top title background image
flash

DN8slYDJr3.exe

Status: finished
Submission Time: 2022-05-15 05:53:16 +02:00
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • exe
  • NanoCore
  • RAT

Details

  • Analysis ID:
    626765
  • API (Web) ID:
    994269
  • Analysis Started:
    2022-05-15 05:53:17 +02:00
  • Analysis Finished:
    2022-05-15 06:02:08 +02:00
  • MD5:
    a6fe8903e741154bc80352d0ee73efff
  • SHA1:
    772e00c83eeae03ea4c7433f737b8d6a1d8b967e
  • SHA256:
    63ad21733d5e1db06faa9c863422889ae1f185116e02b45a50259e286ee42e50
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 38/68
malicious
Score: 26/41
malicious

IPs

IP Country Detection
109.248.150.171
Russian Federation

Domains

Name IP Detection
mallow.3utilities.com
109.248.150.171

URLs

Name Detection
mallow2.3utilities.com
mallow.3utilities.com
http://www.fontbureau.comalsF1
Click to see the 60 hidden entries
http://en.wikipedia
http://www.jiyu-kobo.co.jp/jp/r
http://www.fontbureau.comgretao
http://www.galapagosdesign.com/
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.sandoll.co.kr
http://www.founder.com.cn/cnr-cM
http://www.fontbureau.commr
http://www.sakkal.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.fonts.com
http://www.sajatypeworks.come%
http://www.founder.com.cn/cna-di
http://www.fontbureau.commV
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.comd
http://en.w
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.fontbureau.coma3
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.fontbureau.comituV
http://www.jiyu-kobo.co.jp/d
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.comI.TTF
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.jiyu-kobo.co.jp/jp/H
http://www.sajatypeworks.com;
http://www.sajatypeworks.comivd
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.founder.com.cn/cnH
http://www.fontbureau.comalsF
http://www.founder.com.cn/cnB
http://www.sajatypeworks.com
http://www.typography.netD
http://www.jiyu-kobo.co.jp/%
http://www.jiyu-kobo.co.jp/:
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.fontbureau.comueetd
http://www.jiyu-kobo.co.jp/3
http://www.galapagosdesign.com/JQ
http://www.jiyu-kobo.co.jp/Y0o
http://www.fontbureau.com3
http://www.fontbureau.comcom
http://www.sajatypeworks.comaH
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/Y0V
http://www.sajatypeworks.com_
http://www.fontbureau.com/designersG

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DN8slYDJr3.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp2ADE.tmp
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
#
Click to see the 9 hidden entries
C:\Users\user\AppData\Roaming\IulEJNIqTKEFv.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\IulEJNIqTKEFv.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhkev1fh.4vf.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2k5xmri.aaz.psm1
very short file (no magic)
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
data
#
C:\Users\user\Documents\20220515\PowerShell_transcript.347688.VGMBSiq0.20220515055521.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#