Po-covid19 2372#w2..exe

Status: finished

Submission Time: 2021-01-13 08:39:00 +01:00

Malicious

Trojan

Evader

FormBook

Comments

Details

Analysis ID:
338985
API (Web) ID:
579880
Analysis Started:

2021-01-13 08:49:19 +01:00
Analysis Finished:

2021-01-13 09:02:16 +01:00
MD5:
bf53c9dc0d0f032033c318aceef906c6
SHA1:
eeba1ef352c09979dfdfb4afdcdc5f41fe2a0119
SHA256:
a1558391914f4235dfdcdddcdf0de915a800541a4271feb4aff34af82b83a935
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 12/44

malicious

IPs

IP	Country	Detection
154.92.73.140	Seychelles
34.102.136.180	United States
104.24.109.70	United States
Click to see the 1 hidden entries
165.160.13.20	United States

Domains

Name	IP	Detection
www.scientificimaginetics.com	154.92.73.140
thesaltlifestyle.com	34.102.136.180
www.johnemotions.com	104.24.109.70
Click to see the 3 hidden entries
www.steelyourselfshop.net	0.0.0.0
www.thesaltlifestyle.com	0.0.0.0
www.aduhelmfinancialsupport.com	165.160.13.20

URLs

Name	Detection
http://www.scientificimaginetics.com/p95n/?u6ihA=cjlpdRL8ZtfDvB1&oH5h=gRhj5HMuZvR/Ec7o8oi+HxLziNFcY38IPUSKESyExHr5bx7zEB/jrV73UqEK091YdqI8
http://www.thesaltlifestyle.com/p95n/?u6ihA=cjlpdRL8ZtfDvB1&oH5h=BBaWJPlPEO+nvtMqhmqrcRgDtKq1LKrnuc6I0tDI+4mn5icveD46W7DXUUudv5GhOCct
http://www.johnemotions.com/p95n/?oH5h=OkCbzDuuF1pG8/+FjCqUEbhCI/Ef9I/I5jzkOiKX/zkELnGsjuBbK/8sh3SawKW3Kze/&u6ihA=cjlpdRL8ZtfDvB1
Click to see the 78 hidden entries
http://www.fontbureau.comaA
http://www.fontbureau.comdl
http://www.urwpp.de3z
http://www.jiyu-kobo.co.jp/?
http://www.fontbureau.comd
http://www.jiyu-kobo.co.jp/jp/
http://www.jiyu-kobo.co.jp/A
http://www.fontbureau.comzana
http://www.jiyu-kobo.co.jp/H
http://www.urwpp.deXz
http://www.fontbureau.comgritoe
http://www.jiyu-kobo.co.jp/S
http://www.galapagosdesign.com/
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.jiyu-kobo.co.jp/Z
http://www.jiyu-kobo.co.jp/jp/~
http://www.fontbureau.com=
http://www.jiyu-kobo.co.jp/jp/Z
http://www.fontbureau.com/designers/cabarga.html
http://www.founder.com.cn/cn$
http://www.fontbureau.comow
http://www.fontbureau.com/designers/
http://www.fontbureau.com/designers8
http://www.jiyu-kobo.co.jp/jp/-
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.comdZ
http://www.urwpp.deo
http://www.fontbureau.comlic0
http://www.carterandcone.coml
http://www.fontbureau.comoitu
http://www.fontbureau.com/designers/frere-jones.html
http://www.founder.com.cn/cn
http://www.jiyu-kobo.co.jp/w
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.monotype.7
http://www.sakkal.com
http://www.fontbureau.comeH
http://www.founder.com.cn/cn=
http://www.typography.netD
http://www.sajatypeworks.com
https://www.johnemotions.com/p95n/?oH5h=OkCbzDuuF1pG8/
http://www.jiyu-kobo.co.jp/ghtsl
http://www.jiyu-kobo.co.jp/-cz
http://www.fontbureau.comalsF
http://www.fontbureau.comnc./S
http://www.goodfont.co.kr
http://www.aduhelmfinancialsupport.com/p95n/?oH5h=yIt3vHGcFY19i9LszRbGqv8br4EBNSz7kQseU3pL44UQdgKo/VZu2mbLhFyK51ONzUns&u6ihA=cjlpdRL8ZtfDvB1
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.comessed
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.galapagosdesign.com/staff/dennis.htmpu
http://www.jiyu-kobo.co.jp/jp/H
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/jp/?
http://www.zhongyicts.com.cn
http://www.urwpp.de
http://www.urwpp.deDPlease
http://www.sandoll.co.kr
http://www.fonts.com
http://www.fontbureau.comF&
http://www.fontbureau.comessedZ
http://crl.;
http://www.fontbureau.com.TTF
http://www.fontbureau.com/
http://www.fontbureau.comdic
http://www.fontbureau.com0
http://www.jiyu-kobo.co.jp/.
http://www.fontbureau.com-
http://www.urwpp.de.
http://www.jiyu-kobo.co.jp/Y0e
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Po-covid19 2372#w2..exe.log	ASCII text, with CRLF line terminators	#

Po-covid19 2372#w2..exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Po-covid19 2372#w2..exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Po-covid19 2372#w2..exe