RFQ_GGMC-Ref 12-01-2022.exe

Status: finished

Submission Time: 2022-01-12 08:58:19 +01:00

Malicious

Trojan

Evader

AgentTesla AsyncRAT Nanocore

Comments

Details

Analysis ID:
551470
API (Web) ID:
918993
Analysis Started:

2022-01-12 09:01:01 +01:00
Analysis Finished:

2022-01-12 09:16:28 +01:00
MD5:
9fd45110bad75cda6de67232014aeb6e
SHA1:
a43016fa816afd1693fb7f266dd032fd7f061c35
SHA256:
b586ca95ba9557f7ad2434d01f96ff191b77541670894df3b78aa3a8312ae092
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 18/68

IPs

IP	Country	Detection
89.238.150.43	United Kingdom

URLs

Name	Detection
http://igaeditor.sourceforge.net/ohttp://www.totalbf2142.com/forums/showthread.php?t=5342
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
Click to see the 46 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
http://micolous.id.au
http://micolous.id.au/projects/bf2142/
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://igaeditor.sourceforge.net/
http://igaeditor.sourceforge.net/latest.txt
http://igaeJZ.so
http://www.pcgamingboards.com/smf/index.php?topic=129.msg279#msg279
http://www.sandoll.co.kr
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://registry.gimp.org/plugin?id=4816
http://www.jiyu-kobo.co.jp/
https://sourceforge.net/project/showfiles.php?group_id=181663
http://www.fontbureau.com/designers8
http://developer.nvidia.com/object/photoshop_dds_plugins.html
http://developer.nvidia.com/object/photoshop_dds_plugins.htmlyhttp://developer.nvidia.com/object/dds
http://micolous.id.au/
http://www.goodfont.co.kr
http://igaeditor.sourceforge.net/wiki/
http://ati.amd.com/developer/compressonator.html
http://www.fontbureau.com/designers/?
https://sourceforge.net/project/showfiles.php?group_id=181663Mhttp://igaeditor.sourceforge.net/wiki/
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.radgametools.com/bnkdown.htm
http://developer.nvidia.com/object/dds_thumbnail_viewer.html
http://micolous.id.au/projects/bf21
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.fontbureau.com/designersG
http://www.gimp.org/windows/
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.totalbf2142.com/forums/showthread.php?t=5342
https://sourceforge.net/svn/?group_id=181663
http://www.galapagosdesign.com/DPlease
http://micolous.id.au/projects/bf2142/.
http://www.fonts.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ_GGMC-Ref 12-01-2022.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\mozille.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmp71CD.tmp	XML 1.0 document, ASCII text	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mozille.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2x3ucvgo.4eb.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cfrruvyb.luy.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svjneimu.gkz.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqgzyu5l.f34.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat	DOS batch file, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20220112\PowerShell_transcript.138727.F_iUYR88.20220112090240.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20220112\PowerShell_transcript.138727.fhx+G1tL.20220112090212.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
\Device\Null	ASCII text, with CRLF line terminators, with overstriking	#

RFQ_GGMC-Ref 12-01-2022.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

RFQ_GGMC-Ref 12-01-2022.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

RFQ_GGMC-Ref 12-01-2022.exe