flash

ASGT(Al Sahoo General Trading) - RFQ.exe

Status: finished
Submission Time: 14.09.2021 13:16:42
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • nanocore

Details

  • Analysis ID:
    483055
  • API (Web) ID:
    850619
  • Analysis Started:
    14.09.2021 13:33:41
  • Analysis Finished:
    14.09.2021 13:49:18
  • MD5:
    f981ae4dae49248c03dd86b5508ec434
  • SHA1:
    680901b0a898a68ff04cbaafb851e28294d06d03
  • SHA256:
    ef45c55d9b3fd183f6c9b4e0359005fa6052fa4155de07129b839056b7cc26e9
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
23/67

URLs

Name Detection
http://www.fontbureau.com/designers/frere-jones.html
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://www.jiyu-kobo.co.jp/
Click to see the 48 hidden entries
https://www.newtonsoft.com/jsonschema
http://www.fontbureau.com/designers8
https://www.nuget.org/packages/Newtonsoft.Json.Bson
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://ocsp.sectigo.com0
http://www.fontbureau.com/designers?
https://contoso.com/License
http://www.tiro.com
https://www.newtonsoft.com/json
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://google.com
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
https://contoso.com/
https://nuget.org/nuget.exe
https://sectigo.com/CPS0C
https://sectigo.com/CPS0D
http://www.galapagosdesign.com/DPlease
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.nirsoft.net/
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
http://nuget.org/NuGet.exe
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://go.micro
https://contoso.com/Icon
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://www.microsoft.
http://www.fontbureau.coma
https://github.com/Pester/Pester
http://james.newtonking.com/projects/json
http://www.carterandcone.coml
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ASGT(Al Sahoo General Trading) - RFQ.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\ASGT(Al Sahoo General Trading) - RFQ.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ASGT(Al Sahoo General Trading) - RFQ.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Temp\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myxpcstart.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myxpcstart.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2icawshj.zys.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ufcdmgif.vi3.ps1
very short file (no magic)
#
C:\Users\user\Documents\20210914\PowerShell_transcript.899552.sqqflWff.20210914133456.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#