Register Login

sloganpng

top title background image

RFQ.exe

Status: finished

Submission Time: 2021-02-25 12:12:34 +01:00

Malicious

Trojan

Adware

Evader

Nanocore

Comments

Tags

Details

Analysis ID:
358327
API (Web) ID:
618648
Analysis Started:

2021-02-25 12:15:39 +01:00
Analysis Finished:

2021-02-25 12:26:10 +01:00
MD5:
6733e06c6be5ca14ffc33763202f53c8
SHA1:
9412d3147b30a873b94e2d0f495eafdea1479ee1
SHA256:
72f30e8884110e06b133ecabfdbf523aef8cc5533273aa3e12afee785a5a45bc
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 7/47

URLs

Name	Detection
http://ns.adb
http://pki.goog/gsr2/GTS1O1.crt0
http://ns.adobe.c/g
Click to see the 9 hidden entries
http://crl.pki.goog/gsr2/gsr2.crl0?
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
http://ns.adobe.cobj
http://ocsp.pki.goog/gts1o1core0
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://schema.org/WebPage
http://crl.pki.goog/GTS1O1core.crl0
http://ns.ado/1

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\july\enrnus.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\july\enrnus.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\RegAsm.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#