flash

zHgm9k7WYU.exe

Status: finished
Submission Time: 13.01.2021 20:57:20
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    339322
  • API (Web) ID:
    580564
  • Analysis Started:
    13.01.2021 20:57:25
  • Analysis Finished:
    13.01.2021 21:08:13
  • MD5:
    d97a26894ec19dc562eec833ccb5607f
  • SHA1:
    5aa0632c496d7e1441eef50c61c6a97c5adee565
  • SHA256:
    2fdfbfc735f43a4e2dce0c849b41ab83dd17228f6df983f7a95d6e427cdc77b0
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
199.59.242.153
United States
154.86.142.251
Seychelles
103.224.182.242
Australia
Click to see the 2 hidden entries
34.102.136.180
United States
198.49.23.144
United States

Domains

Name IP Detection
www.www7456.com
154.86.142.251
www.fallgus.com
103.224.182.242
ricardoinman.com
34.102.136.180
Click to see the 4 hidden entries
www.bigdudedesign.com
199.59.242.153
www.ricardoinman.com
0.0.0.0
www.theatomicshots.com
0.0.0.0
ext-sq.squarespace.com
198.49.23.144

URLs

Name Detection
http://www.ricardoinman.com/xle/?0V3lvN=YvRXzPexWxVddR&uXrpEpT=43tORsMo6Gry83Td78nIWgxEplzIHXHZqBl7iQpQA31ZPQcRtwVYWDcsKQZGhQx+cBJl
http://www.bigdudedesign.com/xle/?0V3lvN=YvRXzPexWxVddR&uXrpEpT=p5BrHqV+x52+8/dkhIH/2RZzzPQHVqXKKEjnsmk8YSbLMdX3vj27OxdUa7hcnD/L48D0
http://www.theatomicshots.com/xle/?0V3lvN=YvRXzPexWxVddR&uXrpEpT=dZpq/2SbxZ9fjKphiMNZYhV3L/2Ns2NYRA9XvZOFrZWohuKG4iXKPwFAYUeyauD7Ycns
Click to see the 27 hidden entries
http://www.www7456.com/xle/?uXrpEpT=uzo0q0TnKI1EbCdNPQJu8iBLwxReibO1ZCV2f0LDQIq1wR/qMfZZPE6SLM+PUhnJc0M8&0V3lvN=YvRXzPexWxVddR
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.jiyu-kobo.co.jp/
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designers8
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://www.sakkal.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zHgm9k7WYU.exe.log
ASCII text, with CRLF line terminators
#