=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

DHL SHIPMENT NOTIFICATION 1146789443.exe

Status: finished
Submission Time: 2022-05-13 16:08:10 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    626119
  • API (Web) ID:
    993626
  • Analysis Started:
    2022-05-13 16:08:11 +02:00
  • Analysis Finished:
    2022-05-13 16:18:16 +02:00
  • MD5:
    8fbdf9f70b21179d87b83fe47b2137dd
  • SHA1:
    146eebe16adad9486cac66f4574810cec1f56cbb
  • SHA256:
    972bc525f6be5f7281a72ec4887cc5b85f4b064463bba234f1258c967b164026
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
29/68

malicious
20/41

malicious

IPs

IP Country Detection
23.227.38.74
Canada
3.64.163.50
United States
142.250.185.115
United States

Domains

Name IP Detection
www.ultrakill.xyz
3.64.163.50
shops.myshopify.com
23.227.38.74
www.rtpholywin99.com
0.0.0.0
Click to see the 2 hidden entries
www.keilaniclothing.com
0.0.0.0
ghs.google.com
142.250.185.115

URLs

Name Detection
http://www.ultrakill.xyz/amdf/?oTsXW=bHtTbh8HU&9rF=2pnwrPnaayjLTa+dMDr3ioSS0RS/WyH1Gjote8OZi1oxTz0HZpyyfRSy0TFJ31yfLnqh
http://www.keilaniclothing.com/amdf/?9rF=/oFEaKse3b+9bUwDmBZBOOdpMJRIltPBO/GIVMmFEKpLcaQ5ll8yuFZgv1Udvzfmdn1m&oTsXW=bHtTbh8HU
www.lgf7.com/amdf/
Click to see the 3 hidden entries
http://www.ultrakill.xyz/
http://nsis.sf.net/NSIS_ErrorError
http://www.rtpholywin99.com/amdf/?oTsXW=bHtTbh8HU&9rF=Trmpqgljk9XuX6wxdqqXIm/y+wmhK8tfRywx+ln+mTz4pafXVdYl+/2RwiFK/8XcMfBx

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\aeokw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1f1tfctqz7e9
data
#
C:\Users\user\AppData\Local\Temp\fnnok
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\nsk2671.tmp
data
#