flash

tgamf4XuLa.exe

Status: finished
Submission Time: 15.09.2021 10:02:12
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • 32
  • exe
  • trojan

Details

  • Analysis ID:
    483617
  • API (Web) ID:
    851185
  • Analysis Started:
    15.09.2021 10:07:32
  • Analysis Finished:
    15.09.2021 10:21:20
  • MD5:
    f8146a71dedc3eeeaa1624d6832c39a4
  • SHA1:
    b1007a3beab21c77513bb9c4e6fc2a04c6346c04
  • SHA256:
    3611c1a2e9d1897825d5e7100a1c01d807f62a9c75d5f12602c168b0726d56ca
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
91.195.240.94
Germany
52.25.92.0
United States
99.83.154.118
United States
Click to see the 3 hidden entries
103.72.144.19
China
34.102.136.180
United States
34.98.99.30
United States

Domains

Name IP Detection
www.cherrybunk.life
52.25.92.0
www.hellocharmaine.com
91.195.240.94
www.syzhtr.com
103.72.144.19
Click to see the 11 hidden entries
www.d0berman245.xyz
99.83.154.118
www.realstylecelebz.com
99.83.154.118
www.discomountainkombucha.com
91.195.240.94
www.tjandamber.com
0.0.0.0
www.fraktal.media
0.0.0.0
www.expertexceleratorchallenge.com
0.0.0.0
www.dressmids.com
0.0.0.0
fraktal.media
34.98.99.30
expertexceleratorchallenge.com
34.98.99.30
dressmids.com
34.98.99.30
tjandamber.com
34.102.136.180

URLs

Name Detection
www.dressmids.com/vuja/
http://www.discomountainkombucha.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=vHKhDfdz3QjyoUuaK0fKX3k6vNUdxhN00gDlJT2hTfXNtdoBfWWdNbHAMnY3fHnn7Aqd
http://www.hellocharmaine.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=HiF2JmV2owPq8HevY+6PLH0l3KgiDbtf8XOoOMXvRXgVDxDLxjWebHI9Pw488vMk9ORY
Click to see the 11 hidden entries
http://www.cherrybunk.life/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=xxaskX4zCBVE3yBbpvO7oTQxeCyuhPQrJ3bXakBVisDWUfPX6szXkiX7lnBBy6F9sRNz
http://www.syzhtr.com/vuja/?a6PLdH6=u+wR1aKzpDV/TxGllf2QnEgeBGa/HBhCNRhMkmFjTPYp6U2j3/+A9H921q8yWaN2LpI/&SrK0m=8pbLu8l0SV1lo
http://www.d0berman245.xyz/vuja/?a6PLdH6=knesP9qPdEIwhrsdCBVrK6TYPa8ARfupLdS+O1KjpVkHadf5O3a6XCWpr2FomIuS86ow&SrK0m=8pbLu8l0SV1lo
http://www.realstylecelebz.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=mvPzLoePd3E50JyZDmieD6pkHjcUl/YW6tCUslk4/nfE0VzZdnTMarol9oC9qsPy2Se0
https://www.value-domain.com/modall.php
http://www.tjandamber.com/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=O/mUfy2FFtS6I/aReU4qHel2aPwRekNUtr7VAEKDTW8BEYcE6LKZB1SF0N7UsHI7MTf5
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.value-domain.com/
http://www.fraktal.media/vuja/?SrK0m=8pbLu8l0SV1lo&a6PLdH6=+jKwoP3rxSUE2G3GWZal8U7hYP6reGb39kDXBTdBOy+lOhqfFK02kSVdLKlhCp2Y/9bB
https://www.colorfulbox.jp/common/img/bnr/colorfulbox_bnr01.png
http://www.dressmids.com/vuja/?a6PLdH6=mgzvXufYj6psHtNzSOMfQOc1unGQJGuCHGGdhDQCsGfwe59mkNL58xvD94UsnjjJj5NK&SrK0m=8pbLu8l0SV1lo

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tgamf4XuLa.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpEC5E.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\HpnpObXJP.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\HpnpObXJP.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#