flash

lpdKSOB78u.exe

Status: finished
Submission Time: 23.02.2021 09:12:27
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    356515
  • API (Web) ID:
    615014
  • Analysis Started:
    23.02.2021 09:17:28
  • Analysis Finished:
    23.02.2021 09:28:18
  • MD5:
    f10054d325df455c58ecb16ea660d3f2
  • SHA1:
    54871af48b64576922b97965efeeea94976bc119
  • SHA256:
    b060cb81afd9113cfbbb1e346c99e503c545da47ed80096c021b7ca41c064c76
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
31/70

malicious
17/47

IPs

IP Country Detection
104.21.76.239
United States
154.213.108.250
Seychelles
208.91.197.27
Virgin Islands (BRITISH)
Click to see the 5 hidden entries
34.102.136.180
United States
23.224.206.45
United States
92.249.45.191
Germany
23.253.73.122
United States
3.223.115.185
United States

Domains

Name IP Detection
speedysnacksbox.com
34.102.136.180
www.edgewooddhr.net
208.91.197.27
rehabcareconnect.com
92.249.45.191
Click to see the 18 hidden entries
www.beconfidentagain.com
104.21.76.239
havemercyinc.net
34.102.136.180
inbarrel.com
34.102.136.180
buildassetswealth.com
34.102.136.180
www.pcareinc.com
154.213.108.250
www.ndk168.com
23.224.206.45
www.havemercyinc.net
0.0.0.0
www.antips.com
0.0.0.0
www.torontotel.com
0.0.0.0
www.39palmavenue.com
0.0.0.0
www.speedysnacksbox.com
0.0.0.0
www.thepixxelgroup.com
0.0.0.0
www.buildassetswealth.com
0.0.0.0
www.inbarrel.com
0.0.0.0
www.rehabcareconnect.com
0.0.0.0
www.larek.store
185.104.45.146
sequoia.bostonlogic.com
23.253.73.122
HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com
3.223.115.185

URLs

Name Detection
http://www.buildassetswealth.com/4qdc/?sxlpdB=t6rgzpThEavL/zg9991GCjSWOfv9/TODS4c0mNe7yolhiaEFU/O6K33zqhrleftTdvyE&2dz=onbha
http://www.inbarrel.com/4qdc/?sxlpdB=DRpehdA/33BzcPgqXFJLC0P+7mKy3AC9kGgryjypn4W4a4lypWUQvIUJQnrelubfkLFp&2dz=onbha
http://www.antips.com/4qdc/?sxlpdB=FDPsk0sff5Lw+z8Vw8rcgpm8MWqJfMs2bvH8+cW5/POI2TSyhlXdRmW8g+C2mzqgUbJY&2dz=onbha
Click to see the 51 hidden entries
http://www.havemercyinc.net/4qdc/?sxlpdB=o1YYd6Gi2K67gelLAX14ago2MHBzIaWFdtb1Ca8ijRLt6mEmIsAV47qF7pv8e7ASo7Rk&2dz=onbha
www.torontotel.com/4qdc/
http://www.39palmavenue.com/4qdc/?sxlpdB=ZB8Pl5eBC7Hephg+P6iGhrGYsApNwIB7ekAHWQJEYqlC8jRN6CLcZFL5CLWpIktyGytq&2dz=onbha
http://www.rehabcareconnect.com/4qdc/?sxlpdB=XrM9oEi9W6a6X8UVQlR+JUyFbINbZfC+p7wdaOxjToB4fXjiFd7gjA62KvYw0vzt+GJp&2dz=onbha
http://www.ndk168.com/4qdc/?sxlpdB=fgRLe1wDsIR582SpVqHNrqc5X9FQKzC9eNMuu75MPd7YekjVZ2QEORs18XDbgwZ5UcjJ&2dz=onbha
http://www.pcareinc.com/4qdc/?sxlpdB=n05rnph+IqNz0mbSS5vp9sGjLY7dyqnysY607r4vHHjCLr3ziiRBE07QjlPjM5GqarqD&2dz=onbha
http://www.speedysnacksbox.com/4qdc/?sxlpdB=oetlJbthpq9VCk3sxGtc819EDOSw/wKhNDSOaTnbk4bTW9QfHQR4t80kWNVKaJln9Y1c&2dz=onbha
http://www.beconfidentagain.com/4qdc/?sxlpdB=uT9syTVFNHzfIlw/vi0ORJwgGNlm67yR3EiChoWxlToAUfSEqT6/a/KF0zmtzwOHQ1u8&2dz=onbha
http://www.edgewooddhr.net/4qdc/?sxlpdB=+7VgHCQQJYO0FHfoX4VwpMGRpMkf/fkwbCKrV3wMZoe5nkwvpaAzoW+aSblNd7Hd+wjC&2dz=onbha
http://i4.cdn-image.com/__media__/pics/27586/searchbtn.png)
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://i4.cdn-image.com/__media__/pics/27587/Left.png)
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://i4.cdn-image.com/__media__/pics/27587/Right.png)
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff2
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.otf
http://www.galapagosdesign.com/DPlease
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.eot?#iefix
http://www.fonts.com
http://www.sandoll.co.kr
http://i4.cdn-image.com/__media__/pics/27587/BG_2.png)
http://rdfs.org/sioc/ns#
http://www.urwpp.deDPlease
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.svg#open-sans-bold
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
http://rdfs.org/sioc/types#
http://nsis.sf.net/NSIS_ErrorError
http://www.carterandcone.coml
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.woff
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://nsis.sf.net/NSIS_Error
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://i4.cdn-image.com/__media__/fonts/open-sans-bold/open-sans-bold.ttf

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\h1luljvls0ea.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\gnozo.to
data
#
C:\Users\user\AppData\Local\Temp\nsr575.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\nsx546.tmp
data
#