flash

Lc8xQv8iZY.exe

Status: finished
Submission Time: 2022-11-30 01:23:12 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • 32
  • exe
  • Formbook
  • trojan

Details

  • Analysis ID:
    756323
  • API (Web) ID:
    1123603
  • Analysis Started:
    2022-11-30 01:23:15 +01:00
  • Analysis Finished:
    2022-11-30 01:34:11 +01:00
  • MD5:
    30571d64c9a9ed267159fa941a20840c
  • SHA1:
    bfb81d8a7c94781b3bd939bd17d500ae61b2ff70
  • SHA256:
    85d6c9eac93fb8818d37dc15110ebd060b3e9df48043ee6bcf349df6aed047c5
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
34/72

malicious
14/26

malicious

IPs

IP Country Detection
192.185.217.47
United States
206.233.197.135
United States
155.159.61.221
South Africa
Click to see the 4 hidden entries
154.22.100.62
United States
162.214.129.149
United States
2.57.90.16
Lithuania
192.185.35.86
United States

Domains

Name IP Detection
www.patrickguarte.com
155.159.61.221
brennancorps.info
2.57.90.16
lopezmodeling.com
192.185.35.86
Click to see the 8 hidden entries
www.foxwhistle.com
154.22.100.62
eufidelizo.com
192.185.217.47
www.lyonfinancialusa.com
206.233.197.135
www.afterdarksocial.club
162.214.129.149
www.eufidelizo.com
0.0.0.0
www.brennancorps.info
0.0.0.0
www.19t221013d.tokyo
0.0.0.0
www.lopezmodeling.com
0.0.0.0

URLs

Name Detection
http://www.foxwhistle.com/henz/
http://www.lopezmodeling.com/henz/
http://www.patrickguarte.com/henz/?4hq=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYcUTUl/8YIp7EDwQ==&o8=wR-h28Gxg
Click to see the 25 hidden entries
http://www.patrickguarte.com/henz/
http://www.brennancorps.info/henz/?4hq=P4ST2IJPckjMYpRf2FLdq0axEROKy7OOggEf6mHPhnME1yGBMW0egmkxYDI06dmXm7z7OVgXWzJ+YqSrULYkiycbwQA+qKMVmQ==&o8=wR-h28Gxg
http://www.lopezmodeling.com/henz/?4hq=dpH6BKfQQ0cm5Imeo72RAP4DEbjLNfLp0vSyI4bn1RZjePkdeS9augOMgWVykt+ztx1R3MJW/gsn5nuFARzMtUktTfqb4tJ3+A==&o8=wR-h28Gxg
http://www.lyonfinancialusa.com/henz/
http://www.brennancorps.info/henz/
http://www.eufidelizo.com/henz/?4hq=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&o8=wR-h28Gxg
http://www.afterdarksocial.club/henz/
www.brennancorps.info/henz/
https://search.yahoo.com?fr=crmas_sfp
http://gmpg.org/xfn/11
http://nsis.sf.net/NSIS_Error
https://hm.baidu.com/hm.js?d0766413c666e394f861185086d7f52f
http://206.119.101.137/ak_Address/Address.js
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://code.jquery.com/jquery-3.3.1.min.js
https://ac.ecosia.org/autocomplete?q=
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://nsis.sf.net/NSIS_ErrorError
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://search.yahoo.com?fr=crmas_sfpf
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
http://www.autoitscript.com/autoit3/J

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\hvbvmxm.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\-ODfqI49
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\ijamguwvje.h
data
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\nsaAF5F.tmp
data
#
C:\Users\user\AppData\Local\Temp\ocoimqmpj.ep
data
#