flash

Se adjunta el pedido, proforma.exe

Status: finished
Submission Time: 25.11.2021 16:50:22
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    528688
  • API (Web) ID:
    896212
  • Analysis Started:
    25.11.2021 16:50:23
  • Analysis Finished:
    25.11.2021 17:05:27
  • MD5:
    deea7525a547ed7a9ef6c81b04478f3e
  • SHA1:
    b29c935913a55c9bad3979d05d97a6ebda871604
  • SHA256:
    413e8df7f149aa643aaa1ef70e953ab2112827b652f1cf05b6420ed6a119962d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
29/68

malicious
22/44

IPs

IP Country Detection
162.159.130.233
United States
162.159.135.233
United States
162.159.134.233
United States

Domains

Name IP Detection
www.pkem.top
104.233.161.196
hagenbicycles.com
85.194.202.138
www.hagenbicycles.com
0.0.0.0
Click to see the 3 hidden entries
cdn.discordapp.com
162.159.134.233
www.77777.store
103.120.80.111
www.tajniezdrzi.quest
37.123.118.150

URLs

Name Detection
www.rematedeldia.com/euv4/
https://cdn.discordapp.com/
http://crl.microsoft
Click to see the 2 hidden entries
https://cdn.discordapp.com/attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxy
https://cdn.discordapp.com/attachments/900622540588843013/912979191073476678/Lxtcsmegwxhfqoabkjaduxyckamobho

Dropped files

Name File Type Hashes Detection
C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Contacts\Lxtcsmeg\Lxtcsmeg.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2255.tmp (copy)
data
#
Click to see the 32 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2285.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn22C4.tmpni (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn22F4.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2324.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2325.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2326.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2356.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2357.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2358.tmp. (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn2359.tmp. (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn235A.tmp (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn235B.tmpes (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn235C.tmpes (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn238C.tmpes (copy)
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Lxtcsmegwxhfqoabkjaduxyckamobho[1]
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Lxtcsmegwxhfqoabkjaduxyckamobho[1]
data
#
C:\Users\user\Contacts\Lxtcsmeg\gemsctxL.url
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Contacts\\Lxtcsmeg\\Lxtcsmeg.exe">), ASCII text, with CRLF line terminators
#