Register Login

sloganpng

top title background image

5tCYPTkM6b.exe

Status: finished

Submission Time: 2022-01-28 10:37:02 +01:00

Malicious

Trojan

Evader

FormBook

Comments

Tags

Details

Analysis ID:
562034
API (Web) ID:
929554
Analysis Started:

2022-01-28 10:45:02 +01:00
Analysis Finished:

2022-01-28 10:55:57 +01:00
MD5:
c2ca2ba9c38eb02217588662717ba6c3
SHA1:
8a897f24d2e564af2c2fcc272ab0cfbef10611b5
SHA256:
9af4d9ef8b2a850854ae23411d44d3603147c26898bca1010fd2f9b16f6d456e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 25/64

malicious

Score: 15/43

malicious

IPs

IP	Country	Detection
148.72.244.75	United States
156.246.248.162	Seychelles
34.102.136.180	United States

Domains

Name	IP	Detection
www.yixuan5.com	156.246.248.162
gooooooo.xyz	148.72.244.75
freelance-rse.com	193.141.3.66
Click to see the 12 hidden entries
www.gooooooo.xyz	0.0.0.0
www.freelance-rse.com	0.0.0.0
www.carriewilliamsinc.com	0.0.0.0
www.nbjcgl.com	0.0.0.0
www.inslidr.com	0.0.0.0
www.postmoon.xyz	0.0.0.0
www.ehaszthecarpetbagger.com	0.0.0.0
www.farmacymerchants.com	0.0.0.0
www.micorgas.com	35.186.238.101
carriewilliamsinc.com	34.102.136.180
www.wildberryhair.com	172.67.168.28
farmacymerchants.com	34.102.136.180

URLs

Name	Detection
http://www.yixuan5.com/b80i/?Tjox=uE8pNRih73IMph6TwINJhREQoM0gDuEUez/fX+GpYn7iSRYOEOY8W/QDgsCvwRU23ef9loG+cg==&3f9LV=d484gh1H9
www.dreamschools.online/b80i/
http://www.gooooooo.xyz/b80i/?Tjox=RiUiRE3mjXVt2J/JNN+P+o7W4g2/FA7pScYCkHZZbsn0kCc2XYGtZAPMcbBY0+c70SCl18kAyQ==&3f9LV=d484gh1H9
Click to see the 5 hidden entries
http://www.autoitscript.com/autoit3/J
http://www.farmacymerchants.com/b80i/?Tjox=shkkGZu5/RZ8iX9p+IXF0YMrmhwzQE3Vmi1yYN92EzxfMV+N5Q/+I95GtZw5bZfv7GwSNh0c2Q==&3f9LV=d484gh1H9
http://nsis.sf.net/NSIS_Error
http://nsis.sf.net/NSIS_ErrorError
http://www.carriewilliamsinc.com/b80i/?Tjox=OPDrsYDAXYudYL2hPtHgnQqdl9DF73S6Onzi++lTY4BHymNtl4pPvZlk8Nnjb/pYfVanIAZSdg==&3f9LV=d484gh1H9

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\mgyagjb	data	#
C:\Users\user\AppData\Local\Temp\nsiD4B3.tmp	data	#
C:\Users\user\AppData\Local\Temp\nsiD4B4.tmp\npsx.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\wgtx82tpscdlgb4zlyrg	data	#