flash

g1EhgmCqCD.exe

Status: finished
Submission Time: 04.05.2021 18:38:13
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    404135
  • API (Web) ID:
    710428
  • Analysis Started:
    04.05.2021 18:38:15
  • Analysis Finished:
    04.05.2021 18:51:00
  • MD5:
    5551346aa9f251895021b95a2a7cc390
  • SHA1:
    acbcecf7599d3c33f6f2a36c0947cfc633d0a406
  • SHA256:
    9e189d8d48a66d2f53c972275642da7cbc8ad51b20f04cf1d592bef360db50cf
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
13/67

malicious
12/47

IPs

IP Country Detection
172.247.179.61
United States
107.180.51.23
United States
184.168.131.241
United States
Click to see the 2 hidden entries
34.102.136.180
United States
198.54.117.216
United States

Domains

Name IP Detection
kayandbernard.com
184.168.131.241
palomachurch.com
184.168.131.241
timbraunmusician.com
107.180.51.23
Click to see the 17 hidden entries
www.anygivenrunday.com
172.247.179.61
www.2000deal.com
0.0.0.0
www.kayandbernard.com
0.0.0.0
www.cats16.com
0.0.0.0
www.gb-contracting.com
0.0.0.0
www.fnatic-skins.club
0.0.0.0
www.benleefoto.com
0.0.0.0
www.effectivemarketinginc.com
0.0.0.0
www.donelys.com
0.0.0.0
www.timbraunmusician.com
0.0.0.0
www.palomachurch.com
0.0.0.0
www.web-evo.com
0.0.0.0
parkingpage.namecheap.com
198.54.117.216
2000deal.com
34.102.136.180
gb-contracting.com
34.102.136.180
effectivemarketinginc.com
34.102.136.180
www.mollysmulligan.com
3.13.31.214

URLs

Name Detection
http://www.donelys.com/8u3b/?DzrXY=E22nI3RnpwZWCefDbfimDOhq+q3UJ25lzo576Tq9svNo94y15LKXeVX0ss+5c65l5TJA&zR-4v=0v1D8ZZ8otVT4F9P
http://www.timbraunmusician.com/8u3b/?DzrXY=eX+lvTL7MbK9tAC2dirOGxJtmp01sBQmjLclFmQfDMoi81TUQ4NjHQaRBE4FvlEeLFd1&zR-4v=0v1D8ZZ8otVT4F9P
http://www.palomachurch.com/8u3b/?DzrXY=9jYQaMLPhL6iMydi3VPda4ZpO9Nse4x/dRiG0pGEWG94UmnbrF8uLUegU4DyS4zVRk0C&zR-4v=0v1D8ZZ8otVT4F9P
Click to see the 58 hidden entries
http://www.kayandbernard.com/8u3b/?DzrXY=W0cOTmFEbnIJWZ9bmCGSrxqzq+x0vekMOKZqlI6Zx++4S/b9RAwggujLJglRzC1NYopM&zR-4v=0v1D8ZZ8otVT4F9P
www.cats16.com/8u3b/
http://www.anygivenrunday.com/8u3b/?DzrXY=mgRUTtjP8oa9OY5PRVEI9pvNIm77vLp11T7wLcVaXT+EQBswbtHCc7JJdGZTw0GPMHIV&zR-4v=0v1D8ZZ8otVT4F9P
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/frere-user.html3
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.goodfont.co.kr
http://www.carterandcone.com
http://www.carterandcone.com$d
http://www.effectivemarketinginc.com/8u3b/?DzrXY=JlfdOX0KzvBKJCwgzl05144UYnW9L68BcaCAZdJQAkSKjAz8k9yDpbSclDCZ+PzEALYQ&zR-4v=0v1D8ZZ8otVT4F9P
http://www.founder.com.cn/cnH
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://www.fontbureau.comiona
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.sandoll.co.krcom
http://www.founder.com.cn/cnr
http://www.galapagosdesign.com/DPlease
http://www.%s.comPA
http://www.churchsw.org/church-projector-project
http://www.fonts.com
http://www.goodfont.co.krn
http://www.sandoll.co.kr
http://www.2000deal.com/8u3b/?DzrXY=/wAP08hkjicc6Jt0eNBrV8xVMyK0vdY+Qr+E6nWTlRrbM9gWbC2ePToIBG3Sa1gtWFqW&zR-4v=0v1D8ZZ8otVT4F9P
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.carterandcone.comI
http://www.sakkal.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.founder.com.cn/cn/8
http://www.carterandcone.comTC
http://www.carterandcone.comnic
http://www.churchsw.org/repository/Bibles/
http://www.carterandcone.comu
http://www.fontbureau.coma
http://en.wikip
http://www.carterandcone.coml
http://www.gb-contracting.com/8u3b/?DzrXY=OOVfeLyiAWIpMBFTQ6m1xWirhq5hDDYdrnFBGiAZzRO7gqk2ccIpVztzXoI7ESdS0nQl&zR-4v=0v1D8ZZ8otVT4F9P
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
https://mollysmulligan.com/8u3b/?DzrXY=Q16
http://www.fontbureau.com/designers/frere-user.html
http://www.founder.com.cn/cn6
http://www.carterandcone.comfr
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.sandoll.co.krn-u
http://www.goodfont.co.kr-
http://www.founder.com.cn/cnKr4

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\g1EhgmCqCD.exe.log
ASCII text, with CRLF line terminators
#