UGGJ4NnzFz.exe

Status: finished

Submission Time: 2021-06-10 14:34:38 +02:00

Malicious

Trojan

Evader

FormBook

Comments

Details

Analysis ID:
432566
API (Web) ID:
800170
Analysis Started:

2021-06-10 14:34:38 +02:00
Analysis Finished:

2021-06-10 14:45:03 +02:00
MD5:
b148ae414eb8a1b34a15cdb32c21f9ee
SHA1:
25b78f76010cc34843352c78d4f8e07a28b46b32
SHA256:
193788545c12c697fe660e9dd178e5d97478d5b90d5b0096f1cd6a9b641d48e9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 20/68

malicious

Score: 14/47

IPs

IP	Country	Detection
62.149.128.40	Italy
165.22.38.5	United States
160.153.136.3	United States
Click to see the 3 hidden entries
157.245.232.77	United States
23.227.38.74	Canada
34.102.136.180	United States

Domains

Name	IP	Detection
www.oilleakgames.com	0.0.0.0
www.protectpursuit.com	0.0.0.0
www.allyexpense.com	0.0.0.0
Click to see the 16 hidden entries
www.2dmaxximumrecords.com	0.0.0.0
www.sw-advisers.com	0.0.0.0
www.bring-wellness.com	0.0.0.0
www.goldgrandpa.com	0.0.0.0
www.topazsnacks.com	0.0.0.0
www.freshdeliciousberryfarm.com	0.0.0.0
www.goodlukc.com	0.0.0.0
protectpursuit.com	165.22.38.5
www.growwithjenn.com	0.0.0.0
topazsnacks.com	135.181.180.74
growwithjenn.com	160.153.136.3
shops.myshopify.com	23.227.38.74
www.goldinsacks.com	62.149.128.40
sw-advisers.com	157.245.232.77
freshdeliciousberryfarm.com	34.102.136.180
bring-wellness.com	34.102.136.180

URLs

Name	Detection
www.rebeccannemontgomery.net/dp3a/
http://www.goldinsacks.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP
http://www.sw-advisers.com/dp3a/?rTWxa=76AMkVxxuSKB5pgh4RNc3EipO3rbFW8MEUNJys/eLa/AxdTMjRac1XeBowoP/wZORJRk&qXtd=VpFTeL6xRNZ0stZ0
Click to see the 31 hidden entries
http://www.goldgrandpa.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=GkWHDDYMiWr4Ju0U4teKyAR8hKcpKlGmV2ZHyKwA/bXhSAEvQCtqjiLuXtjyxk2BGjrR
http://www.galapagosdesign.com/staff/dennis.htm
http://www.fontbureau.com/designers/cabarga.htmlN
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://nsis.sf.net/NSIS_Error
http://www.jiyu-kobo.co.jp/
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designers8
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://www.sakkal.com
http://www.goldinsacks.com:80/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkT
http://www.founder.com.cn/cn/cThe
http://www.apache.org/licenses/LICENSE-2.0
http://www.typography.netD
http://www.sajatypeworks.com
http://www.carterandcone.coml
http://www.bring-wellness.com/dp3a/?rTWxa=F+NQG3wr2qmzRibT9BAJK2aVObQEDzb5Y6jfukgEe6sv7RNklleEIbtQ/MsGh07J4TVQ&qXtd=VpFTeL6xRNZ0stZ0
http://www.goodfont.co.kr
http://nsis.sf.net/NSIS_ErrorError
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://www.fontbureau.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\6jlp0t221b5inmotwb6	data	#
C:\Users\user\AppData\Local\Temp\dceotuvjnitpz	data	#
C:\Users\user\AppData\Local\Temp\nsyA3E3.tmp	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\nsyA3E4.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#

UGGJ4NnzFz.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

UGGJ4NnzFz.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

UGGJ4NnzFz.exe