Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

pZTgBSxb0oe9deC.exe

Status: finished
Submission Time: 2020-09-16 15:00:02 +02:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • formbook

Details

  • Analysis ID:
    286339
  • API (Web) ID:
    467854
  • Analysis Started:
    2020-09-16 15:01:39 +02:00
  • Analysis Finished:
    2020-09-16 15:12:33 +02:00
  • MD5:
    ae816597f9990952c8b6f523b64f24c9
  • SHA1:
    f6a8209eebb95669f4c1223d4abe02888bf54173
  • SHA256:
    98605f399585016ae41edcfbc496fa98225ad51928b26b9dff6261fbc09d7d7f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 23/67
malicious
Score: 13/48
malicious

IPs

IP Country Detection
34.102.136.180
 United States
185.98.131.229
 France

Domains

Name IP Detection
7sat.asia
 34.102.136.180
westhillsterracepdx.com
 34.102.136.180
messi-and-ronaldo.com
 185.98.131.229
Click to see the 6 hidden entries
www.westhillsterracepdx.com
 0.0.0.0
www.messi-and-ronaldo.com
 0.0.0.0
www.therbalfoodinv.com
 0.0.0.0
www.ytalmorales.com
 0.0.0.0
www.7sat.asia
 0.0.0.0
balancer.wixdns.net
 35.242.251.130

URLs

Name Detection
http://www.7sat.asia/k8b/?mVJl9j=h2Jdsdr8W25Tg0Np&abg0n=2gApIl2Au4n1uRFWrzVZLEXy//w6Ybr6Vv4mKuths8NfzmG+Z+iGg3adnddbL4twR+EY
http://www.westhillsterracepdx.com/k8b/
http://www.glowtey.com/k8b/
Click to see the 88 hidden entries
http://www.glowtey.com/k8b/www.citestaccnt1598634983.com
http://www.messi-and-ronaldo.com/k8b/?abg0n=0v5M9lAxeGs3Z2wSqhBRyQiK1iT/MtB56uN4ob1ruqxgc5JDlvFtl3BValt9kiEa9zMj&mVJl9j=h2Jdsdr8W25Tg0Np
http://www.messi-and-ronaldo.com/k8b/
http://www.westhillsterracepdx.com/k8b/?mVJl9j=h2Jdsdr8W25Tg0Np&abg0n=6dMkGDfpk1r0Gmr8hQYTBKv4S6+5Z6uHlrQcjV8Ea1YOfXcWOZvOwazRs+Dk1aCo4f0j
http://www.glowtey.comReferer:
http://www.7sat.asia/k8b/
http://www.glowtey.com
http://www.citestaccnt1598634983.comReferer:
http://www.ytalmorales.com
http://www.messi-and-ronaldo.com
http://go.microsoft.LinkId=42127
http://www.citestaccnt1598634983.com
http://www.sfheli.com/k8b/
http://go.microsoft.
http://www.sfheli.comReferer:
http://www.therbalfoodinv.com/k8b/www.messi-and-ronaldo.com
http://www.wintersmooncandleco.com/k8b/
http://www.wintersmooncandleco.com
http://www.pbuckleyprojects.com/k8b/
http://www.therbalfoodinv.com/k8b/
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.sasvisioninternational.com/k8b/www.exceptionalhospitals.com
http://www.citestaccnt1598634983.com/k8b/
http://www.therbalfoodinv.comReferer:
http://www.trophemus-treasure-hunters.comReferer:
http://www.therbalfoodinv.com
http://www.sasvisioninternational.comReferer:
http://www.westhillsterracepdx.comReferer:
http://www.exceptionalhospitals.com/k8b/
http://www.dekacoiffure.com/k8b/www.trophemus-treasure-hunters.com
http://www.sasvisioninternational.com/k8b/
http://www.7sat.asiaReferer:
http://www.fontbureau.com/designers8
http://www.jiyu-kobo.co.jp/
http://www.carterandcone.coml
http://www.exceptionalhospitals.com
http://www.7sat.asia/k8b/www.sasvisioninternational.com
http://www.etkensigorta.com/k8b/www.wintersmooncandleco.com
http://www.fontbureau.com/designers/frere-jones.html
http://www.founder.com.cn/cn
http://www.sasvisioninternational.com
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.sakkal.com
http://www.exceptionalhospitals.comReferer:
http://tempuri.org/DataSet1.xsd
http://www.dekacoiffure.com
http://www.sfheli.com
http://www.citestaccnt1598634983.com/k8b/www.sfheli.com
http://www.ytalmorales.comReferer:
http://www.goodfont.co.kr
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.ytalmorales.com/k8b/www.7sat.asia
http://www.messi-and-ronaldo.com/k8b/www.westhillsterracepdx.com
http://www.wintersmooncandleco.comReferer:
http://www.messi-and-ronaldo.comReferer:
http://www.ytalmorales.com/k8b/
http://www.fontbureau.com/designers?
http://www.7sat.asia
http://www.trophemus-treasure-hunters.com/k8b/
http://www.founder.com.cn/cn/bThe
http://www.westhillsterracepdx.com
http://www.fontbureau.com/designers/?
http://www.sfheli.com/k8b/www.pbuckleyprojects.com
http://www.trophemus-treasure-hunters.com/k8b/www.etkensigorta.com
http://www.fontbureau.com/designersG
http://www.exceptionalhospitals.com/k8b/www.dekacoiffure.com
http://www.dekacoiffure.comReferer:
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.sandoll.co.kr
http://www.fonts.com
http://www.pbuckleyprojects.com
http://www.galapagosdesign.com/DPlease
http://www.wintersmooncandleco.com/k8b/www.glowtey.com
http://www.etkensigorta.comReferer:
http://www.etkensigorta.com/k8b/
http://www.trophemus-treasure-hunters.com
http://www.dekacoiffure.com/k8b/
http://www.etkensigorta.com
http://fontfabrik.com
http://www.pbuckleyprojects.comReferer:
http://www.galapagosdesign.com/staff/dennis.htm
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.sajatypeworks.com
http://www.westhillsterracepdx.com/k8b/www.ytalmorales.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\pZTgBSxb0oe9deC.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpD165.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\O9541UQ2\O95logri.ini
 data
 #
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\O9541UQ2\O95logrv.ini
 data
 #
C:\Users\user\AppData\Roaming\pRVJhcAjvJZLI.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\O9541UQ2\O95logim.jpeg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
 #