INQUIRY.exe

Status: finished

Submission Time: 18.11.2020 14:56:27

Malicious

Phishing

Trojan

Spyware

Evader

HawkEye MailPassView

Comments

Details

Analysis ID:
319686
API (Web) ID:
541173
Analysis Started:

18.11.2020 15:00:58
Analysis Finished:

18.11.2020 15:17:18
MD5:
0b940145d7d02e5b1b975c99dd5197a4
SHA1:
53ae0b576f7b362b90a25ace1470d33068db4490
SHA256:
bf487ff7cdbbd998b633b1858a939d8c808bcce65ab9937695475b39deea70a8
Technologies:

Engines
IOCs

IOC Report	Info	Score

New	System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211	100/100
		31/71
		20/48

IPs

IP	Country	Detection
166.62.27.57	United States
104.16.154.36	United States
104.16.155.36	United States

Domains

Name	IP	Detection
mail.iigcest.com	166.62.27.57
121.205.6.0.in-addr.arpa	0.0.0.0
whatismyipaddress.com	104.16.154.36

URLs

Name	Detection
http://www.jiyu-kobo.co.jp/://w
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
Click to see the 77 hidden entries
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.jiyu-kobo.co.jp/typo
http://www.fontbureau.comsiv&
http://www.jiyu-kobo.co.jp/Treb
http://www.carterandcone.comandh
http://www.jiyu-kobo.co.jp/jp//
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.fontbureau.comepko
http://www.jiyu-kobo.co.jp/s/
http://www.fontbureau.comessed
http://www.goodfont.co.kr
http://www.carterandcone.com
http://www.carterandcone.com0p
http://www.jiyu-kobo.co.jp/cheV
http://www.fontbureau.com/designerslb
http://www.jiyu-kobo.co.jp/jp/=
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.carterandcone.comTCE
http://www.carterandcone.comits
http://www.carterandcone.comMic
http://www.fontbureau.com/designersd
http://whatismyipaddress.com/-
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.comgrito
https://login.yahoo.com/config/login
http://www.fonts.com
http://www.sandoll.co.kr
http://www.site.com/logs.php
http://www.urwpp.deDPlease
http://whatismyipaddress.com/
http://www.nirsoft.net/
http://www.zhongyicts.com.cn
http://www.carterandcone.comTC(
http://www.carterandcone.como.
http://www.sakkal.com
http://www.fontbureau.comTTFF
http://www.fontbureau.com=
http://www.carterandcone.comtig
https://whatismyipaddress.com/
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.galapagosdesign.com/
http://www.fontbureau.comnc.
https://whatismyipaddress.com
http://www.fontbureau.com/designers/cabarga.htmlu
http://www.carterandcone.comTC
http://go.microsoft.
http://whatismyipaddress.com
http://go.microsoft.LinkId=42127
http://www.jiyu-kobo.co.jp/jp/
http://en.w
http://www.carterandcone.comn
http://www.carterandcone.coml
http://www.carterandcone.comle
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.comk
http://www.fontbureau.comm=
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-user.html
http://www.jiyu-kobo.co.jp/s
http://www.fontbureau.com/designers/cabarga.html
http://www.fontbureau.comlvfet
http://www.fontbureau.coms
http://www.carterandcone.com$p
http://www.fontbureau.com/designershq
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.fontbureau.comalsd=
http://www.tiro.comic
http://www.jiyu-kobo.co.jp/_
http://www.carterandcone.comsm

Dropped files

Name	File Type	Hashes
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_INQUIRY.exe_9acf60ae8258c649d949998398a696799dd6ab7_31a5ab7c_0466ea22\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_INQUIRY.exe_9acf60ae8258c649d949998398a696799dd6ab7_31a5ab7c_1a2a4622\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B59.tmp.mdmp	Mini DuMP crash report, 14 streams, Wed Nov 18 14:02:15 2020, 0x60521 type	#
Click to see the 23 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CAE.tmp.mdmp	Mini DuMP crash report, 14 streams, Wed Nov 18 14:03:43 2020, 0x60521 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB44.tmp.mdmp	Mini DuMP crash report, 14 streams, Wed Nov 18 14:02:53 2020, 0x60521 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFF4.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\holderwb.txt	Little-endian UTF-16 Unicode text, with no line terminators	#
C:\Users\user\AppData\Roaming\pid.txt	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\pidloc.txt	ASCII text, with no line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_009f3881\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_18bf7163\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_1a860a22\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_inquiry.exe_e6c573bafb277a8e53b04fdad891cf6b8aba558_00000000_1b4a9849\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E55.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3043.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3106.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER310F.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6231.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6389.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8867.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8933.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER89A3.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B0B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3AF.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6FC.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF38.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#

INQUIRY.exe

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

INQUIRY.exe Options

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

INQUIRY.exe