ORDER SPECIFICATIONS.exe

Status: finished

Submission Time: 2021-02-23 08:48:12 +01:00

Malicious

Trojan

Evader

FormBook

Comments

Details

Analysis ID:
356492
API (Web) ID:
614966
Analysis Started:

2021-02-23 08:55:55 +01:00
Analysis Finished:

2021-02-23 09:09:52 +01:00
MD5:
e75a4df51162401b21c3eb79718fb3db
SHA1:
3328ead22db03ce461cb8bdb5d59638120e2444f
SHA256:
48709c3e07c128283d9d550331d6e5f7c4afeadfc61cad94d769ea8ce7399e77
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 22/71

malicious

Score: 7/47

IPs

IP	Country	Detection
170.106.171.56	Singapore
34.90.54.238	United States
50.87.196.120	United States
Click to see the 5 hidden entries
54.85.86.211	United States
34.102.136.180	United States
156.240.32.114	Seychelles
13.57.130.120	United States
154.91.61.105	Seychelles

Domains

Name	IP	Detection
www.hostsnc.com	156.240.32.114
www.assemble-4u.com	0.0.0.0
www.denisekohli.com	0.0.0.0
Click to see the 14 hidden entries
www.abaplants.com	0.0.0.0
www.shamansmoke.com	0.0.0.0
www.cyjulebu.com	0.0.0.0
www.gdzas08.cloud	0.0.0.0
www.softwaresreports.info	0.0.0.0
www.raphaelyejesiel.com	54.85.86.211
assemble-4u.com	13.57.130.120
104.233.225.185.cname-url.com	170.106.171.56
softwaresreports.info	34.102.136.180
denisekohli.com	34.102.136.180
www.your-new-body-plan.com	34.90.54.238
www.athomecp.com	154.91.61.105
abaplants.com	50.87.196.120
shops.myshopify.com	23.227.38.74

URLs

Name	Detection
http://www.abaplants.com/owws/?FZA=E2uPX13Kd8eziNpXwTixT+siYJwH/w0JmCiJBsiXejl5IKklxd2VA8+t7/1UF0B3bHAe&GzrX=Bxo0src
http://www.assemble-4u.com/owws/?FZA=tHbMDDeadmVNgKYcreuncRwf7boUCKl6MNzrWMM5Jrdb4IpAp8+CGbWYAVkD3n9oZQag&GzrX=Bxo0src
http://www.denisekohli.com/owws/?FZA=lwHO/uUGh/aXRG65LDVUqOi7qNbSmHJrcCZCAEgZXo9YpRM01PmoothBQXBavnYq4fuq&GzrX=Bxo0src
Click to see the 66 hidden entries
www.athomecp.com/owws/
http://www.raphaelyejesiel.com/owws/?FZA=Ng1hVjXym9Qjh/39zAZuuRZY5wWd2+1a+DNcin6p0h8GUL41G3Uc3DOSlbUNOeobFB2Q&GzrX=Bxo0src
http://www.your-new-body-plan.com/owws/?FZA=wQPVVaqxY2IiVfQZkyRmW3q13fIzlgC5jJ34SIKwtgCZdzYlbOYBx3wkbgC3baC7Oc7O&GzrX=Bxo0src
http://www.hostsnc.com/owws/?FZA=4P1MPend6t3dRr+zrFZAhnBbaZyC76urNt6lzZx4zgRAaIR2wDCeIn43mJ71sHhZDUem&GzrX=Bxo0src
http://www.softwaresreports.info/owws/?FZA=5jCx8TJ67BDPxitFKTiPzVbAv5V4WmfLvz0iUotKb81cdHhoP6D4U31cAoF9J0eWw3xa&GzrX=Bxo0src
http://instagram.com/casarpontocom
http://www.tiro.comtn
https://www.casar.com/assunto/cha-de-panela/
http://www.jiyu-kobo.co.jp/jp/
https://www.youtube.com/casarpontocom
https://www.casar.com/assunto/casamentos/casamentos-reais/
http://www.fontbureau.com/designersG
https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js
http://www.fonts.come
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.tiro.comxR
http://www.sakkal.com
http://www.pinterest.com/casarpontocom
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
http://www.fonts.comX
http://www.fontbureau.comon
http://www.fontbureau.com/designers8
https://www.casar.com/assunto/noivas/vestidos-de-noiva/
http://www.carterandcone.coml
http://www.founder.com.cn/cn/
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.fontbureau.comoitu
http://www.jiyu-kobo.co.jp/ico
http://www.jiyu-kobo.co.jp/
http://www.sajatypeworks.coma-d
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://www.fontbureau.com/designers/?
http://www.jiyu-kobo.co.jp/Micr
http://www.fontbureau.comaYn
http://www.founder.com.cn/cn/bThe
http://www.jiyu-kobo.co.jp/dn
http://schemas.microsoft.nh
https://www.casar.com/assunto/organizacao/
http://www.fontbureau.com/designers?
http://www.tiro.comBR
https://www.casar.com/assunto/casamentos/decoracao-de-casamento/
http://www.tiro.com
http://www.fontbureau.com/designers
https://www.casar.com/assunto/lua-de-mel-2/
http://en.wX
http://www.goodfont.co.kr
http://www.zhongyicts.com.cn
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
https://www.casar.com
http://fontfabrik.com
https://embed.typeform.com/embed.js
https://connect.facebook.net/en_US/fbevents.js
https://casarpontocom.zendesk.com/hc/pt-br
https://www.casar.com/assunto/noivas/dicas-para-noivas/
http://www.galapagosdesign.com/DPlease
http://www.fonts.com
http://www.sandoll.co.kr
http://www.sandoll.co.krF
http://www.urwpp.deDPlease

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER SPECIFICATIONS.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpDA15.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\LvZiFDk.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\LvZiFDk.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#

ORDER SPECIFICATIONS.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

ORDER SPECIFICATIONS.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

ORDER SPECIFICATIONS.exe