top title background image
flash

SecuriteInfo.com.Win32.Trojan-gen.31819.28757.exe

Status: finished
Submission Time: 2022-11-29 10:37:16 +01:00
Malicious
Trojan
Evader
DBatLoader, FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    755939
  • API (Web) ID:
    1123214
  • Analysis Started:
    2022-11-29 10:40:46 +01:00
  • Analysis Finished:
    2022-11-29 10:53:48 +01:00
  • MD5:
    f536ea8fb5b6586bb2ffc764cd52abff
  • SHA1:
    313804060f2511b8382d369a3949d5524c1adaef
  • SHA256:
    e539f80082f961c600e6ff2a21e969d0641aa787831259d3fdd772b28d469721
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 22/72
malicious
Score: 6/40
malicious

IPs

IP Country Detection
13.107.43.12
United States
13.107.43.13
United States

Domains

Name IP Detection
l-0003.l-dc-msedge.net
13.107.43.12
l-0004.l-dc-msedge.net
13.107.43.13
onedrive.live.com
0.0.0.0
Click to see the 1 hidden entries
oyuurg.ph.files.1drv.com
0.0.0.0

URLs

Name Detection
www.brainbookgroup.com/nvp4/
http://www.autoitscript.com/autoit3/J
https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21850&authkey=AEcOcvbyHqeCMT0
Click to see the 1 hidden entries
https://oyuurg.ph.files.1drv.com/y4mJr27PXKP1w7VmweyBhr9jXuXcCKUmjp-l0AjYgYvmFILscr-gs1ZCYQgPakl85NdXiyluyI2K__n-DTHXtIuKBfix9QJgWA8xZXLmTFKCzO-QrrlJfjFNlxYKvj4CV1InzMNLAsu2pDihkqbVzbigQu3lZ2fbCWy9RogAq5NxzuJ1VRoowitd9q4QmyU6H1eR5JdbJA1JsNbjwDPqFHy3g/Iuigzwjduoa?download&psid=1

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Libraries\Iuigzwjd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\Public\Libraries\Iuigzwjd.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\Public\Libraries\Iuigzwjd
data
#
Click to see the 2 hidden entries
C:\Users\Public\Libraries\djwzgiuI.url
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Iuigzwjd.exe">), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Iuigzwjduoa[1]
data
#