Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

MyHealth.exe

Status: finished
Submission Time: 2020-03-20 14:04:56 +01:00
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook Lokibot

Comments

Tags

Details

  • Analysis ID:
    216825
  • API (Web) ID:
    330652
  • Analysis Started:
    2020-03-20 14:04:57 +01:00
  • Analysis Finished:
    2020-03-20 14:25:18 +01:00
  • MD5:
    fb385fd55a2dd00a0037341c4e89a251
  • SHA1:
    7473f0b77106ac41af12a4a91db13fa53505cd36
  • SHA256:
    0f626b5cc65ab623e203f4b4c3b99b4d833726fafd62ce725b6294d3ad8ad68b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 50/73
Open Full Report
malicious
Score: 18/40
malicious
Score: 20/31

IPs

IP Country Detection
162.209.159.116
 United States
204.11.56.48
 Virgin Islands (BRITISH)
184.168.221.86
 United States
Click to see the 6 hidden entries
184.168.131.241
 United States
217.160.0.224
 Germany
198.54.117.197
 United States
63.250.33.106
 United States
198.49.23.145
 United States
172.217.23.225
 United States

Domains

Name IP Detection
www.inflluitive.com
 0.0.0.0
www.3365ssr.com
 0.0.0.0
www.554306.top
 0.0.0.0
Click to see the 20 hidden entries
www.legionetrangere.online
 0.0.0.0
www.kiheielectricbikes.com
 0.0.0.0
www.thecocktailmedia.com
 0.0.0.0
www.hutzyz.com
 0.0.0.0
www.impeachthatass.com
 0.0.0.0
www.frawgboy.com
 0.0.0.0
www.sightmaredesigns.com
 0.0.0.0
www.sebasview.com
 217.160.0.224
www.strategicalliesamastermind.com
 0.0.0.0
www.factorylegends.com
 198.54.117.197
www.workingtechnologiesmexico.com
 204.11.56.48
www.nacemo.com
 63.250.33.106
kiheielectricbikes.com
 184.168.131.241
www.michalshahar.com
 162.209.159.116
3365ssr.com
 184.168.221.86
westexpired.dopa.com
 127.0.0.1
googlehosted.l.googleusercontent.com
 172.217.23.225
doc-14-bo-docs.googleusercontent.com
 0.0.0.0
ext-sq.squarespace.com
 198.49.23.145
doc-0k-3c-docs.googleusercontent.com
 0.0.0.0

URLs

Name Detection
http://www.michalshahar.com/w0k/
http://www.kiheielectricbikes.com/w0k/
http://www.workingtechnologiesmexico.com/w0k/?Ttxh=chA0yBmUTNqQLPZwVUvzar2BiddoiQLWjuJCjqNw20a2YkZ8Mux+jO9XQqSfhLpE4lVG&GVm=4hedNPC8WB6p
Click to see the 42 hidden entries
http://www.frawgboy.com/w0k/?Ttxh=bOZei0djbqQh4s/jjsK6/wovAQFBdVAJChW9V931OnaIZSC2PGiIkIz/okgGLWbQ2jbY&GVm=4hedNPC8WB6p
http://www.workingtechnologiesmexico.com/w0k/
http://www.3365ssr.com/w0k/?Ttxh=K42Ma8CsrX67CksjQH12R0Ttz7K+7j+uYmNE91+lE2r7D1u+oYQSBjHsLCqRW2+VsJ6V&GVm=4hedNPC8WB6p
http://www.kiheielectricbikes.com/w0k/?Ttxh=PcDZAYiJMyi1sNPMwoDVqsoC1cthxoAbOhKng71B3qX+ijDUh+XAYLydGv6YiAGIrKQP&GVm=4hedNPC8WB6p
http://www.frawgboy.com/w0k/
http://www.michalshahar.com/w0k/?Ttxh=vO9Vm2RARflm5p1PFXqn6eBrWTFFnunBf6X3DMkFEdmGbjkCk/pABuPtOpuxvLvCis20&GVm=4hedNPC8WB6p
http://www.nacemo.com/w0k/
http://www.nacemo.com/w0k/?Ttxh=sem+50/0YH3mEWESa99Xfx4+r5czIuNqkkKFb8xjbyQB4/frawbs3iCD49k7i6p7/qu6&GVm=4hedNPC8WB6p
http://www.sebasview.com/w0k/?Ttxh=GyxwCZ1M+WopjQK5e9tGW3/PGaHjfFVHL5opZNL+ev8OmAkRdzMLOIFVrphwPYji8i11&GVm=4hedNPC8WB6p
http://www.sebasview.com/w0k/
http://www.3365ssr.com/w0k/
https://doc-14-bo-docs.googleusercontent.com/
http://www.zhongyicts.com.cn
http://crl.pki.goog/gsr2/gsr2.crl0?
http://www.sakkal.com
http://www.autoitscript.com/autoit3/J
http://www.apache.org/licenses/LICENSE-2.0
https://doc-14-bo-docs.googleusercontent.com/;
http://www.sandoll.co.kr
http://www.fonts.com
http://ocsp.pki.g2
https://doc-14-bo-docs.googleusercontent.com/doI
http://www.jiyu-kobo.co.jp/
http://crl.pki.goog/GTS1O1.crl0
https://doc-14-bo-docs.googleusercontent.com/docs/securesc/plapmduvvfganab5gel4b10ifq42kjev/4
http://www.founder.com.cn/cn
http://myurl/myfile.bin
http://fontfabrik.com
https://pki.goog
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.sajatypeworks.com
http://www.carterandcone.coml
https://pki.goog/repository/0
http://www.goodfont.co.kr
http://ocsp.pki.goog/gsr202
http://pki.goog/gsr2/GTS1O1.crt0
https://doc-14-bo-docs.googleusercontent.com/K
http://www.tiro.com
http://www.founder.com.cn/cn/bThe
https://doc-14-bo-docs.googleusercontent.com/docs/securesc/plapmduvvfganab5gel4b10ifq42kjev/45cqeqn6
http://ocsp.pki.goog/gts1o10

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DB1
 empty
 #
C:\Users\user\AppData\Local\Temp\G8prdul4\jj0t1be8.exe
 empty
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
 empty
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\O2116906\O21logim.jpeg
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logrf.ini
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logrg.ini
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logri.ini
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logrv.ini
 empty
 #