Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

4wyevtsyFK.exe

Status: finished
Submission Time: 2020-03-22 15:59:12 +01:00
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook Lokibot

Comments

Tags

Details

  • Analysis ID:
    217091
  • API (Web) ID:
    331151
  • Analysis Started:
    2020-03-22 15:59:12 +01:00
  • Analysis Finished:
    2020-03-22 16:08:13 +01:00
  • MD5:
    f2839eaecc85de1792355a24c63da24f
  • SHA1:
    c260539395a3857431feafb233767e94bebd3455
  • SHA256:
    de1b53282ea75d2d3ec517da813e70bb56362ffb27e4862379903c38a346384d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 48/72
Open Full Report
malicious
Score: 16/40
malicious
Score: 24/31

IPs

IP Country Detection
184.168.131.241
 United States
172.217.23.225
 United States

Domains

Name IP Detection
kiheielectricbikes.com
 184.168.131.241
www.the-hungry-dragon.net
 0.0.0.0
www.orchidofasiadayspa.com
 0.0.0.0
Click to see the 7 hidden entries
www.kiheielectricbikes.com
 0.0.0.0
www.ksire.com
 0.0.0.0
googlehosted.l.googleusercontent.com
 172.217.23.225
orchidofasiadayspa.com
 50.63.202.77
westexpired.dopa.com
 127.0.0.1
doc-00-3g-docs.googleusercontent.com
 0.0.0.0
doc-08-3c-docs.googleusercontent.com
 0.0.0.0

URLs

Name Detection
http://www.kiheielectricbikes.com/w0k/?uda=PcDZAYiJMyi1sNPMwoDVqsoC1cthxoAbOhKng71B3qX+ijDUh+XAYLydGv6YiAGIrKQP&cb=tBgxlt0h7RGt78O
http://crl.pki.goog/GTS1O1.crl0
http://www.autoitscript.com/autoit3/J
Click to see the 27 hidden entries
http://www.sakkal.com
https://doc-08-3c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4sflut51
http://www.zhongyicts.com.cn
http://crl.pki.goog/gsr2/gsr2.crl0?
http://www.sandoll.co.kr
http://www.fonts.com
http://pki.goog/gsr29
http://www.jiyu-kobo.co.jp/
http://www.founder.com.cn/cn
http://fontfabrik.com
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.sajatypeworks.com
http://www.carterandcone.coml
https://pki.goog/repository/0
http://www.goodfont.co.kr
http://ocsp.pki.goog/gsr202
http://crl.pki.goog/GTS1O1.crl
http://pki.goog/gsr2/)
http://pki.goog/gsr2/GTS1O1.crt0
http://www.tiro.com
http://myurl/myfile.bin9
http://ocsp.pki.goog/gts1o10
http://ocsp.pki.goog/g2
http://myurl/myfile.bin
http://www.founder.com.cn/cn/bThe
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DB1
 empty
 #
C:\Users\user\AppData\Local\Temp\Pffbxn4x\qjeduz6s0r.exe
 empty
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
 empty
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\O2116906\O21logim.jpeg
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logrf.ini
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logrg.ini
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logri.ini
 empty
 #
C:\Users\user\AppData\Roaming\O2116906\O21logrv.ini
 empty
 #