top title background image
flash

PO 67542 PDF.exe

Status: finished
Submission Time: 2021-01-20 18:45:49 +01:00
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore
  • RAT
  • Yahoo

Details

  • Analysis ID:
    342299
  • API (Web) ID:
    586541
  • Analysis Started:
    2021-01-20 18:45:50 +01:00
  • Analysis Finished:
    2021-01-20 18:55:14 +01:00
  • MD5:
    48e519f4c829c450926294170a30e1bb
  • SHA1:
    2427038220c0e5c9ab296467db4ddfcdeb83037d
  • SHA256:
    7de0221ea139d8db56886d9f794c167a8d569f9f740e3c353147592a96114648
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 68
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name Detection
http://ns.ado/Ident

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO 67542 PDF.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\a.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\InstallUtil.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a.lnk
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
#
C:\Users\user\AppData\Roaming\a.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\a.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#