Register Login

sloganpng

top title background image

Quotation-doc4.exe

Status: finished

Submission Time: 2020-10-28 09:38:37 +01:00

Malicious

Trojan

Evader

FormBook

Comments

Tags

Details

Analysis ID:
306494
API (Web) ID:
514745
Analysis Started:

2020-10-28 10:05:39 +01:00
Analysis Finished:

2020-10-28 10:16:52 +01:00
MD5:
e0f26a611611483e49ad20990aa2eab8
SHA1:
a9d2a488ee361c47ebd9a9e216a3f350245151b8
SHA256:
1d52a0e43063bbfa96ddef498339a154c08950af5766bd160219751742b3d89f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 9/48

Domains

Name	IP	Detection
www.smuxgguidl.net	103.227.190.70

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Quotation-doc4.e_f0c0b94ce77d63391f6afe89dc735a6372b56f7e_da136e1b_193fb71f\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER77A5.tmp.dmp	Mini DuMP crash report, 14 streams, Wed Oct 28 17:07:50 2020, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DDD.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9168.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\5fe04141-d3b5-4927-8ee5-5a463e534407\njn.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\AddInProcess32.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\b35bc50e-fc56-4239-a7d0-bb79118b31c9\AgileDotNetRT.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#