top title background image
flash

INV74321.exe

Status: finished
Submission Time: 2021-05-12 07:29:27 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    411840
  • API (Web) ID:
    779443
  • Analysis Started:
    2021-05-12 07:34:19 +02:00
  • Analysis Finished:
    2021-05-12 07:45:08 +02:00
  • MD5:
    877bb5661fe79bb7f48cfb3ea54537a0
  • SHA1:
    dd6b5263da3b4f1a42e89c2c1ade852098561c5d
  • SHA256:
    87935ff36515ecb6a4177c25ad1d11e8d2882aa1c3f369e719406f063a062517
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 21/69
malicious
Score: 9/34
malicious
Score: 21/29

IPs

IP Country Detection
154.84.101.247
Seychelles
119.18.54.126
India
64.190.62.111
United States
Click to see the 4 hidden entries
104.21.46.55
United States
87.98.148.38
France
163.43.122.109
Japan
34.102.136.180
United States

Domains

Name IP Detection
www.downtoearthwork.com
104.21.46.55
www.shebagholdings.com
154.84.101.247
www.booweats.com
64.190.62.111
Click to see the 11 hidden entries
www.0o-a-8v4l76.net
163.43.122.109
www.topcasino-111.com
87.98.148.38
king-jackpot.com
119.18.54.126
www.aqayeseo.com
0.0.0.0
www.smartmatch-dating-api.com
0.0.0.0
www.xn--espacesacr-k7a.com
0.0.0.0
www.king-jackpot.com
0.0.0.0
www.cylindberg.com
0.0.0.0
www.lingoblasterdiscount.com
0.0.0.0
xn--espacesacr-k7a.com
34.102.136.180
www.painteredmond.com
192.185.0.218

URLs

Name Detection
http://www.shebagholdings.com/or4i/?KdTL=a2JxONfH&iN6=JH4nS7VeW/UW/jbaFlzhauiIX/+RMeGdEmcv+8JYSHoft+e37yOEU8VwtY3nHc6WUP+N
http://www.booweats.com/or4i/?iN6=qot6XnlSyPOFXuVGORD9CEtZEU4GG3KqT75/dB/Qk/mHCfMLKHKtxcGvS1QijbP8ODf8&KdTL=a2JxONfH
http://www.king-jackpot.com/or4i/?iN6=xDS7CyCJ4m7HrOhyeYRIonE7yEohNWwwbSjxvOh7bSQREc8K1tWvWT2hFG1Cb6Pxbdkw&KdTL=a2JxONfH
Click to see the 34 hidden entries
http://www.0o-a-8v4l76.net/or4i/?KdTL=a2JxONfH&iN6=/YqV2YobZFGxQDMEPRH3FzX3sp56PIzy9ik5N6g8OdLGQC9Q4dIJ/Xm93vftNToRdJfn
http://www.downtoearthwork.com/or4i/?iN6=vk1T1/Otk3yMmnVlXkpxnnLL8r3GDGLc1I2gV0bP1VjWwuz1bkf/wMDaHcJA224PqQY0&KdTL=a2JxONfH
http://www.topcasino-111.com/or4i/?iN6=3f8HQQz9URnG4Uu+PIIk9qulCbedODjEyUaPCq0CAbkTamHv8kfsRb46QNyKsrnaM2YM&KdTL=a2JxONfH
www.nobleandmarble.com/or4i/
http://www.urwpp.deDPlease
http://www.sandoll.co.kr
http://www.fonts.com
http://www.zhongyicts.com.cn
http://www.galapagosdesign.com/staff/dennis.htm
http://www.fontbureau.com/designers8
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/
http://www.sakkal.com
http://nsis.sf.net/NSIS_Error
http://www.fontbureau.com/designers/frere-jones.html
http://www.founder.com.cn/cn
http://fontfabrik.com
http://www.xn--espacesacr-k7a.com/or4i/?KdTL=a2JxONfH&iN6=aXFVbdpXZKuOxG6QcVTci15xYCj/Qxdw9P9YBGKWWpBj56F6fv1TkawGdiCQA9RepvWh
http://www.apache.org/licenses/LICENSE-2.0
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.typography.netD
http://www.sajatypeworks.com
http://www.carterandcone.coml
http://www.goodfont.co.kr
http://nsis.sf.net/NSIS_ErrorError
http://www.fontbureau.com/designers
http://www.tiro.com
https://sedo.com/search/details/?partnerid=324561&language=it&domain=booweats.com&origin=sales_lande
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://www.fontbureau.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\nsi6113.tmp\q7pl.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\k0bmhafw06
data
#
C:\Users\user\AppData\Local\Temp\k40o4d06bo6
data
#