top title background image
flash

INQUIRY 101.exe

Status: finished
Submission Time: 2020-10-28 09:24:59 +01:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    306474
  • API (Web) ID:
    514719
  • Analysis Started:
    2020-10-28 09:48:36 +01:00
  • Analysis Finished:
    2020-10-28 10:00:48 +01:00
  • MD5:
    96aa477270df3c087e5e061187664deb
  • SHA1:
    ba870bdfa665534bd004d766e8e9be0970b66b7f
  • SHA256:
    bc11d43402570bb02026b7faa3941e501f0784378c256233f24f20f042a5672c
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 20/64
malicious
Score: 8/48
malicious

IPs

IP Country Detection
172.67.142.40
United States
2.57.90.16
Lithuania
192.155.168.14
United States

Domains

Name IP Detection
www.911directpp.com
192.155.168.14
culturasagrada.com
2.57.90.16
ahgwqrq.xyz
172.67.142.40
Click to see the 2 hidden entries
www.appantoniojoin.com
0.0.0.0
www.culturasagrada.com
0.0.0.0

URLs

Name Detection
http://www.culturasagrada.com/gae/?BX6DK=7nO0&w0G=BsweQbPlvG7wc2GXkamY5/iGsRDSglSDDoz4BAnUtb8rpVFcbB4SdNd+qXy3xM07Ri/b

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_INQUIRY 101.exe_efc7d8438a901949dd8dfac4819f771403586fb_07714b94_19c6187c\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10D.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C9.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8FD.tmp.dmp
Mini DuMP crash report, 15 streams, Wed Oct 28 16:50:00 2020, 0x1205a4 type
#