flash

ORDER SPECIFICATIONS.exe

Status: finished
Submission Time: 23.02.2021 08:48:12
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    356492
  • API (Web) ID:
    614966
  • Analysis Started:
    23.02.2021 08:55:55
  • Analysis Finished:
    23.02.2021 09:09:52
  • MD5:
    e75a4df51162401b21c3eb79718fb3db
  • SHA1:
    3328ead22db03ce461cb8bdb5d59638120e2444f
  • SHA256:
    48709c3e07c128283d9d550331d6e5f7c4afeadfc61cad94d769ea8ce7399e77
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
22/71

malicious
7/47

IPs

IP Country Detection
170.106.171.56
Singapore
34.90.54.238
United States
50.87.196.120
United States
Click to see the 5 hidden entries
54.85.86.211
United States
34.102.136.180
United States
156.240.32.114
Seychelles
13.57.130.120
United States
154.91.61.105
Seychelles

Domains

Name IP Detection
abaplants.com
50.87.196.120
www.hostsnc.com
156.240.32.114
www.athomecp.com
154.91.61.105
Click to see the 14 hidden entries
www.your-new-body-plan.com
34.90.54.238
denisekohli.com
34.102.136.180
softwaresreports.info
34.102.136.180
104.233.225.185.cname-url.com
170.106.171.56
assemble-4u.com
13.57.130.120
www.raphaelyejesiel.com
54.85.86.211
www.softwaresreports.info
0.0.0.0
www.gdzas08.cloud
0.0.0.0
www.cyjulebu.com
0.0.0.0
www.shamansmoke.com
0.0.0.0
www.abaplants.com
0.0.0.0
www.denisekohli.com
0.0.0.0
www.assemble-4u.com
0.0.0.0
shops.myshopify.com
23.227.38.74

URLs

Name Detection
http://www.abaplants.com/owws/?FZA=E2uPX13Kd8eziNpXwTixT+siYJwH/w0JmCiJBsiXejl5IKklxd2VA8+t7/1UF0B3bHAe&GzrX=Bxo0src
http://www.softwaresreports.info/owws/?FZA=5jCx8TJ67BDPxitFKTiPzVbAv5V4WmfLvz0iUotKb81cdHhoP6D4U31cAoF9J0eWw3xa&GzrX=Bxo0src
http://www.raphaelyejesiel.com/owws/?FZA=Ng1hVjXym9Qjh/39zAZuuRZY5wWd2+1a+DNcin6p0h8GUL41G3Uc3DOSlbUNOeobFB2Q&GzrX=Bxo0src
Click to see the 66 hidden entries
www.athomecp.com/owws/
http://www.assemble-4u.com/owws/?FZA=tHbMDDeadmVNgKYcreuncRwf7boUCKl6MNzrWMM5Jrdb4IpAp8+CGbWYAVkD3n9oZQag&GzrX=Bxo0src
http://www.denisekohli.com/owws/?FZA=lwHO/uUGh/aXRG65LDVUqOi7qNbSmHJrcCZCAEgZXo9YpRM01PmoothBQXBavnYq4fuq&GzrX=Bxo0src
http://www.your-new-body-plan.com/owws/?FZA=wQPVVaqxY2IiVfQZkyRmW3q13fIzlgC5jJ34SIKwtgCZdzYlbOYBx3wkbgC3baC7Oc7O&GzrX=Bxo0src
http://www.hostsnc.com/owws/?FZA=4P1MPend6t3dRr+zrFZAhnBbaZyC76urNt6lzZx4zgRAaIR2wDCeIn43mJ71sHhZDUem&GzrX=Bxo0src
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.jiyu-kobo.co.jp/Micr
http://www.fontbureau.comaYn
http://www.founder.com.cn/cn/bThe
http://www.jiyu-kobo.co.jp/dn
http://schemas.microsoft.nh
https://www.casar.com/assunto/organizacao/
http://www.fontbureau.com/designers?
http://www.tiro.comBR
https://www.casar.com/assunto/casamentos/decoracao-de-casamento/
http://www.tiro.com
http://www.fontbureau.com/designers
https://www.casar.com/assunto/lua-de-mel-2/
http://en.wX
http://www.goodfont.co.kr
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
https://www.casar.com
http://fontfabrik.com
https://embed.typeform.com/embed.js
https://connect.facebook.net/en_US/fbevents.js
https://casarpontocom.zendesk.com/hc/pt-br
https://www.casar.com/assunto/noivas/dicas-para-noivas/
http://www.galapagosdesign.com/DPlease
http://www.fonts.com
http://www.sandoll.co.kr
http://www.sandoll.co.krF
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.pinterest.com/casarpontocom
http://www.sakkal.com
http://www.tiro.comxR
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.fonts.come
https://www.casar.com/assunto/casamentos/casamentos-reais/
https://www.youtube.com/casarpontocom
http://www.jiyu-kobo.co.jp/jp/
https://www.casar.com/assunto/cha-de-panela/
http://www.tiro.comtn
https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js
http://www.fonts.comX
https://www.casar.com/assunto/noivas/vestidos-de-noiva/
http://www.carterandcone.coml
http://www.founder.com.cn/cn/
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.fontbureau.comoitu
http://www.jiyu-kobo.co.jp/ico
http://www.jiyu-kobo.co.jp/
http://www.sajatypeworks.coma-d
http://www.fontbureau.com/designers8
http://www.fontbureau.comon
http://instagram.com/casarpontocom

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER SPECIFICATIONS.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpDA15.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\LvZiFDk.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\LvZiFDk.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#