Time: 2020-10-28 08:39:03 +01:00

Malicious

Trojan

Evader

Nanocore

Comments

Tags

Details

Analysis ID:
306408
API (Web) ID:
514597
Analysis Started:

2020-10-28 08:39:04 +01:00
Analysis Finished:

2020-10-28 08:49:24 +01:00
MD5:
d5d5515bf318451d7a7b39565569ea72
SHA1:
9ad480223863713f83b270166ab7be560da64cc4
SHA256:
365a0e47f24d161f455a522b6a8e15343f257b8cf201173f5696dbcada4f025c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 10/48

IPs

IP	Country	Detection
185.244.30.209	Netherlands

Domains

Name	IP	Detection
engr101.ddns.net	185.244.30.209

Dropped files

Name	File Type	Hashes	Detection
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat	data	#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\PROFORMA020005057R1RINVOICE25809654567543456654334 Spec_scan.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin	data	#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat	data	#