=
flash

commercial invoice_010202201.exe

Status: finished
Submission Time: 14.01.2022 10:19:32
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    553094
  • API (Web) ID:
    920616
  • Analysis Started:
    14.01.2022 10:19:33
  • Analysis Finished:
    14.01.2022 10:31:26
  • MD5:
    acbc7357e4fb7d8d4874ecbeb0c5bd0f
  • SHA1:
    f423fed0f335e5c31d7b799aba25469420fb6009
  • SHA256:
    73f458d7e38ab748b7b7d3b3e680db9eb08d845c1b1b7c935a6ee453d8f03358
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
16/43

malicious

IPs

IP Country Detection
118.67.131.217
Korea Republic of
23.227.38.74
Canada
199.59.243.200
United States
Click to see the 4 hidden entries
2.57.90.16
Lithuania
109.106.254.15
Serbia
89.17.204.228
Spain
198.54.117.211
United States

Domains

Name IP Detection
www.friendschance.com
118.67.131.217
www.sfcshavedice.com
199.59.243.200
www.survival-hunter.com
89.17.204.228
Click to see the 14 hidden entries
laraful.com
34.102.136.180
shops.myshopify.com
23.227.38.74
rxvendorpills.online
2.57.90.16
ludowinners.online
109.106.254.15
www.toposales.com
0.0.0.0
www.ludowinners.online
0.0.0.0
www.cloudtotaal.com
0.0.0.0
www.moldluck.com
0.0.0.0
www.laraful.com
0.0.0.0
www.rxvendorpills.online
0.0.0.0
www.controle-fiscal.com
0.0.0.0
www.answertitles.com
0.0.0.0
www.stardomfrokch.xyz
0.0.0.0
parkingpage.namecheap.com
198.54.117.211

URLs

Name Detection
http://www.sfcshavedice.com/igwa/?JXRL2Htp=iLZ1RFWiw0U4S9E0pDZlJcjoptUhYXlNWk90HzYHcuVmRCYph1Gowzt+bYvcpjSVMV+b&2dyD8R=k0GL
http://www.toposales.com/igwa/?JXRL2Htp=ma6dGeieA/uMuLPHhGmEMO0MhvgJCSwWTtOunmNNbuA50fkYJarGKThxl5bT79VqZFZn&2dyD8R=k0GL
http://www.friendschance.com/igwa/?JXRL2Htp=kcJK5GFpDKPtevBg1nN4AS2uwE6IDbqQL9Esa69lHd4fhlo3nfdugBZ3P+KHWdbb77iO&2dyD8R=k0GL
Click to see the 9 hidden entries
http://www.ludowinners.online/igwa/?JXRL2Htp=P7cOGMhGan+iOds35nuUwcQL6AiWu3hpp80V2Eae8ndsAihNyn6owzlv0a79YI8S4Mj0&2dyD8R=k0GL
http://www.survival-hunter.com/igwa/?JXRL2Htp=XkWoyKtjfo1nTXOdSlOCxSRnTVDbDlQTsKZVtKCHx1ue89AIkDfi+mwVckT9NwCZj6NC&2dyD8R=k0GL
http://www.stardomfrokch.xyz/igwa/?JXRL2Htp=fxfNgp9ZS8bh2/dcez9r/a5fPpTZli2HVK4HIQKX3jCJ31NosuhFm2CAaUmyjrkPXZG7&2dyD8R=k0GL
www.toposales.com/igwa/
http://www.answertitles.com/igwa/?JXRL2Htp=zipQeNKESZPqCbLQlDCLj4zpqFgOpmaVmA6du1Oyf7pRL9Y+oEdiiyDWqjEEpcoXahJo&2dyD8R=k0GL
http://www.rxvendorpills.online/igwa/?JXRL2Htp=pt5DjHHXKdbYY+ulYudT7OdutHPMSBHvoYqZ/+0K/RDZ4aBmJwtpu5HKuc6CLarugF7n&2dyD8R=k0GL
https://www.survival-hunter.com/igwa/?JXRL2Htp=XkWoyKtjfo1nTXOdSlOCxSRnTVDbDlQTsKZVtKCHx1ue89AIkDfi
http://nsis.sf.net/NSIS_Error
http://nsis.sf.net/NSIS_ErrorError

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\nshDF13.tmp\uajs.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\5kowm48kjaiw3ht
data
#
C:\Users\user\AppData\Local\Temp\jfxtaknu
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\nshDF12.tmp
data
#