Lakeringernes (1).exe

Status: finished

Submission Time: 2022-11-28 10:06:17 +01:00

Malicious

Trojan

Evader

Spyware

FormBook, GuLoader

Comments

Details

Analysis ID:
755081
API (Web) ID:
1122365
Analysis Started:

2022-11-28 10:08:54 +01:00
Analysis Finished:

2022-11-28 10:36:31 +01:00
MD5:
d70de507cc0d22e43ebcf8b61a273ea5
SHA1:
9818fba05573d67b834c90a3208faddea3446545
SHA256:
4dbcd711f2263775f0a1083e0541a07247736ba2fdaabf000654756f8c3dae67
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211		68/100
				System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering		100/100
						25/72
						20/26

IPs

IP	Country	Detection
156.254.172.36	Seychelles
154.213.44.213	Seychelles
154.204.24.45	Seychelles
Click to see the 13 hidden entries
162.0.238.93	Canada
96.43.100.185	United States
104.21.23.41	United States
156.230.149.244	Seychelles
3.64.163.50	United States
23.106.120.176	Singapore
66.29.151.40	United States
50.87.192.144	United States
103.63.2.175	Hong Kong
168.76.162.220	South Africa
104.21.48.6	United States
142.250.185.161	United States
142.250.184.206	United States

Domains

Name	IP	Detection
www.gouldent.site	66.29.151.40
www.caglaakdag.xyz	0.0.0.0
www.sabzi.lol	0.0.0.0
Click to see the 19 hidden entries
www.xn--29-oj9ik7b890b.net	0.0.0.0
www.techrocker.com	0.0.0.0
www.automotiveparts-store.com	0.0.0.0
www.aceadora.shop	104.21.23.41
www.planetthermo.net	154.213.44.213
www.rsvstudio.com	156.254.172.36
www.mangal20.com	156.230.149.244
www.plentywindshield.com	96.43.100.185
www.livinghopedoula.com	168.76.162.220
techrocker.com	23.106.120.176
www.005404.com	103.63.2.175
automotiveparts-store.com	162.0.238.93
www.youlian.fund	154.204.24.45
www.haveusstampsale.shop	104.21.48.6
xn--29-oj9ik7b890b.net	50.87.192.144
www.avatarworker.com	3.64.163.50
drive.google.com	142.250.184.206
googlehosted.l.googleusercontent.com	142.250.185.161
doc-00-7s-docs.googleusercontent.com	0.0.0.0

URLs

Name	Detection
http://www.techrocker.com/i036/
http://www.youlian.fund/i036/?k0GP1N2=LMIqSMdQ3q0mQ0O8E4Be7P+zrPM6Gg4aprrhhSoZXI8N9fokAeXZtK7CAx7jxtppbBVDda4uu0E3KjN/+XSSDpZJ6husVXmnlg==&Rzu=hV1Pon
http://www.aceadora.shop/i036/
Click to see the 97 hidden entries
http://www.aceadora.shop/i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK+63l9AWb1/ssE5X6NYSlv5byLnNWr+FpxZxtTvuFnXWw==&Rzu=hV1Pon
http://www.techrocker.com/i036/?k0GP1N2=Nt7we/gwvJafOenmPtqMdMQq0A5S+F0mCo2A/o6NNSBEDFrZxTdugE3hHqQHgmQnwi6pFnnhcgi6C1+qKckarzI1zqVfAVRktw==&Rzu=hV1Pon
http://www.gouldent.site/i036/
http://www.rsvstudio.com/i036/?k0GP1N2=ronhS2NZk+RpAH8xyVeuvsbzfj1G+JCO7SbBJB6VTjQ5GvCPMYygorm2sXuQ6whLqX4zWjebsFwcRWcR3e6VRFoMUbeOjCqRvg==&Rzu=hV1Pon
http://www.mangal20.com/i036/?k0GP1N2=Ypm+0+Vc/krk+syJRkmS/ZXdqh86ue5y1szx5SRmlweqmqT2L40Pqi55gxfwp+7cpcP0UgmrVUc/vOiRo42zU0SjFnllzv841Q==&Rzu=hV1Pon
http://www.haveusstampsale.shop/i036/
http://www.rsvstudio.com/i036/
http://www.livinghopedoula.com/i036/
http://www.mangal20.com/i036/
http://www.planetthermo.net/i036/
http://www.xn--29-oj9ik7b890b.net/i036/?k0GP1N2=BZwpaihTGJGWcZJSAe2sxznsnPej0JxCYfoQvgCgbuMQP061bK/C39YT663oVlO5elykthEFB/Dcn8VFPsLzIGidWMmSTKgllQ==&Rzu=hV1Pon
http://www.automotiveparts-store.com/i036/
www.techrocker.com/i036/
http://www.xn--29-oj9ik7b890b.net/i036/
http://www.livinghopedoula.com/i036/?k0GP1N2=gK12bHhqEy0e4Uj/ImUnYxfT+EkUqBjjVPatb5GnWKdwUy9sF2E4a2NySHYDGj5+R015BuqmsIpMnBRMM6PNmRTNIYpZBhLGAQ==&Rzu=hV1Pon
http://www.haveusstampsale.shop/i036/?k0GP1N2=DDTM8NTjTGQKNl9ZmiWQMqmzY5hUHu6DmELfmDs1vEv26+wpTDEFgWjPjGJv2unzSeE04u298BAHHYXe+vHUgcxZ13bZmjQmZA==&Rzu=hV1Pon
http://www.005404.com/i036/
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
https://drive.google.com/Czw
http://45.122.138.45/favicon.ico
http://push.zhanzhang.baidu.com/push.js
https://api.msn.com/?
https://powerpoint.office.comCallr
https://www.msn.com/en-us/news/politics/democratic-support-for-suprem0
https://www.aceadora.shop/i036/?k0GP1N2=KIxzD5HsRZBgKJlqtD/Z5Gj6Z8qoplCrxdfuDjJNx/1c9AJO6VXMMK
http://schemas.micro
http://crl.certum.pl/ctnca2.crl0l
https://excel.office.como
http://xn--299aa717y.xn--3e0b707e/
https://wordpress.org
http://crl.certum.pl/ctsca2021.crl0o
http://www.plentywindshield.com/i036/?k0GP1N2=VaB2QWBCteskeZJAX4Hj3Mdw7Sfdvkj
https://ac.ecosia.org/autocomplete?q=
http://xn--299aa717y.xn--3e0b707e/wp-includes/blocks/navigation/view-modal.min.js?ver=45f05135277abf
http://www.foreca.com
https://zz.bdstatic.com/linksubmit/push.js
https://api.w.org/
https://aka.ms/odirmDRIVE=C
http://www.litespeedtech.com/error-page
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://crash-reports.mozilla.com/submit?id=
http://repository.certum.pl/ctnca.cer09
http://subca.ocsp-certum.com05
http://mangal20.com/i036/?k0GP1N2=Ypm
https://www.msn.com/en-us/news/politics/graham-tries-t
http://xn--299aa717y.xn--3e0b707e/xmlrpc.php?rsd
https://android.notify.windows.com/iOSe/
http://xn--299aa717y.xn--3e0b707e/wp-includes/blocks/navigation/view.min.js?ver=c24330f635f5cb9d5e0e
http://repository.certum.pl/ctnca2.cer09
https://android.notify.windows.com/iOS
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
http://subca.ocsp-certum.com01
http://subca.ocsp-certum.com02
https://js.users.51.la/21461531.js
https://wns.windows.com/
https://outlook.comx86)
https://uk.search.yahoo.com/sugg/chrom
https://drive.google.com/
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://repository.certum.pl/ctsca2021.cer0
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
http://xn--299aa717y.xn--3e0b707e
https://word.office.comle
http://www.gopher.ftp://ftp.
http://www.certum.pl/CPS0
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
https://excel.office.com
https://deff.nelreports.net/api/report?cat=msn
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppam
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
http://xn--299aa717y.xn--3e0b707e/wp-json/
http://www.avatarworker.com/
https://api.msn.com:443/v1/news/Feed/Windows?
https://duckduckgo.com/ac/?q=
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://api.msn.com/v1/news/Feed/Windows?
https://www.automotiveparts-store.com/i036/?k0GP1N2=30w/opVeBRN2BD0
https://duckduckgo.com/chrome_newtab
http://nsis.sf.net/NSIS_Error
http://xn--299aa717y.xn--3e0b707e/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
https://doc-00-7s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/fgrm3mfa
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
https://outlook.comriH
http://www.plentywindshield.com/
http://nsis.sf.net/NSIS_ErrorError
http://xn--299aa717y.xn--3e0b707e/wp-content/themes/twentytwentytwo/style.css?ver=1.3
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
https://doc-00-7s-docs.googleusercontent.com/
http://xn--299aa717y.xn--3e0b707e/comments/feed/
http://microsoft.co
http://xn--299aa717y.xn--3e0b707e/feed/
http://crl.certum.pl/ctnca.crl0k
http://www.microsoft.c-
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
https://word.office.com
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\752cuCH8	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 5, database pages 59, cookie 0x4f, schema 4, UTF-8, version-valid-for 5	#
C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\Graviton\Kvle\Materialiseringerne\Antenneanlgget\Custom3.ini	Generic INItialization configuration [Effect2]	#
C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\Graviton\Kvle\Materialiseringerne\Antenneanlgget\Invirility.Hus	data	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\Distressingly\Bloods\Ultraevangelical\histopathologist.Clo	data	#
C:\Users\user\AppData\Local\Temp\Dybfrossen.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\nsbCBD1.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

Lakeringernes (1).exe

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Lakeringernes (1).exe Options

Comments

Tags

Available tags:

Details

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

Lakeringernes (1).exe