Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

scan files 15-9-21.exe

Status: finished
Submission Time: 2021-09-15 09:25:43 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook
  • xloader

Details

  • Analysis ID:
    483582
  • API (Web) ID:
    851151
  • Analysis Started:
    2021-09-15 09:29:55 +02:00
  • Analysis Finished:
    2021-09-15 09:41:26 +02:00
  • MD5:
    00e32d8a2cbd54e967bfc8f512086ecf
  • SHA1:
    f51b70a2117089a87b0daf6f179a3b492acf58f2
  • SHA256:
    36d409b61a0f456cb3e593338ebf2db1fae38ea645392d98030bc7e7a0eb9a3c
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 20/68
malicious
Score: 12/45

IPs

IP Country Detection
172.67.196.84
 United States
84.34.147.60
 Finland
35.237.65.63
 United States
Click to see the 1 hidden entries
34.98.99.30
 United States

Domains

Name IP Detection
www.getcenteredwithclay.com
 99.83.154.118
www.nordiqueluxury.com
 84.34.147.60
www.singularity.institute
 172.67.196.84
Click to see the 9 hidden entries
www.valorplanodesaudemaranhao.info
 0.0.0.0
www.everybankatm.com
 0.0.0.0
www.parakhonskiy.com
 0.0.0.0
www.lifewithbriana.com
 0.0.0.0
www.actonetheatre.com
 0.0.0.0
www.quickskiplondon.com
 0.0.0.0
quickskiplondon.com
 34.98.99.30
valorplanodesaudemaranhao.info
 34.98.99.30
www.municipiodeanton.net
 35.237.65.63

URLs

Name Detection
http://www.nordiqueluxury.com/mej0/?ZTSpa=l0iLI2tDMbyWX17YzQI3VU6Ovc+Srds2u4QKsmMGezHC91xioYtP6wjZJcIMhpUbXqNeFFgVfw==&vP=JtCxKN
http://www.singularity.institute/mej0/?ZTSpa=RzUuUNIP5w6/jz6u/3nPHL71H0tFSqxvyYqd1E+XwjP7nDbVm/SW3vaLh5vwv8/S3nR/rxiqcA==&vP=JtCxKN
www.lifewithbriana.com/mej0/
Click to see the 4 hidden entries
http://www.municipiodeanton.net/mej0/?ZTSpa=KB5aME/wLlFyZRHVaeByRa16oaYSLG5vTwTmPkRiuCF7mWnEGcyzal0mWpntA1EdT4HAAexMQQ==&vP=JtCxKN
http://www.autoitscript.com/autoit3/J
http://www.quickskiplondon.com/mej0/?ZTSpa=a/1Q0lHImOSlB3OMiE52M5irpU60+rDCM9jGEsCAFmqZfqxrPXb+yY2uJ0P5II+wgFq1rM2W6g==&vP=JtCxKN
http://www.valorplanodesaudemaranhao.info/mej0/?ZTSpa=JBp6XH2M4Q0SiKTdqMGnH1VhHOjyZ1YS2BfWCv8a5VwMthBJctfaCfrdZAs0prUxB4i8ziLjxQ==&vP=JtCxKN

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\scan files 15-9-21.exe.log
 ASCII text, with CRLF line terminators
 #