flash

UGGJ4NnzFz.exe

Status: finished
Submission Time: 10.06.2021 14:34:38
Malicious
Trojan
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    432566
  • API (Web) ID:
    800170
  • Analysis Started:
    10.06.2021 14:34:38
  • Analysis Finished:
    10.06.2021 14:45:03
  • MD5:
    b148ae414eb8a1b34a15cdb32c21f9ee
  • SHA1:
    25b78f76010cc34843352c78d4f8e07a28b46b32
  • SHA256:
    193788545c12c697fe660e9dd178e5d97478d5b90d5b0096f1cd6a9b641d48e9
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
20/68

malicious
14/47

IPs

IP Country Detection
62.149.128.40
Italy
165.22.38.5
United States
160.153.136.3
United States
Click to see the 3 hidden entries
157.245.232.77
United States
23.227.38.74
Canada
34.102.136.180
United States

Domains

Name IP Detection
protectpursuit.com
165.22.38.5
sw-advisers.com
157.245.232.77
www.goldinsacks.com
62.149.128.40
Click to see the 16 hidden entries
shops.myshopify.com
23.227.38.74
growwithjenn.com
160.153.136.3
topazsnacks.com
135.181.180.74
www.growwithjenn.com
0.0.0.0
www.oilleakgames.com
0.0.0.0
www.goodlukc.com
0.0.0.0
www.freshdeliciousberryfarm.com
0.0.0.0
www.topazsnacks.com
0.0.0.0
www.goldgrandpa.com
0.0.0.0
www.bring-wellness.com
0.0.0.0
www.sw-advisers.com
0.0.0.0
www.2dmaxximumrecords.com
0.0.0.0
www.allyexpense.com
0.0.0.0
www.protectpursuit.com
0.0.0.0
bring-wellness.com
34.102.136.180
freshdeliciousberryfarm.com
34.102.136.180

URLs

Name Detection
http://www.sw-advisers.com/dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0
http://www.goldgrandpa.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrR
http://www.goldinsacks.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP
Click to see the 31 hidden entries
www.rebeccannemontgomery.net/dp3a/
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers
http://nsis.sf.net/NSIS_ErrorError
http://www.goodfont.co.kr
http://www.bring-wellness.com/dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ0
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn/cThe
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://nsis.sf.net/NSIS_Error
http://www.jiyu-kobo.co.jp/
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designers8
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.goldinsacks.com:80/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkT

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\6jlp0t221b5inmotwb6
data
#
C:\Users\user\AppData\Local\Temp\dceotuvjnitpz
data
#
C:\Users\user\AppData\Local\Temp\nsyA3E3.tmp
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#