top title background image
flash

NEW PO-20220168.exe

Status: finished
Submission Time: 2022-06-23 22:23:07 +02:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • formbook

Details

  • Analysis ID:
    651404
  • API (Web) ID:
    1018908
  • Analysis Started:
    2022-06-23 22:23:08 +02:00
  • Analysis Finished:
    2022-06-23 22:34:40 +02:00
  • MD5:
    d52ce2f4f59f3ba663ab9b0921f7f0c5
  • SHA1:
    6a4e088fd685485a1a546f7be0d3020d6c18532a
  • SHA256:
    54b9a3740468ce0736c3ef889c789460dc2f9b4c63209f6bbde7bf4e6b694d84
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 5/95
malicious

IPs

IP Country Detection
199.59.243.220
United States
208.94.107.33
Canada
195.211.74.112
Netherlands
Click to see the 1 hidden entries
34.102.136.180
United States

Domains

Name IP Detection
www.xviseos.red
199.59.243.220
mainsuranceagency.com
208.94.107.33
www.productsorcerer.com
195.211.74.112
Click to see the 8 hidden entries
www.iaintgotish.com
0.0.0.0
www.thefatreview.com
0.0.0.0
www.huddleadvising.com
0.0.0.0
www.pokerisparadise.com
0.0.0.0
www.g2r5v2pp.xyz
0.0.0.0
www.mainsuranceagency.com
0.0.0.0
iaintgotish.com
34.102.136.180
thefatreview.com
34.102.136.180

URLs

Name Detection
http://www.productsorcerer.com/ssmm/?z2M0Z0=TbIx5LKxHFV&R8L4vl8=Xd7RcvaIiAj/BL79H4/R18drvE8shZADs2Td6kDmva2+YDTR9W7hmzzYXNUZTu1m4p/e
http://www.mainsuranceagency.com/ssmm/?z2M0Z0=TbIx5LKxHFV&R8L4vl8=n1ZCyyn5zSQtLZ6nKZzb6eH0orQzzTSLz5VVoPY8jDWw+yqkpdfoEwxbeWYDpH3CCKfy
http://www.xviseos.red/ssmm/?z2M0Z0=TbIx5LKxHFV&R8L4vl8=bdpiEF1D5QKxkiy+ORhV7PXnD+qtVHcu58QZMi9F2GLHceLfUPm/9FfCXUKjht9UGbu5
Click to see the 66 hidden entries
www.g2r5v2pp.xyz/ssmm/
https://www.antagonist.nl/help/nl/admin/myantagonist/products/allin1domain
https://www.antagonist.nl/help/
http://www.fontbureau.comlic
http://www.fontbureau.comL.TTF
https://www.antagonist.nl/static/images/logo-180.png
https://mijn.antagonist.nl
http://www.iaintgotish.com/ssmm/?R8L4vl8=2STHLuszJh54OAVGkCm+4QYZw4f6/gWCv5ymnsCZcSoWcroLkNbKsi02SBXO4jE9cJLO&z2M0Z0=TbIx5LKxHFV
http://www.founder.com.cn/cn&Y
http://www.sandoll.co.krt
http://www.founder.com.cn/cn/
https://www.antagonist.nl/help/nl/admin/myantagonist/products/dnsadmin
https://www.antagonist.nl/blog/
http://www.fontbureau.comF
http://www.carterandcone.comf
https://antagonist.nl/
http://www.fontbureau.comd
http://www.carterandcone.coml
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://www.sandoll.co.krbou
http://www.fontbureau.com/designers/cabarga.html
https://www.antagonist.nl/help/nl/admin/myantagonist/products/changehosting?#bestel_nieuw_pakket
http://www.fontbureau.comcomF
http://www.fontbureau.comlic)
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
http://www.urwpp.dek
http://www.fontbureau.comalsd7
http://www.fonts.com8
http://www.goodfont.co.kr
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.com/designersh
http://www.typography.netD
http://www.sajatypeworks.com
https://mijn.antagonist.nl/bestellen/domein
https://www.antagonist.nl/help/nl/admin/myantagonist/products/websiteredirect
http://www.fontbureau.comttF
http://www.thefatreview.com/ssmm/?z2M0Z0=TbIx5LKxHFV&R8L4vl8=zKOFClO7+XEIS7f+AuPohldkff0L7qnAHRKT9+HyUwCqcSMPAg9HH3NSspFhUiKPsWfP
http://www.founder.com.cn/cnr-c
http://www.fontbureau.com/designers
http://www.tiro.com
http://www.sajatypeworks.comif
https://www.antagonist.nl/domeinnaam/
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designersG
http://www.fontbureau.comueed
http://www.sakkal.com
http://www.zhongyicts.com.cn
http://www.urwpp.de
http://www.urwpp.deDPlease
http://www.sandoll.co.kr
http://www.fonts.com
http://www.fontbureau.com
https://www.antagonist.nl/help/nl/admin/myantagonist/products/emailforward
https://www.antagonist.nl/static/js/jquery/jquery-3.4.1.min.js
https://www.antagonist.nl/favicon.ico
http://kxrie.me
https://www.antagonist.nl/static/css/bootstrap/bootstrap-4.3.1.min.css
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW PO-20220168.exe.log
ASCII text, with CRLF line terminators
#