top title background image
flash

NvkGETsSDb.exe

Status: finished
Submission Time: 2021-10-27 19:32:19 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    510425
  • API (Web) ID:
    877993
  • Analysis Started:
    2021-10-27 19:35:13 +02:00
  • Analysis Finished:
    2021-10-27 19:46:10 +02:00
  • MD5:
    e17b528f9c192653dc9777bd46e48d82
  • SHA1:
    f4dfc93942ed0c091340057f1164b1e1e6f4a148
  • SHA256:
    83708560ecc442b5b6dadbdf5af39ae4f1e843664c932a9de3eff1e38bf6d4a5
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
clean
0/100

Third Party Analysis Engines

malicious
Score: 10/66

IPs

IP Country Detection
184.168.131.241
United States
198.46.90.29
United States

Domains

Name IP Detection
mr-exclusive.com
184.168.131.241
carterscts.com
198.46.90.29
www.lenovoidc.com
0.0.0.0
Click to see the 2 hidden entries
www.mr-exclusive.com
0.0.0.0
www.carterscts.com
0.0.0.0

URLs

Name Detection
http://www.mr-exclusive.com/s18y/?eXwdIN10=Pa4nojFHNdgR9BnFd7o8aKQocYkXN/E4z79GVA9AtWALsHU61u0W5ib2TTz7NOJsFj7K&3fU4r=D2MpiZv
http://www.carterscts.com/s18y/?eXwdIN10=4Ci6vsYQWs8id7GhdYTjZRJculBFGSFOZGvHXdH6NGfnjVfmX1rRX92W0hUQgL+8jwmH&3fU4r=D2MpiZv
www.agentpathleurre.space/s18y/
Click to see the 2 hidden entries
https://www.afternic.com/forsale/mr-exclusive.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_
http://www.collada.org/2005/11/COLLADASchema9Done

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NvkGETsSDb.exe.log
ASCII text, with CRLF line terminators
#