flash

New PO-RJ-IN-003 - Knauf Queimados.exe

Status: finished
Submission Time: 2022-11-29 10:32:08 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    755933
  • API (Web) ID:
    1123209
  • Analysis Started:
    2022-11-29 10:32:08 +01:00
  • Analysis Finished:
    2022-11-29 10:44:59 +01:00
  • MD5:
    244fc9610f75225aa3dc09958195beb1
  • SHA1:
    ef0d6103d27090fc9d25e3ef3de2e1b6d9670d9c
  • SHA256:
    05cdda3567b913d99627f8e41336404d5830816df65e1001d6b2ad05bd9ed18d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
11/40

IPs

IP Country Detection
206.83.40.92
Canada
107.148.15.81
United States
74.208.236.65
United States
Click to see the 12 hidden entries
93.179.127.27
Canada
23.111.12.177
Singapore
74.208.236.214
United States
38.40.166.195
United States
192.185.90.105
United States
62.233.121.61
United Kingdom
188.114.97.3
European Union
178.208.83.20
Russian Federation
38.163.214.169
United States
172.67.214.243
United States
216.40.34.41
Canada
198.54.121.81
United States

Domains

Name IP Detection
www.frwqc.com
38.40.166.195
www.amspustaka.com
0.0.0.0
www.700544.com
0.0.0.0
Click to see the 18 hidden entries
www.tobewell.store
0.0.0.0
www.gmrsnodes.com
0.0.0.0
www.davidemarone.com
0.0.0.0
www.publickit.website
0.0.0.0
www.lee-perez.com
216.40.34.41
publickit.website
206.83.40.92
www.spirituallyzen.com
74.208.236.214
amspustaka.com
23.111.12.177
www.porggiret.site
198.54.121.81
gmrsnodes.com
192.185.90.105
pp.3105.net
93.179.127.27
www.oonrreward.xyz
188.114.97.3
www.new-thinking.digital
62.233.121.61
www.bookmygennie.com
38.163.214.169
www.tommy57.shop
74.208.236.65
tobewell.store
178.208.83.20
www.ybkos.link
107.148.15.81
www.dailyheraldresearch.com
172.67.214.243

URLs

Name Detection
http://www.amspustaka.com/m9ae/?F6z4=qV5DC7gvSDrvRRGewn1q/I/EwjqoLGbs6Pm0OHOL9iW03iXh+4kaxlrb2hUer6xMCUxzC2FjXkfJjvQV3jFRWlDNN37fVrd03A==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.spirituallyzen.com/m9ae/?F6z4=4ec4fK6CMrtHuja3pViXkl8dlfKAbA0cl+B6ZD+yu2XjTt2h0hV8coMCjgRVKURuW2bGAgNBkAmkGWEjBIBjWi0t+MmK3uNJiA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.amspustaka.com/m9ae/
Click to see the 63 hidden entries
http://www.lee-perez.com/m9ae/
http://www.700544.com/m9ae/
http://www.gmrsnodes.com/m9ae/
http://www.new-thinking.digital/m9ae/?F6z4=yeGgPnkUyrtnR7ayT+iAJkQi5P+hLqfzRu7/UIGlFriReHTN1+d7DIiWZVVmKJ4cvvB3dwEDWmLuBMYDpMvfxEUSQC8X9wPCmA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.bookmygennie.com/m9ae/?F6z4=6mtkb9sgLdU5EKgBox+sPzjX7gz7/N2rxrRH87049IJ0dh9Tn6WPD5ftVfyzJnBGA3PJpfJHiW/BJrwPQwZWSWvRAWejN4CLLw==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.porggiret.site/m9ae/
http://www.tobewell.store/m9ae/?F6z4=IYAlNlE+FJHaxy8xKQwy2r7+8XL3SaTnyfpqtFACBxvA1+IYQm/X+/KTYzdsJPpQzBa/f1IulPzZtkKHtHHlpgqy4oXa9op1jw==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.frwqc.com/m9ae/
http://www.ybkos.link/m9ae/?F6z4=19Acn/cRxsS2hMIvbksqz2Fo9/tvE3PmoTWmDY67F7eOm0DJL1plqZyOKvwSm3g2XK4MIkQK6hC8KTphNB2J9vZOQC2YpVwH6g==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.publickit.website/m9ae/?F6z4=XxObD+bozu8R8o86HZokIAwRDcTSUgt1X0zVs8jY2xx2j7amGX2Nanqc4HjuSpD/F/TSiqNoyiNwTcXhTU7ob6qQALfoq6EoqQ==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.tommy57.shop/m9ae/?F6z4=SKemUsRCc/T/1VtJMmoBZUTfzvZVAKOrpHPFHv5bIcLS1NPOIJ3jWavklE8DT12a+oeWOwZfdDSidPGYCemgiB/muCJBu0rQaA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.dailyheraldresearch.com/m9ae/?F6z4=q+GqSbkO5kqO+W9u2R8uyv/azK/Tyw9Ktq6EIVL87IABA33EfP0KANVapKUQlEGAPHMNZ2Czo2C9EtWkfzzg2b9ydKIDbcUulA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.porggiret.site/m9ae/?F6z4=la9UBuDbTkNYLSjTdKhHvd+t7tYwPiF7FtZOQELnOBzejFZlEJsWuQ55NoeYz7TqoHjnmCP3NdRIHdLBoOXytpXMXLmthCtowg==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.dailyheraldresearch.com/m9ae/
http://www.spirituallyzen.com/m9ae/
http://www.gmrsnodes.com/m9ae/?F6z4=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6Kyw289k0D2VxhyA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.bookmygennie.com/m9ae/
www.spirituallyzen.com/m9ae/
http://www.tommy57.shop/m9ae/
http://www.ybkos.link/m9ae/
http://www.lee-perez.com/m9ae/?F6z4=nJLDtYwD0af/ePmsJ0ZKjiSVJI8rGVPKc+UQspc6K5yuMKQDKTWfrb6tVbro5/Rq1DJ6W8y/y+8M88qCUODrzxtLw2C30JMyEA==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.700544.com/m9ae/?F6z4=Mu7XrmbNuBpRkVuoTBGU/iHqS/OhVA7Any/uXbqYT12baRfdD/rxJiFT6KJrK4J1cV2pSA20UCfshAzQrgjlnBPfig9iswk20g==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.frwqc.com/m9ae/?F6z4=pynBU+gmcVJLvmAk24XYTH3CuEH61wNq2RizpB0aNcQM45kGiq+MbQwB99t5gTqC+tvIVg5qQAlCnSYFpOBmFRnmyN3XSGsj5w==&mN6Hg=kRq8Chx0sXs4Nnu0
http://www.publickit.website/m9ae/
http://www.new-thinking.digital/m9ae/
http://www.tobewell.store/m9ae/
https://www.hover.com/?source=parked
https://ac.ecosia.org/autocomplete?q=
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://www.hover.com/tos?source=parked
https://mchost.ru/
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://nsis.sf.net/NSIS_ErrorError
http://nsis.sf.net/NSIS_Error
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://gmpg.org/xfn/11
https://twitter.com/hover
https://search.yahoo.com?fr=crmas_sfp
http://oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
https://www.instagram.com/hover_domains
https://supportservices.easyspace.com/
https://controlpanel.easyspace.com/
https://search.yahoo.com?fr=crmas_sfpf
https://www.easyspace.com/assets/images/structure/easyspace-logo-main.svg
https://www.hover.com/email?source=parked
https://www.hover.com/about?source=parked
http://www.oonrreward.xyz
https://www.hover.com/domains/results
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
https://www.hover.com/tools?source=parked
https://help.hover.com/home?source=parked
http://code.jquery.com/jquery-3.3.1.min.js
https://www.hover.com/domain_pricing?source=parked
https://www.hover.com/privacy?source=parked
http://www.autoitscript.com/autoit3/J
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://www.hover.com/transfer_in?source=parked
https://www.easyspace.com/
https://www.hover.com/renew?source=parked

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\jaxdij.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nsqB9A3.tmp
COM executable for DOS
#
C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 11 hidden entries
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rubthqnwyfue.exe_1078f5d9a12c4fe091b0b1b063f9270e1879244_c652c34e_0b3f82dd\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rubthqnwyfue.exe_1078f5d9a12c4fe091b0b1b063f9270e1879244_c652c34e_15731f22\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1493.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Nov 29 18:33:27 2022, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1753.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1810.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER206.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A3.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF75.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Nov 29 18:33:21 2022, 0x1205a4 type
#
C:\Users\user\AppData\Local\Temp\456b6ELMQ
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\eojsm.wx
data
#
C:\Users\user\AppData\Local\Temp\uqnwrddys.k
data
#