top title background image
flash

vi0EwpbUht.exe

Status: finished
Submission Time: 2021-06-10 20:52:17 +02:00
Malicious
Spreader
Trojan
Evader
FormBook Neshta

Comments

Tags

  • exe
  • neshta

Details

  • Analysis ID:
    432848
  • API (Web) ID:
    800452
  • Analysis Started:
    2021-06-10 20:52:17 +02:00
  • Analysis Finished:
    2021-06-10 21:08:53 +02:00
  • MD5:
    f478c15f5affd8359762b8c6b0e913a4
  • SHA1:
    05b36949abd35a132488158f38149c7b582c8d3a
  • SHA256:
    e355ac0da4996011e91f28b11e03c44d54606ae4ceb0bc4f6d0a0edc4b3410ed
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 32/35
malicious
Score: 29/29
malicious

IPs

IP Country Detection
34.102.136.180
United States

Domains

Name IP Detection
www.agileintelligence.coach
0.0.0.0
agileintelligence.coach
34.102.136.180

URLs

Name Detection
www.personalizedyardsigns.com/xkcp/
http://www.typography.netD
http://www.sakkal.com
Click to see the 28 hidden entries
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.sandoll.co.kr
http://www.fonts.com
http://www.fontbureau.com/designers8
http://www.galapagosdesign.com/DPlease
http://www.jiyu-kobo.co.jp/
http://nsis.sf.net/NSIS_Error
http://www.fontbureau.com/designers/frere-jones.html
http://www.founder.com.cn/cn
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.autoitscript.com/autoit3/J
http://www.sajatypeworks.com
http://www.carterandcone.coml
http://www.goodfont.co.kr
http://nsis.sf.net/NSIS_ErrorError
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.fontbureau.com/designers?
http://www.agileintelligence.coach/xkcp/?6lS0=KFNDChppd2b&f2JL=SStynINVP5NCGh+2RJURYBVhcUSlPPhp5T3GlTJ0osry6C6vZ7yRpdLEbpP0cRdR/S5JjqUiIQ==
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaws.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\FIRSTRUN.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\DCF\filecompare.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 97 hidden entries
C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\CNFNOT32.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\CLVIEW.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\AppSharingHookController.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\ACCICONS.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Java\jre1.8.0_211\bin\unpack200.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssvagent.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2launcher.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\GRAPH.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Java\jre1.8.0_211\bin\javaw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Java\jre1.8.0_211\bin\javacpl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\PPTICO.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\protocolhandler.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\misc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\lynchtmlconv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\lync99.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\XLICONS.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\WORDICON.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\VPREVIEW.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\SELFCERT.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\SCANPST.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\OcPubMgr.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\NAMECONTROLSERVER.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\MSQRY32.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\MSOSREC.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\MSOHTMED.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Microsoft Office\Office16\IEContentService.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Au3Info.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Au3Check.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\setup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\Source user\OSE.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Setup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ODeploy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\Oarpmany.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOXMLED.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOSQM.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\MSOICONS.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\FLTLDR.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CSISYNCCLIENT.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE16\CMigrate.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ose.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaws.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\javaw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\AutoIt3\Uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#