top title background image
flash

Securemailapp.exe

Status: finished
Submission Time: 2020-04-01 16:37:57 +02:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    219536
  • API (Web) ID:
    335938
  • Analysis Started:
    2020-04-01 16:46:53 +02:00
  • Analysis Finished:
    2020-04-01 17:03:40 +02:00
  • MD5:
    e4cfaff8f10b2c4dcdf7687773b5f5ba
  • SHA1:
    2b82d3782f6e6248a0d8ef6a5c67058976fc8d3d
  • SHA256:
    24593f3180a0766aa26ed91e6e79d6cf796aeaf27cc134a9eabf4a5da752c20e
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 46/71
malicious
Score: 22/47

IPs

IP Country Detection
116.202.9.166
Germany
35.242.251.130
United States
202.254.239.144
Japan
Click to see the 6 hidden entries
217.76.128.35
Spain
184.168.131.241
United States
199.192.22.148
United States
208.91.197.46
Virgin Islands (BRITISH)
104.28.0.58
United States
23.20.239.12
United States

Domains

Name IP Detection
www.covpsychiz.info
199.192.22.148
www.thescarfhut.com
0.0.0.0
www.ukapak.ink
0.0.0.0
Click to see the 16 hidden entries
www.apology.ltd
0.0.0.0
www.kong.florist
0.0.0.0
www.skylineluxuryhomeschicago.com
0.0.0.0
www.proteinefficient.com
0.0.0.0
www.sumomedia.ltd
0.0.0.0
www.xn--estyxk34aq4mspbq7if9a.com
0.0.0.0
www.artysancr.com
0.0.0.0
www.agaroseresins.com
217.76.128.35
www.your-date-here.com
208.91.197.46
www.xn--u9j813lsxe15po01b.com
202.254.239.144
www.cszlhz.com
104.28.0.58
balancer.wixdns.net
35.242.251.130
www.ardrome.com
116.202.9.166
skylineluxuryhomeschicago.com
184.168.131.241
www.frakkeforhandler.com
104.31.88.253
HDRedirect-LB5-1afb6e2973825a56.elb.us-east-1.amazonaws.com
23.20.239.12

URLs

Name Detection
http://www.xn--u9j813lsxe15po01b.com/hx212/
http://www.covpsychiz.info/hx212/
http://www.skylineluxuryhomeschicago.com/hx212/
Click to see the 44 hidden entries
http://www.agaroseresins.com/hx212/?Ev=chNEXokLq7hW8HvKkY2dcNEQeJ5GKWGLAWl1+X6aOcyDV8302CPyRRACxVQRPL3iiqaQ&ljo=MDKPFFDXDxJXypBP
http://www.skylineluxuryhomeschicago.com/hx212/?Ev=bM4Xun1pI6ZOV5ZHYseigAPkvvck2Cij1ewApu5ohFDlZ8aGsxAg5ufu1RC6vK+1jaDm&ljo=MDKPFFDXDxJXypBP
http://www.thescarfhut.com/hx212/?Ev=sml3n6l49EPSCa7vMPh/SuuWi1599qVmQUcMIo3tt8Fu8A6Qgu0IlzGyXmIb1Url3LIn&ljo=MDKPFFDXDxJXypBP
http://www.your-date-here.com/hx212/?Ev=yuATxVRg6V03zt9fmkHVG7SVgWpl6/Z6tDeIEtza45Xi+B/vKHFgBV6ZVx3ahKEkFxT0&ljo=MDKPFFDXDxJXypBP
http://www.cszlhz.com/hx212/?Ev=2H5oEqApcZqqJ6qLyjFERWiUI7bCbufBKCMghUsAFeTsJ5P0iZtpaBZczhNc8rDwu6V1&ljo=MDKPFFDXDxJXypBP
http://www.ardrome.com/hx212/?Ev=wKfpUO9plDGv2T++KqO84WhM5OOWvYWxYhu9D8K5Zh6fySGSwmXnDP6Ufhr7dtYnSq9Q&ljo=MDKPFFDXDxJXypBP
http://www.cszlhz.com/hx212/
http://www.artysancr.com/hx212/
http://www.ardrome.com/hx212/
http://www.agaroseresins.com/hx212/
http://www.xn--u9j813lsxe15po01b.com/hx212/?Ev=7w0YytMHoI4nsjP+y0IMrc86PWQ/iAHGw4E6AnUW3tdwa4iK0mJdGm+TIKrUlQMYe/Zk&ljo=MDKPFFDXDxJXypBP
http://www.covpsychiz.info/hx212/?Ev=8sUyA4WO5fe1gCDgOO3DHmlO4MdYzsfah5NcuQxOl3hW/0/R9dWPAXciXHbnM6Y/IAid&ljo=MDKPFFDXDxJXypBP
http://www.thescarfhut.com/hx212/
http://www.artysancr.com/hx212/?Ev=ZsyByF5b0EkK3lQ42YrSke2rzN/49RgUkpyRf/X/Lp8mJH7kxaV2xoRALuGc5Mm0xYDM&ljo=MDKPFFDXDxJXypBP
http://www.founder.com.cn/cn
http://www.founder.com.cn/cn/cThe
https://www.google.ch/favicon.ico
http://ns.adob1
http://www.jiyu-kobo.co.jp/
http://www.fonts.com
http://www.sandoll.co.kr
https://contextual.media.net/medianet.php?ci
http://www.google.ch/q
http://www.zhongyicts.com.cn
http://www.sakkal.com
https://www.google.ch/?gws_rd=ssl
http://www.goodfont.co.kr
https://ogs.go
http://www.apache.org/licenses/LICENSE-2.0
http://www.msn.com/?ocid=iehp%
https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=19
http://www.founder.com.cn/cn/bThe
http://www.msn.com/de-ch/?ocid=iehpLMEMh
http://www.tiro.com
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
http://fontfabrik.com
http://www.msn.com/ocid=iehp
http://www.google.ch/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1LMEM
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
https://www.google.ch/?gws_rd=sslLMEMhh_
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D12.tmp.dmp
empty
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5446.tmp.WERInternalMetadata.xml
empty
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER54B5.tmp.xml
empty
#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\chkdskuda.exe.log
empty
#
C:\Users\user\AppData\Local\Temp\Nolt\chkdskuda.exe
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logrf.ini
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logri.ini
empty
#
C:\Users\user\AppData\Roaming\OP92SA42\OP9logrv.ini
empty
#
\Device\ConDrv
empty
#