Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

PI_n0._8234.scr.exe

Status: finished
Submission Time: 2023-03-27 07:32:21 +02:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe
  • Formbook

Details

  • Analysis ID:
    835331
  • API (Web) ID:
    1202425
  • Analysis Started:
    2023-03-27 07:42:25 +02:00
  • Analysis Finished:
    2023-03-27 07:55:09 +02:00
  • MD5:
    3e872be3033224c36cc17cccdd0db5a0
  • SHA1:
    2c2c30b58846ad4abd8cf9afc7c42e77ed0671d8
  • SHA256:
    30c25464c1c21db7b22b1c479912dbc7a17f9f5772016507e3afab04ed8367d4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 40/69
malicious
Score: 23/37
malicious

IPs

IP Country Detection
89.31.143.1
 Germany
91.189.114.29
 Russian Federation
154.197.193.35
 Seychelles
Click to see the 4 hidden entries
192.187.111.219
 United States
199.192.26.35
 United States
81.17.29.148
 Switzerland
216.40.34.41
 Canada

Domains

Name IP Detection
www.userflo.top
 199.192.26.35
mgzzym.top
 154.197.193.35
www.kymbellastyles.com
 81.17.29.148
Click to see the 5 hidden entries
www.elladeehiggins.com
 216.40.34.41
www.cactus-market.ru
 91.189.114.29
www.texasgent.com
 192.187.111.219
www.objekt-betreuung.nrw
 89.31.143.1
www.mgb91ewu.buzz
 0.0.0.0

URLs

Name Detection
http://www.objekt-betreuung.nrw/dgwm/
http://www.mgb91ewu.buzz/dgwm/
http://www.elladeehiggins.com/dgwm/
Click to see the 97 hidden entries
http://www.cactus-market.ru/dgwm/?-i=WX7Z8PXSKYUVL&cLI6V=pN5K4IJxxG7mB597DG+IakzK3rvMdkpUIodg01IG9g0yY0pIWfo2ZrjM8VGVo8IbsIdjZub4GdHpKoKJ0ljlsNERLcAiRVXjyg==
http://www.userflo.top/dgwm/
http://www.pholamphatuteitlah.shop/dgwm/
http://www.mgb91ewu.buzz/dgwm/?cLI6V=AfJZJ+R0nZcb6BBkKblivHmZazOyZx4zuvm1s5dQITm05RajwYe32lHvB27K/tQAUTI68xeGoLzZoQvz9BSEfOdd1oTwDzW6Kw==&-i=WX7Z8PXSKYUVL
http://www.elladeehiggins.com/dgwm/?cLI6V=XVdCmR5xzmIkDHbKyPHEY8kKf0sgRev3GfM4an/3Rx5LSQoTye8jTGz8zJCgWHb870QkznlV9NKBC2usfS7dNHYm8AYXkmUMrg==&-i=WX7Z8PXSKYUVL
http://www.objekt-betreuung.nrw/dgwm/?-i=WX7Z8PXSKYUVL&cLI6V=Iizdbj8go5QDc5VLkvUBg0wGmeQXtD8Q/L+AHNIya8mIMBfY76U0eVP1dQJolPIRPRaPlkLMVQBrTQT+H7KhiQWX0AtO/s8MIg==
https://sbb.bbb.grth.xyz/nfiehaof3fje89jfs48joie.gif
https://mim0x1.com/20230327/vc5aibmx/index.jpg
http://www.objekt-betreuung.nrw-i=WX7Z8PXSKYUVL
http://www.fontbureau.com/designersG
http://www.founder.com.cn/cn/bThe
http://www.pholamphatuteitlah.shop
http://www.fontbureau.com/designers/?
https://www.instagram.com/hover_domains
http://www.userflo.top
http://www.fontbureau.com/designers?
http://www.elladeehiggins.com
https://77604479.com:9999
http://www.hindsight.equipment-i=WX7Z8PXSKYUVL
http://survey-smiles.com
http://www.texasgent.com-i=WX7Z8PXSKYUVL
https://www.hover.com/tos?source=parked
http://www.vkstm.store-i=WX7Z8PXSKYUVL
http://www.cactus-market.ru
https://dxa2vmbk.xyz/
https://www.hover.com/domains/results
https://www.hover.com/tools?source=parked
http://www.sakkal.com
https://mtsp8cwn.xyz/#/
https://mim0x1.com/20230327/xe8tb7y3/index.jpg
http://www.sandoll.co.kr
http://www.fonts.com
https://mim0x1.com/20230327/v1b4argz/index.jpg
https://mim0x1.com/20230327/njlbp7la/index.jpg
http://www.3ciroshop.com-i=WX7Z8PXSKYUVL
http://www.texasgent.com/dgwm/
http://www.texasgent.com
http://www.bestservicesandtrade.org/dgwm/
https://search.yahoo.com?fr=crmas_sfpf
http://www.bianchibeverage.com-i=WX7Z8PXSKYUVL
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm
https://mim0x1.com/20230327/iz40kcqq/index.jpg
http://www.typography.netD
http://www.bestservicesandtrade.org-i=WX7Z8PXSKYUVL
https://www.hover.com/about?source=parked
https://www.hover.com/email?source=parked
http://www.goodfont.co.kr
https://mgdz1.com
http://www.tiro.com
http://www.carcosainvest.com-i=WX7Z8PXSKYUVL
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.kymbellastyles.com-i=WX7Z8PXSKYUVL
http://www.urwpp.deDPlease
http://www.vkstm.store/dgwm/
https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
http://www.galapagosdesign.com/DPlease
http://www.carcosainvest.com/dgwm/
https://mim0x1.com/20230327/8jz74rpu/index.jpg
http://www.tkrrmstt.top/dgwm/
http://www.fontbureau.commiv3V%jv
http://www.3ciroshop.com
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.comas
http://www.userflo.top-i=WX7Z8PXSKYUVL
http://www.sajatypeworks.com
https://mim0x1.com/20230327/zbawbbv9/index.jpg
http://www.fontbureau.com/designers
http://www.pholamphatuteitlah.shop-i=WX7Z8PXSKYUVLS
http://www.star-house.okinawa
http://www.vkstm.store
https://duckduckgo.com/ac/?q=
https://duckduckgo.com/chrome_newtab
https://cdn.staticfile.org/jquery/1.9.1/jquery.min.js
http://www.fontbureau.com/designers/frere-user.html
https://mim0x1.com/20230327/em90y8o0/index.jpg
http://www.mgb91ewu.buzz
http://www.carterandcone.coml
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
http://www.hindsight.equipment/dgwm/
https://mim0x1.com/20230327/tdku8rmc/index.jpg
http://www.cactus-market.ru-i=WX7Z8PXSKYUVL
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://www.tkrrmstt.top-i=WX7Z8PXSKYUVL
https://www.hover.com/renew?source=parked
http://www.star-house.okinawa/dgwm/
https://cdn.staticfile.org/jquery.lazyload/1.8.3/jquery.lazyload.min.js
http://www.hindsight.equipment
https://twitter.com/hover
http://www.3ciroshop.com/dgwm/
https://www.hover.com/domain_pricing?source=parked
https://mim0x1.com/20230327/ahqoxwnw/index.jpg
http://www.mgb91ewu.buzz-i=WX7Z8PXSKYUVL
http://www.bianchibeverage.com/dgwm/
https://help.hover.com/home?source=parked
http://www.carcosainvest.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PI_n0._8234.scr.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmp9A76.tmp
 XML 1.0 document, ASCII text
 #
C:\Users\user\AppData\Roaming\GmoTlwVJfdB.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\GmoTlwVJfdB.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #