top title background image
flash

INQUIRY.exe

Status: finished
Submission Time: 2020-11-18 14:56:27 +01:00
Malicious
Phishing
Trojan
Spyware
Evader
HawkEye MailPassView

Comments

Tags

  • exe
  • HawkEye

Details

  • Analysis ID:
    319686
  • API (Web) ID:
    541173
  • Analysis Started:
    2020-11-18 15:00:58 +01:00
  • Analysis Finished:
    2020-11-18 15:17:18 +01:00
  • MD5:
    0b940145d7d02e5b1b975c99dd5197a4
  • SHA1:
    53ae0b576f7b362b90a25ace1470d33068db4490
  • SHA256:
    bf487ff7cdbbd998b633b1858a939d8c808bcce65ab9937695475b39deea70a8
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 31/71
malicious
Score: 20/48

IPs

IP Country Detection
166.62.27.57
United States
104.16.154.36
United States
104.16.155.36
United States

Domains

Name IP Detection
mail.iigcest.com
166.62.27.57
121.205.6.0.in-addr.arpa
0.0.0.0
whatismyipaddress.com
104.16.154.36

URLs

Name Detection
http://www.galapagosdesign.com/
http://en.w
http://www.jiyu-kobo.co.jp/jp/
Click to see the 77 hidden entries
http://go.microsoft.LinkId=42127
http://whatismyipaddress.com
http://go.microsoft.
http://www.carterandcone.comTC
http://www.fontbureau.com/designers/cabarga.htmlu
https://whatismyipaddress.com
http://www.fontbureau.comnc.
http://www.carterandcone.comn
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
https://whatismyipaddress.com/
http://www.carterandcone.comtig
http://www.fontbureau.com=
http://www.fontbureau.comTTFF
http://www.sakkal.com
http://www.carterandcone.como.
http://www.carterandcone.comTC(
http://www.fontbureau.comlvfet
http://www.carterandcone.comsm
http://www.jiyu-kobo.co.jp/_
http://www.tiro.comic
http://www.fontbureau.comalsd=
http://www.fontbureau.com/designers8
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designershq
http://www.carterandcone.com$p
http://www.fontbureau.coms
http://www.zhongyicts.com.cn
http://www.fontbureau.com/designers/cabarga.html
http://www.jiyu-kobo.co.jp/s
http://www.fontbureau.com/designers/frere-user.html
http://www.founder.com.cn/cn
http://www.fontbureau.comm=
http://www.fontbureau.comk
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.carterandcone.comle
http://www.carterandcone.coml
http://www.tiro.com
http://www.fontbureau.com/designerslb
http://www.jiyu-kobo.co.jp/cheV
http://www.carterandcone.com0p
http://www.carterandcone.com
http://www.goodfont.co.kr
http://www.fontbureau.comessed
http://www.jiyu-kobo.co.jp/s/
http://www.fontbureau.comepko
http://www.fontbureau.com/designers
http://www.jiyu-kobo.co.jp/jp/=
http://www.jiyu-kobo.co.jp/jp//
http://www.carterandcone.comandh
http://www.jiyu-kobo.co.jp/Treb
http://www.fontbureau.comsiv&
http://www.jiyu-kobo.co.jp/typo
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://whatismyipaddress.com/-
http://www.nirsoft.net/
http://whatismyipaddress.com/
http://www.urwpp.deDPlease
http://www.site.com/logs.php
http://www.sandoll.co.kr
http://www.fonts.com
https://login.yahoo.com/config/login
http://www.fontbureau.comgrito
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/://w
http://www.fontbureau.com/designersd
http://www.carterandcone.comMic
http://www.carterandcone.comits
http://www.carterandcone.comTCE
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.sajatypeworks.com

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_INQUIRY.exe_9acf60ae8258c649d949998398a696799dd6ab7_31a5ab7c_1a2a4622\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB44.tmp.mdmp
Mini DuMP crash report, 14 streams, Wed Nov 18 14:02:53 2020, 0x60521 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CAE.tmp.mdmp
Mini DuMP crash report, 14 streams, Wed Nov 18 14:03:43 2020, 0x60521 type
#
Click to see the 23 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B59.tmp.mdmp
Mini DuMP crash report, 14 streams, Wed Nov 18 14:02:15 2020, 0x60521 type
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_INQUIRY.exe_9acf60ae8258c649d949998398a696799dd6ab7_31a5ab7c_0466ea22\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8933.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\pidloc.txt
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\pid.txt
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\holderwb.txt
Little-endian UTF-16 Unicode text, with no line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFF4.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF38.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6FC.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3AF.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B0B.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER89A3.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_1a860a22\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8867.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_009f3881\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6389.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6231.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER310F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3106.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3043.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E55.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_18bf7163\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_1b4a9849\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#