top title background image
flash

Bank_Transfer_Receipt_Copy_Scan#342 (5).exe

Status: finished
Submission Time: 2021-12-15 14:09:15 +01:00
Malicious
Trojan
Spyware
Evader
GuLoader FormBook

Comments

Tags

  • exe
  • Formbook
  • guloader
  • xloader

Details

  • Analysis ID:
    540355
  • API (Web) ID:
    907881
  • Analysis Started:
    2021-12-15 14:09:29 +01:00
  • Analysis Finished:
    2021-12-15 14:22:48 +01:00
  • MD5:
    72a345c95142aee60e7df54b570c2c6b
  • SHA1:
    aa479735d39ced67594ff0b0d5f91679e506ac38
  • SHA256:
    a7a0ada5969b3b343a5c2d17e1fe57f542a0f9cb94b98daf7a4922d8cdcd5e8d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 5/93
malicious
Score: 5/34
malicious
Score: 12/45

IPs

IP Country Detection
172.217.168.46
United States
172.217.168.1
United States

Domains

Name IP Detection
drive.google.com
172.217.168.46
googlehosted.l.googleusercontent.com
172.217.168.1
doc-0c-ao-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
www.thesocialmediacreator.com/i638/
https://doc-0c-ao-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ubf3t0pvfkcl5sqbkpotb7a08dnj393g/1639574025000/11789396277519397655/*/1Pq36Fq9yGHzam_FHR1D0IrFRVEBW3FSZ?e=download

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\IXP000.TMP\nongrav.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#