flash

payment_copy2_receipt.exe

Status: finished
Submission Time: 2022-11-29 16:38:10 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    756109
  • API (Web) ID:
    1123385
  • Analysis Started:
    2022-11-29 16:41:08 +01:00
  • Analysis Finished:
    2022-11-29 16:52:31 +01:00
  • MD5:
    9b8c61ded729ca6c9d5f7fded18eef27
  • SHA1:
    37fc137e9aa09fc01820cd90c851ca3aee6be72a
  • SHA256:
    c1609447bd7a2ee528d1f2145ebc3ad9a53efee61111824d22f935e497bac31f
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
27/71

malicious
14/26

malicious

IPs

IP Country Detection
75.2.115.196
United States
70.32.23.81
United States
103.100.208.243
Hong Kong
Click to see the 2 hidden entries
2.57.90.16
Lithuania
34.110.163.134
United States

Domains

Name IP Detection
stephapproved.com
70.32.23.81
58777.zhanghonghong.com
103.100.208.243
www.vnsuda.lol
75.2.115.196
Click to see the 6 hidden entries
bem4u.shop
2.57.90.16
www.bem4u.shop
0.0.0.0
www.030332.com
0.0.0.0
www.stephapproved.com
0.0.0.0
www.coolfashionshop.xyz
34.110.163.134
www.kahrabaonline.com
160.121.219.144

URLs

Name Detection
http://www.stephapproved.com/veh0/
http://www.bem4u.shop/veh0/
http://www.stephapproved.com/veh0/?V8Olq=q2CkvjiufJAT9gG6R5hbib10Rbp6AiWeTKlSfCVYrUP+9/ZMp3UrZ4LyF/rVbhnSgdA59VnFYN1kGAwfQYzsaV6Pz6DbznSGjFMnhMTfrtcq&3fiPC=E4O8TXhX80iDs
Click to see the 22 hidden entries
http://www.030332.com/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=0RH+IT1kuvDJ9rkRmbuuDnrdLgu65XozQ/JOR96kX/EhF1f6QwJsxyvJPVJiAwnUlpNMH3LUUfaqGrsuBUI8TtociOaij3z8Rf/PV9bGuXJT
www.projectlis.online/veh0/
http://www.vnsuda.lol/veh0/
http://www.vnsuda.lol/veh0/?V8Olq=H0phgvfvKBma6gvwGBFiiA3aGB6x1tx+qpMzsOKL6mX4XVya54sThvMqL7EFeUWxYIJWwwUJaARTNC9BUuxdalfssqJOBdyR5lth/WdqURqv&3fiPC=E4O8TXhX80iDs
http://www.bem4u.shop/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=4D+PWXbgB4ogRjX6fs5PVj0HGmRsMlLoTFn3Q8gXNZCg8eDi41xcCT+RlNqelGXbdrjEsGoLW5hhUyw4icMG9EbpTIbOIKjETxFqhNsrxI+v
http://www.coolfashionshop.xyz/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=93LycRjWm4awEovVXWVYV+IJ3Jb7LKwjIdA7aRwoOX2ozYkISvzNjnqis/EaaxX4GW2e5S3JGCYnv5+dQS5WAoQqcporDra+I+tXDBzdj1sM
https://duckduckgo.com/chrome_newtab
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://www.coolfashionshop.xyz/veh0/
http://nsis.sf.net/NSIS_Error
https://search.yahoo.com?fr=crmas_sfp
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://nsis.sf.net/NSIS_ErrorError
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://search.yahoo.com?fr=crmas_sfpf
https://www.ecosia.org/search?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://cdn.ecosia.org/assets/images/ico/fP
https://duckduckgo.com/ac/?q=
https://www.coolfashionshop.xyz/veh0/?3fiPC=E4O8TXhX80iDs&V8Olq=93LycRjWm4awEovVXWVYV

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\fcvvthv.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nssAD55.tmp
COM executable for DOS
#
C:\Users\user\AppData\Local\Temp\abggklv.q
data
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\assakziryna.z
data
#
C:\Users\user\AppData\Local\Temp\n5335GITL
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#