=
flash

40881-39611-05143-MT103.exe

Status: finished
Submission Time: 14.01.2022 06:27:35
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • formbook

Details

  • Analysis ID:
    553033
  • API (Web) ID:
    920555
  • Analysis Started:
    14.01.2022 06:27:37
  • Analysis Finished:
    14.01.2022 06:37:07
  • MD5:
    a181630fd1086db2385028fa8c2cd27c
  • SHA1:
    e2f6974f63e07d8d165d7be26639d862bf2a818f
  • SHA256:
    c026113c33af8599afd82bb769c25eea7ac5f1212576c4306347a54a8fd5ed1b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
21/66

malicious
12/43

IPs

IP Country Detection
158.85.87.76
United States
34.102.136.180
United States

Domains

Name IP Detection
allandlewis.com
158.85.87.76
www.bovanuffelen.com
217.160.0.10
www.ar-sands.com
0.0.0.0
Click to see the 4 hidden entries
www.gnatyuk.info
0.0.0.0
www.allandlewis.com
0.0.0.0
ar-sands.com
34.102.136.180
gnatyuk.info
34.102.136.180

URLs

Name Detection
www.watddle.com/t1y0/
http://www.allandlewis.com/t1y0/?j4eTzF=tLX95BcBGfEhqVleCXtpcNXr5hlqBy02D0w7FqhwVxcUYz1XFX4bZ6eVCxIWz+fQPry/&y2M=JPRlurVHW6
http://canadian.namespro.ca/domains.html
Click to see the 24 hidden entries
http://www.namespro.ca/SearchResult.asp
https://www.namespro.ca/images/logo-200x200.gif
http://registry.namespro.ca/domains.html
http://registration.namespro.ca/dot.ca.html
http://www.namespro.ca
http://www.gnatyuk.info/t1y0/?j4eTzF=F82LBBwiF2WdFMF0PdT+LyhlKqSByZY+hePS/QYkGxd4nwGUhGJA4bF6+h/WaxW/quis&y2M=JPRlurVHW6
http://nsis.sf.net/NSIS_ErrorError
http://registration.namespro.ca/domain.html
http://register.namespro.ca/canadian.html
http://www.namespro.ca/MultipleSearch.asp
http://nsis.sf.net/NSIS_Error
http://registration.namespro.ca/domains.html
http://register.namespro.ca/domains.html
http://www.namespro.ca/ExtensionSearch.asp
http://registration.namespro.ca/canadian.html
http://registry.namespro.ca/dot.ca.html
http://register.namespro.ca/domain.html
http://canadian.namespro.ca/domain.html
http://canadian.namespro.ca/canadian.html
http://registry.namespro.ca/canadian.html
http://registry.namespro.ca/domain.html
http://canadian.namespro.ca/dot.ca.html
http://register.namespro.ca/dot.ca.html
http://www.ar-sands.com/t1y0/?j4eTzF=X3Ka+jH2pGe9JZJCakhiHHqoQGax0dVQKYvGWJh20Ylx7iFclkHqSNrYISZlIgOBNqtm&y2M=JPRlurVHW6

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\gy8flejfjx
data
#
C:\Users\user\AppData\Local\Temp\nsgDD11.tmp
data
#
C:\Users\user\AppData\Local\Temp\nsgDD12.tmp\aoslyngdpq.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\xfdnpljo
data
#