top title background image
flash

DHL_SHIPPING_DOCUMENT.exe

Status: finished
Submission Time: 2023-03-20 11:26:08 +01:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • DHL
  • exe
  • Formbook

Details

  • Analysis ID:
    830431
  • API (Web) ID:
    1197533
  • Analysis Started:
    2023-03-20 11:26:09 +01:00
  • Analysis Finished:
    2023-03-20 11:37:31 +01:00
  • MD5:
    04f5c33c1d3f795872b58f8c3922b49e
  • SHA1:
    3db181379815210d6fb0491d9660ddefff263224
  • SHA256:
    c0fee78265aef8793cb49690cc68fdf3debb84ab529bd59a2883a0c63ee0a6f5
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 27/69
malicious
Score: 10/39
malicious

IPs

IP Country Detection
50.87.195.203
United States
37.97.254.29
Netherlands
46.23.69.44
United Kingdom
Click to see the 5 hidden entries
217.160.0.32
Germany
104.233.254.113
United States
199.192.28.110
United States
81.169.145.88
Germany
113.52.135.193
Hong Kong

Domains

Name IP Detection
www.363ww.top
39.109.117.109
www.getpay.life
199.192.28.110
www.espisys-technology.com
217.160.0.32
Click to see the 11 hidden entries
sowmedia.site
37.97.254.29
versicherungsgott.com
81.169.145.88
motherhoodinthegarden.com
50.87.195.203
www.yh78898.com
104.233.254.113
luxgudonu.store
46.23.69.44
on-smooth.com
113.52.135.193
www.luxgudonu.store
0.0.0.0
www.on-smooth.com
0.0.0.0
www.motherhoodinthegarden.com
0.0.0.0
www.versicherungsgott.com
0.0.0.0
www.sowmedia.site
0.0.0.0

URLs

Name Detection
http://www.sowmedia.site
http://www.motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v+A/wOpED6FQaDJ/tGFUb6Y91ZfjLOaofoM8qmjHtlEGMmc9VxCg==&F7L99l=8qpwJ
http://www.sowmedia.site/d2a3/
Click to see the 62 hidden entries
http://www.rw-bau.com/d2a3/
http://www.motherhoodinthegarden.com/d2a3/
http://www.yh78898.com/d2a3/?Mw=/rn7tSorYChcOKKpyJYvjsebDE1EetOtUlfXV6ATVt8jMTNnk8PtnAR6Iam3VdBxJXQPah1uBiYgzGnhkXQp6MgBOVaGh7iMCA==&F7L99l=8qpwJ
http://www.363ww.top/d2a3/
http://www.yh78898.com/d2a3/
http://www.sowmedia.sitewww.yh78898.comF7L99l=8qpwJ
http://www.luxgudonu.store/d2a3/
http://www.getpay.life/d2a3/?F7L99l=8qpwJ&Mw=VQWJd0zbMmoZh8qz35kMD56sFoyc6gTYso/MZ3BJ/Q0NuTQy4/HeuFqYJgzXZamkeMaLAEsOyVyJpFsiRVW3jp2QSfHijAqmyw==
http://www.on-smooth.com/d2a3/
http://www.espisys-technology.com/d2a3/?Mw=HRt8t1hC6ylxzqu69JiO+2+wCg/IpDjUJ4ODvXLX3JGoHCx8OnZPShMSZXcaT/6Kc192JGOxG+z3HQLrZrJeLIMi1PhqwEBrHA==&F7L99l=8qpwJ
http://www.worldhortihealth.com/d2a3/
http://www.sowmedia.site/d2a3/?F7L99l=8qpwJ&Mw=lIoejRloD0NPrvtjG56SffHGubt9bC7l7VozaPHGZoJbvkCik3wIcy97/aKLKqf+leC/SNQQ4bUyJkgTGWAXDnv4xxMA9hLjSw==
http://www.on-smooth.com/d2a3/?F7L99l=8qpwJ&Mw=LnB6L7dnOzftoEr5UpUEPAqnd7gAmYo0E1h8Hr8XDrTV/RCVTRWGXzxgMAjKYD2ZiMi0DXBclY2V/N6w7Ub5K9/YRO3kcEW/Xg==
http://www.versicherungsgott.com/d2a3/?F7L99l=8qpwJ&Mw=3fW4twhu5IX2LSkBcFVlWjxiVco4zHJfqjvATlwHU7q8puaymE5DWsW8adrpP96Z6UNtMOOwQnTRLGoNrAuApIzT11t8CH71vQ==
http://www.espisys-technology.com/d2a3/
http://www.getpay.life/d2a3/
http://www.luxgudonu.store/d2a3/?Mw=OjO/noXVMTk40sLqqWNUhETz5fwNQfL3iZv4zuTHX4FsBRg0F7vbWW3nqcxNlOGl4ZCA660VFsqTMG20zBTe2NhxC9mrQabZ6Q==&F7L99l=8qpwJ
https://search.yahoo.com?fr=crmas_sfp
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://nsis.sf.net/NSIS_ErrorError
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://www.luxgudonu.store
http://www.vanguardfsm.comwww.xefordbienhoa.comF7L99l=8qpwJr
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://www.xefordbienhoa.com
http://www.versicherungsgott.com/d2a3/
https://ac.ecosia.org/autocomplete?q=
http://www.fresnocap.com
http://motherhoodinthegarden.com/d2a3/?Mw=cN5AEPknHvfgRR2crmYFAZMRCOFajc7CFMghZAmOXZ6v62v
http://www.rw-bau.com
http://www.yh78898.comwww.363ww.topF7L99l=8qpwJ
http://www.luxgudonu.storewww.sowmedia.siteF7L99l=8qpwJ
http://www.staatslieden.biz
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://www.versicherungsgott.com
http://www.fresnocap.comwww.vanguardfsm.comF7L99l=8qpwJ
http://www.staatslieden.bizwww.fresnocap.comF7L99l=8qpwJ
http://www.vanguardfsm.com/d2a3/
http://www.afzalhossainantor.com/d2a3/
https://duckduckgo.com/ac/?q=
http://www.afzalhossainantor.comwww.staatslieden.bizF7L99l=8qpwJ
http://perldancer.org/
http://www.on-smooth.comwww.luxgudonu.storeF7L99l=8qpwJ
http://www.espisys-technology.comwww.on-smooth.comF7L99l=8qpwJ)
https://search.yahoo.com?fr=crmas_sfpf
http://www.363ww.top
http://www.fresnocap.com/d2a3/
http://www.staatslieden.biz/d2a3/
http://www.xefordbienhoa.com/d2a3/
http://www.363ww.topwww.rw-bau.comF7L99l=8qpwJ
http://www.worldhortihealth.com
http://www.worldhortihealth.comwww.afzalhossainantor.comF7L99l=8qpwJ
http://www.espisys-technology.com
http://www.afzalhossainantor.com
http://www.motherhoodinthegarden.com
http://www.vanguardfsm.com
http://www.on-smooth.com
http://www.yh78898.com
https://duckduckgo.com/chrome_newtab
http://www.rw-bau.comwww.worldhortihealth.comF7L99l=8qpwJ
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://www.getpay.life

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\eixfhzlwqd.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\35-7052c
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Temp\lfcykkdw.xwy
data
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\mvmtumtue.nvj
data
#
C:\Users\user\AppData\Local\Temp\nsu5B23.tmp
data
#