Register Login

sloganpng

top title background image

CF.exe

Status: finished

Submission Time: 2020-10-12 15:00:14 +02:00

Malicious

Phishing

Trojan

Spyware

Evader

HawkEye MailPassView

Comments

Tags

Details

Analysis ID:
296647
API (Web) ID:
488412
Analysis Started:

2020-10-12 15:00:14 +02:00
Analysis Finished:

2020-10-12 15:10:57 +02:00
MD5:
2eedf37ed7d943d6a255912e7e14ae49
SHA1:
b0cdfe5a254ef6d13e83461b6a04c91cc0c88d13
SHA256:
44f88f1551622a78e7e0cb6cb04b810ce4c58a1dbd6039b1f7248b579e8f9095
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 41/70

malicious

Score: 30/48

malicious

IPs

IP	Country	Detection
54.39.139.67	Canada
66.171.248.178	United States

Domains

Name	IP	Detection
eagleeyeapparels.com	54.39.139.67
mail.eagleeyeapparels.com	0.0.0.0
220.240.8.0.in-addr.arpa	0.0.0.0
Click to see the 1 hidden entries
bot.whatismyipaddress.com	66.171.248.178

URLs

Name	Detection
https://a.pomf.cat/
https://login.yahoo.com/config/login
http://pomf.cat/upload.php&https://a.pomf.cat/
Click to see the 8 hidden entries
https://sectigo.com/CPS0
http://bot.whatismyipaddress.com
http://www.nirsoft.net
http://pomf.cat/upload.php
http://www.nirsoft.net/
http://bot.whatismyipaddress.com/
http://bot.whatismyipaddress.comx&
http://pomf.cat/upload.phpCContent-Disposition:

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\01e864aa-fa9b-c261-ff81-b3cc7f79a6d3	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\tmp25D5.tmp	Little-endian UTF-16 Unicode text, with no line terminators	#