top title background image
flash

TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE

Status: finished
Submission Time: 2021-01-22 07:27:44 +01:00
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • EXE
  • NanoCore

Details

  • Analysis ID:
    343026
  • API (Web) ID:
    587998
  • Analysis Started:
    2021-01-22 07:29:39 +01:00
  • Analysis Finished:
    2021-01-22 07:40:45 +01:00
  • MD5:
    d40d97b41a353bc42b0e7ebe451886d9
  • SHA1:
    8e416c76489782a32eade1b03bcd26dce3f19a82
  • SHA256:
    23b46a12d6b6a703b8e588d24f3c0018cf749556b021b514b963587e7adaa25b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 9/37
malicious
Score: 16/27

IPs

IP Country Detection
91.193.75.155
Serbia

Domains

Name IP Detection
mimi121.duckdns.org
91.193.75.155

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\tmp731A.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp7609.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#