flash

4wyevtsyFK.exe

Status: finished
Submission Time: 22.03.2020 15:59:12
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook Lokibot

Comments

Tags

Details

  • Analysis ID:
    217091
  • API (Web) ID:
    331151
  • Analysis Started:
    22.03.2020 15:59:12
  • Analysis Finished:
    22.03.2020 16:08:13
  • MD5:
    f2839eaecc85de1792355a24c63da24f
  • SHA1:
    c260539395a3857431feafb233767e94bebd3455
  • SHA256:
    de1b53282ea75d2d3ec517da813e70bb56362ffb27e4862379903c38a346384d
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
48/72

malicious
16/40

malicious
24/31

IPs

IP Country Detection
184.168.131.241
United States
172.217.23.225
United States

Domains

Name IP Detection
kiheielectricbikes.com
184.168.131.241
www.the-hungry-dragon.net
0.0.0.0
www.orchidofasiadayspa.com
0.0.0.0
Click to see the 7 hidden entries
www.kiheielectricbikes.com
0.0.0.0
www.ksire.com
0.0.0.0
googlehosted.l.googleusercontent.com
172.217.23.225
orchidofasiadayspa.com
50.63.202.77
westexpired.dopa.com
127.0.0.1
doc-00-3g-docs.googleusercontent.com
0.0.0.0
doc-08-3c-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://www.kiheielectricbikes.com/w0k/?uda=PcDZAYiJMyi1sNPMwoDVqsoC1cthxoAbOhKng71B3qX+ijDUh+XAYLydGv6YiAGIrKQP&cb=tBgxlt0h7RGt78O
http://www.autoitscript.com/autoit3/J
http://www.apache.org/licenses/LICENSE-2.0
Click to see the 27 hidden entries
http://www.founder.com.cn/cn/bThe
http://myurl/myfile.bin
http://ocsp.pki.goog/g2
http://ocsp.pki.goog/gts1o10
http://myurl/myfile.bin9
http://www.tiro.com
http://pki.goog/gsr2/GTS1O1.crt0
http://pki.goog/gsr2/)
http://crl.pki.goog/GTS1O1.crl
http://ocsp.pki.goog/gsr202
http://www.goodfont.co.kr
https://pki.goog/repository/0
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.jiyu-kobo.co.jp/
http://pki.goog/gsr29
http://www.fonts.com
http://www.sandoll.co.kr
http://crl.pki.goog/gsr2/gsr2.crl0?
http://www.zhongyicts.com.cn
https://doc-08-3c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/4sflut51
http://www.sakkal.com
http://crl.pki.goog/GTS1O1.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DB1
empty
#
C:\Users\user\AppData\Local\Temp\Pffbxn4x\qjeduz6s0r.exe
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
empty
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\O2116906\O21logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrf.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrg.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logri.ini
empty
#
C:\Users\user\AppData\Roaming\O2116906\O21logrv.ini
empty
#