=
flash

WZ454554.exe

Status: finished
Submission Time: 13.01.2022 20:21:21
Malicious
Trojan
Spyware
Evader
FormBook DBatLoader

Comments

Tags

  • exe
  • formbook

Details

  • Analysis ID:
    552851
  • API (Web) ID:
    920376
  • Analysis Started:
    13.01.2022 20:21:22
  • Analysis Finished:
    13.01.2022 20:36:02
  • MD5:
    58b39c2620cdda3d3fa6a125f476fc9f
  • SHA1:
    5d2672c79e9dffb2cdeee0d00e406c03c762985c
  • SHA256:
    fdf39d043cc55d6a72b1fe01c9067bb7591d5c379798499148521e6158afeea0
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
15/67

malicious
16/41

IPs

IP Country Detection
162.159.130.233
United States
34.102.136.180
United States
162.159.135.233
United States

Domains

Name IP Detection
sentlogisticsja.com
34.102.136.180
cdn.discordapp.com
162.159.130.233
www.senerants.tech
0.0.0.0
Click to see the 1 hidden entries
www.sentlogisticsja.com
0.0.0.0

URLs

Name Detection
www.spiegelpherese.com/m9g2/
http://www.sentlogisticsja.com/m9g2/?xXV=6l9PRhy0D4S&GvW=sz5ErymDSipaI2rGHMiHzQDn8335WrDZWT7fmGUTYuWWeT2KiLBKARdoGEtcQCocu9tS
http://www.sentlogisticsja.com/m9g2/
Click to see the 2 hidden entries
https://cdn.discordapp.com/attachments/801846679439016010/931166967853875200/Hyrzbcwcasllzbwmlqsydewtjitxnzf
http://www.sentlogisticsja.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\75A8527W\75Alogri.ini
data
#
C:\Users\user\AppData\Roaming\75A8527W\75Alogrv.ini
data
#
C:\Users\user\Contacts\Hyrzbcwcas.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 8 hidden entries
C:\Users\user\Contacts\Hyrzbcwcas.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Hyrzbcwcasllzbwmlqsydewtjitxnzf[1]
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Hyrzbcwcasllzbwmlqsydewtjitxnzf[1]
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Hyrzbcwcasllzbwmlqsydewtjitxnzf[2]
data
#
C:\Users\user\AppData\Local\Temp\DB1
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Roaming\75A8527W\75Alogim.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
#
C:\Users\user\AppData\Roaming\75A8527W\75Alogrg.ini
data
#
C:\Users\user\Contacts\sacwcbzryH.url
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Contacts\\Hyrzbcwcas.exe">), ASCII text, with CRLF line terminators
#