top title background image
flash

Walmart Purchase Orders W9472057_pdf.exe

Status: finished
Submission Time: 2020-08-11 14:53:31 +02:00
Malicious
Trojan
Spyware
Evader
Lokibot

Comments

Tags

  • exe
  • Loki

Details

  • Analysis ID:
    261795
  • API (Web) ID:
    418884
  • Analysis Started:
    2020-08-11 18:38:08 +02:00
  • Analysis Finished:
    2020-08-11 18:47:13 +02:00
  • MD5:
    25b667cd901f222c865a3e009bf8c7ac
  • SHA1:
    b44d97ba109d0319a2197461249a639afb49dbc5
  • SHA256:
    d2cee19a1e56d95d538becd56933a02727bb4df3e07ed9a476fb5776003361b6
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
185.34.216.210
Netherlands

Domains

Name IP Detection
buildbd.org
185.34.216.210
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
168.63.67.155

URLs

Name Detection
http://buildbd.org/css/csss/Panel/five/fre.php
https://buildbd.org/css/csss/Panel/five/fre.php
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Click to see the 1 hidden entries
http://www.ibsensoftware.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Walmart Purchase Orders W9472057_pdf.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpFB5D.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\CxFGSycP.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\CxFGSycP.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#