=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

Bank_Transfer_Receipt_Copy_Scan#342 (5).exe

Status: finished
Submission Time: 2021-12-15 14:09:15 +01:00
Malicious
Trojan
Spyware
Evader
GuLoader FormBook

Comments

Tags

  • exe
  • Formbook
  • guloader
  • xloader

Details

  • Analysis ID:
    540355
  • API (Web) ID:
    907881
  • Analysis Started:
    2021-12-15 14:09:29 +01:00
  • Analysis Finished:
    2021-12-15 14:22:48 +01:00
  • MD5:
    72a345c95142aee60e7df54b570c2c6b
  • SHA1:
    aa479735d39ced67594ff0b0d5f91679e506ac38
  • SHA256:
    a7a0ada5969b3b343a5c2d17e1fe57f542a0f9cb94b98daf7a4922d8cdcd5e8d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
5/93

malicious
5/34

malicious
12/45

IPs

IP Country Detection
172.217.168.46
United States
172.217.168.1
United States

Domains

Name IP Detection
drive.google.com
172.217.168.46
googlehosted.l.googleusercontent.com
172.217.168.1
doc-0c-ao-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
www.thesocialmediacreator.com/i638/
https://doc-0c-ao-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ubf3t0pvfkcl5sqbkpotb7a08dnj393g/1639574025000/11789396277519397655/*/1Pq36Fq9yGHzam_FHR1D0IrFRVEBW3FSZ?e=download

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\IXP000.TMP\nongrav.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#