Register Login

sloganpng

top title background image

iqfpdjey.cmd

Status: finished

Submission Time: 2020-12-03 10:07:57 +01:00

Malicious

Comments

Tags

Details

Analysis ID:
326339
API (Web) ID:
554481
Analysis Started:

2020-12-03 10:07:58 +01:00
Analysis Finished:

2020-12-03 10:13:27 +01:00
MD5:
ebc549adacb4bd69742227f9b4d06b30
SHA1:
17a8eaca90e42e5c6b494e6586a8d1e66d8e9dc3
SHA256:
97375803f9b120384077a144306e792d7f5a71e358f34161b2cf9a42d10d009e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 52	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name	Detection
http://pesterbdd.com/images/Pester.png
http://nuget.org/NuGet.exe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Click to see the 7 hidden entries
http://www.apache.org/licenses/LICENSE-2.0.html
http://crl.v
https://github.com/Pester/Pester
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1qr4vknk.ur2.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zi4nuspm.wae.ps1	very short file (no magic)	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\add375f568547c9bc8c38d92878f1.lnk	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized	#
C:\Users\user\Documents\20201203\PowerShell_transcript.414408.4OQwtEdb.20201203100851.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#