Register Login

sloganpng

top title background image

SO20GTC00046.exe

Status: finished

Submission Time: 2020-10-30 17:11:50 +01:00

Malicious

Trojan

Evader

AgentTesla

Comments

Tags

Details

Analysis ID:
307690
API (Web) ID:
517174
Analysis Started:

2020-10-30 17:11:51 +01:00
Analysis Finished:

2020-10-30 17:19:44 +01:00
MD5:
c69ada465291f4881b7643d3ffef5687
SHA1:
0d545cd5bdc4215aee705b6c4b62fb3e9d689bc3
SHA256:
28823e2dd26833e6b8c4b3e1988dcf44ae38794c20c9ce8adaaf60106652ddf9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 23/72

malicious

Score: 8/48

Domains

Name	IP	Detection
cdn.onenote.net	0.0.0.0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\tmp7BC7.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\FPftjmFZNWWOU.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SO20GTC00046.exe_cea2ed7dff41dd5e8ce0196ebb13a9166c163be_00000000_00c6f83a\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
Click to see the 3 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER85C9.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8667.tmp.xml	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\SO20GTC00046.exe.log	ASCII text, with CRLF line terminators	#