flash

Invoiceo.exe

Status: finished
Submission Time: 03.05.2021 14:49:17
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    402845
  • API (Web) ID:
    707852
  • Analysis Started:
    03.05.2021 14:49:18
  • Analysis Finished:
    03.05.2021 15:05:08
  • MD5:
    8f2489d7ce50e99109af9925818daf2b
  • SHA1:
    5481d53e59fda1e0d849b677e15b410ba6f64fbc
  • SHA256:
    0013853950647289e952326b93ce46aa3e73db654367ef3c005e29257db31fba
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
10/47

IPs

IP Country Detection
154.207.58.218
Seychelles

Domains

Name IP Detection
www.tabuk24.com
154.207.58.218
www.swim-maki.com
0.0.0.0

URLs

Name Detection
http://www.tabuk24.com/csi/?TTgLKx=uFNDtp4H1nDLCVd&mR-ptRI=N6ynhade2rGTzfH7Obdga9j8h7xnVmduHv/FNLw2V1/oBiufSguui3vD99XwSD3G2mHh
www.swim-maki.com/csi/
http://www.fontbureau.com/designersG
Click to see the 90 hidden entries
http://www.rare-snare.com
http://www.analistaweb.net/csi/www.kontrey.com
http://www.nelivo.comReferer:
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.bahama-id.comReferer:
http://www.microsoft.co
http://www.bermudesfcrasettlement.com/csi/
http://www.rare-snare.com/csi/www.analistaweb.net
http://www.tiro.com
http://www.wristaidmd.com/csi/
http://www.fontbureau.com/designers
http://www.foodbyroyalbites.comReferer:
http://www.swim-maki.com/csi/
http://www.analistaweb.net
http://www.analistaweb.net/csi/
http://www.goodfont.co.kr
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://www.ss01center.com/csi/www.naturaldesiproducts.com
http://www.nelivo.com/csi/
http://www.sajatypeworks.com
http://www.bioshope.online/csi/
http://www.typography.netD
http://www.analistaweb.netReferer:
http://www.foodbyroyalbites.com/csi/
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.uspaypausa.com
http://www.wristaidmd.com/csi/www.nelivo.com
http://www.uspaypausa.com/csi/
http://www.uspaypausa.com/csi/www.ss01center.com
http://www.nelivo.com/csi/www.adtlive.com
http://www.galapagosdesign.com/DPlease
http://www.naturaldesiproducts.com/csi/
http://www.bermudesfcrasettlement.com
http://www.fonts.com
http://www.sandoll.co.kr
http://www.swim-maki.com/csi/www.bermudesfcrasettlement.com
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://www.adtlive.comReferer:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.foodbyroyalbites.com
http://www.sakkal.com
https://github.com/unguest
http://www.bioshope.onlineReferer:
http://www.adtlive.com
http://www.bahama-id.com/csi/www.uspaypausa.com
https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.swim-maki.comReferer:
http://www.adtlive.com/csi/
http://www.kontrey.com/csi/www.bahama-id.com
http://www.naturaldesiproducts.comReferer:
http://www.bermudesfcrasettlement.comReferer:
http://www.nelivo.com
https://go.micro
http://www.ss01center.com/csi/
http://www.bahama-id.com/csi/
http://www.bioshope.online
http://www.swim-maki.com
http://www.tabuk24.com
http://www.kontrey.com
http://www.kontrey.comReferer:
http://www.foodbyroyalbites.com/csi/www.bioshope.online
http://www.wristaidmd.com
http://www.adtlive.com/csi/www.rare-snare.com
http://www.carterandcone.coml
http://www.ss01center.comReferer:
http://www.tabuk24.comReferer:
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.naturaldesiproducts.com
http://www.ss01center.com
http://www.tabuk24.com/csi/www.swim-maki.com
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.rare-snare.comReferer:
http://www.naturaldesiproducts.com/csi/M
http://www.kontrey.com/csi/
http://www.bioshope.online/csi/www.wristaidmd.com
http://www.bahama-id.com
http://www.uspaypausa.comReferer:
http://www.wristaidmd.comReferer:
http://www.rare-snare.com/csi/
http://www.tabuk24.com/csi/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoiceo.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpEE1D.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\yYxmxiApi.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dpod1dif.1ty.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvegrtut.myf.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t10emffs.5zu.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vijt5kae.3jh.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_voiu13at.ago.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y0wayzft.p4m.ps1
very short file (no magic)
#
C:\Users\user\AppData\Roaming\yYxmxiApi.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\Documents\20210503\PowerShell_transcript.065367.35C6bBM3.20210503145014.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210503\PowerShell_transcript.065367.K12PJCIf.20210503145011.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210503\PowerShell_transcript.065367.wOdK0DyO.20210503145012.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#