top title background image

RFQ-Order_Sheet#43254363-Sept-21_signed-copy.exe

Status: finished

Submission Time: 2021-09-07 18:15:43 +02:00

Malicious

Trojan

Spyware

Evader

Remcos

Comments

Tags

Details

Analysis ID:
479213
API (Web) ID:
846787
Analysis Started:

2021-09-07 18:15:44 +02:00
Analysis Finished:

2021-09-07 18:29:16 +02:00
MD5:
06534c059b111776b838f793c6444622
SHA1:
7ebda7124a60de107a00960d9fe0563fd3cd2760
SHA256:
933a4d2abfdf0f91550a102808d00adace6eb9df89ea9e254e2df7601b02dd8f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
204.44.86.179	United States
162.159.135.233	United States

Domains

Name	IP	Detection
cdn.discordapp.com	162.159.135.233

URLs

Name	Detection
204.44.86.179

Dropped files

Name	File Type	Hashes	Detection
C:\Users\Public\Libraries\Cshgvzx\Cshgvzx.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\Public\Libraries\xzvghsC.url	MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Cshgvzx\\Cshgvzx.exe">), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Cshgvzxpdvyucjurgvmywubhtofxefb[1]	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Cshgvzxpdvyucjurgvmywubhtofxefb[2]	data	#