Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

payment_copy2_receipt.exe

Status: finished
Submission Time: 2022-11-29 16:38:10 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    756109
  • API (Web) ID:
    1123385
  • Analysis Started:
    2022-11-29 16:41:08 +01:00
  • Analysis Finished:
    2022-11-29 16:52:31 +01:00
  • MD5:
    9b8c61ded729ca6c9d5f7fded18eef27
  • SHA1:
    37fc137e9aa09fc01820cd90c851ca3aee6be72a
  • SHA256:
    c1609447bd7a2ee528d1f2145ebc3ad9a53efee61111824d22f935e497bac31f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 27/71
malicious
Score: 14/26
malicious

IPs

IP Country Detection
75.2.115.196
 United States
70.32.23.81
 United States
103.100.208.243
 Hong Kong
Click to see the 2 hidden entries
2.57.90.16
 Lithuania
34.110.163.134
 United States

Domains

Name IP Detection
stephapproved.com
 70.32.23.81
58777.zhanghonghong.com
 103.100.208.243
www.vnsuda.lol
 75.2.115.196
Click to see the 6 hidden entries
bem4u.shop
 2.57.90.16
www.bem4u.shop
 0.0.0.0
www.030332.com
 0.0.0.0
www.stephapproved.com
 0.0.0.0
www.coolfashionshop.xyz
 34.110.163.134
www.kahrabaonline.com
 160.121.219.144

URLs

Name Detection
http://www.stephapproved.com/veh0/
http://www.bem4u.shop/veh0/
http://www.stephapproved.com/veh0/?V8Olq=q2CkvjiufJAT9gG6R5hbib10Rbp6AiWeTKlSfCVYrUP+9/ZMp3UrZ4LyF/rVbhnSgdA59VnFYN1kGAwfQYzsaV6Pz6DbznSGjFMnhMTfrtcq&3fiPC=E4O8TXhX80iDs
Click to see the 22 hidden entries
http://www.030332.com/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=0RH+IT1kuvDJ9rkRmbuuDnrdLgu65XozQ/JOR96kX/EhF1f6QwJsxyvJPVJiAwnUlpNMH3LUUfaqGrsuBUI8TtociOaij3z8Rf/PV9bGuXJT
www.projectlis.online/veh0/
http://www.vnsuda.lol/veh0/
http://www.vnsuda.lol/veh0/?V8Olq=H0phgvfvKBma6gvwGBFiiA3aGB6x1tx+qpMzsOKL6mX4XVya54sThvMqL7EFeUWxYIJWwwUJaARTNC9BUuxdalfssqJOBdyR5lth/WdqURqv&3fiPC=E4O8TXhX80iDs
http://www.bem4u.shop/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=4D+PWXbgB4ogRjX6fs5PVj0HGmRsMlLoTFn3Q8gXNZCg8eDi41xcCT+RlNqelGXbdrjEsGoLW5hhUyw4icMG9EbpTIbOIKjETxFqhNsrxI+v
http://www.coolfashionshop.xyz/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=93LycRjWm4awEovVXWVYV+IJ3Jb7LKwjIdA7aRwoOX2ozYkISvzNjnqis/EaaxX4GW2e5S3JGCYnv5+dQS5WAoQqcporDra+I+tXDBzdj1sM
https://duckduckgo.com/chrome_newtab
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://www.coolfashionshop.xyz/veh0/
http://nsis.sf.net/NSIS_Error
https://search.yahoo.com?fr=crmas_sfp
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://nsis.sf.net/NSIS_ErrorError
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://search.yahoo.com?fr=crmas_sfpf
https://www.ecosia.org/search?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://cdn.ecosia.org/assets/images/ico/fP
https://duckduckgo.com/ac/?q=
https://www.coolfashionshop.xyz/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=93LycRjWm4awEovVXWVYV

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\fcvvthv.exe
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\nssAD55.tmp
 COM executable for DOS
 #
C:\Users\user\AppData\Local\Temp\abggklv.q
 data
 #
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\assakziryna.z
 data
 #
C:\Users\user\AppData\Local\Temp\n5335GITL
 SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
 #