Register Login

sloganpng

top title background image

20211016-113459_Banco Cajamar.exe

Status: finished

Submission Time: 2021-12-02 19:30:49 +01:00

Malicious

Trojan

Evader

FormBook

Comments

Tags

Details

Analysis ID:
532899
API (Web) ID:
900420
Analysis Started:

2021-12-02 19:38:10 +01:00
Analysis Finished:

2021-12-02 19:49:10 +01:00
MD5:
ac5a3bebe7e44737930399317246c31f
SHA1:
ee33d7600dfb3e9bc888e79126ad66b001db405f
SHA256:
ba2972170824e9bb06c18fce3fcfa5d52411163bc1ecdc55e7fe94fac3ba96ad
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 30/65

Open Full Report

malicious

Score: 8/35

malicious

Score: 22/28

malicious

IPs

IP	Country	Detection
170.130.100.87	United States
81.17.29.148	Switzerland

Domains

Name	IP	Detection
www.cyfarthfa.net	170.130.100.87
www.mychmedicare.com	81.17.29.148
www.yemdzosports.com	0.0.0.0

URLs

Name	Detection
www.etaiiler.com/n3p2/
http://schemas.micr
http://survey-smiles.com

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\20211016-113459_Banco Cajamar.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqoavsik.5kk.ps1	very short file (no magic)	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y51dvbcm.bmm.psm1	very short file (no magic)	#
C:\Users\user\Documents\20211202\PowerShell_transcript.301389.zOcmmtWV.20211202193910.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#