Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

file.exe

Status: finished
Submission Time: 2023-03-29 21:41:22 +02:00
Malicious
Ransomware
Trojan
Evader
FormBook, Play

Comments

Tags

  • NET
  • exe
  • MSIL

Details

  • Analysis ID:
    837573
  • API (Web) ID:
    1204654
  • Analysis Started:
    2023-03-29 21:50:38 +02:00
  • Analysis Finished:
    2023-03-29 22:04:47 +02:00
  • MD5:
    921fba8af6c955c0fc7c8206e833bbe4
  • SHA1:
    a2067d7a6b8c80ebebf0bbdbe4e593635ce6efda
  • SHA256:
    d99fdee30a323b0ed4cfbd9c4661530f45b368f829869604fb9a83debfff7a32
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
199.59.243.223
 United States
34.102.136.180
 United States

Domains

Name IP Detection
www.pointman.us
 199.59.243.223
www.vikavivi.com
 0.0.0.0
www.scottdunn.life
 0.0.0.0
Click to see the 4 hidden entries
www.funinfortmyers.com
 0.0.0.0
vikavivi.com
 34.102.136.180
scottdunn.life
 34.102.136.180
parkingpage.namecheap.com
 198.54.117.217

URLs

Name Detection
http://www.pointman.usReferer:
http://www.mentallyillmotherhood.com/g2fg/www.blancheshelley.xyz
http://www.programagubernamental.store
Click to see the 97 hidden entries
http://www.blancheshelley.xyz/g2fg/
http://www.pikmin.runReferer:
http://www.vikavivi.com/g2fg/www.funinfortmyers.com
www.blancheshelley.xyz/g2fg/
http://www.pikmin.run/g2fg/www.mentallyillmotherhood.com
http://www.pikmin.run/g2fg/
http://www.youser.online/g2fg/bR
http://www.pointman.us/g2fg/www.vikavivi.com
http://www.facom.us/g2fg/www.programagubernamental.store
http://www.pointman.us/g2fg/
http://www.pointman.us/g2fg/?4hcPZDI=1ZbWzwWBWxEdGhy/e82kp5544c8o4bU6/C/4k5IuQdOu/iNANdrsX0vcj9fJurvqheTccFw6SQ==&5jO8=DFNPA2
http://www.mangoirslk.top/g2fg/www.pikmin.run
http://www.scottdunn.life/g2fg/
http://www.scottdunn.life/g2fg/www.pointman.us
http://www.youser.online/g2fg/
http://www.mvrsnike.com/g2fg/
http://www.programagubernamental.storeReferer:
http://www.pikmin.run
http://www.blancheshelley.xyz/g2fg/www.celimot.xyz
http://www.pointman.us
http://www.cardano-dogs.com/g2fg/www.facom.us
http://www.vikavivi.com/g2fg/
http://www.celimot.xyzReferer:
http://www.celimot.xyz/g2fg/www.youser.online
http://www.jiyu-kobo.co.jp/i
http://www.founder.c
http://www.vikavivi.comReferer:
http://www.tiro.com
http://www.fontbureau.com/designersG
http://www.5gt-mobilevsverizon.com/g2fg/www.cardano-dogs.com
http://www.5gt-mobilevsverizon.com
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.mentallyillmotherhood.com/g2fg/
http://www.mangoirslk.topReferer:
http://www.funinfortmyers.com/g2fg/www.investmenofpairs.club
http://www.blancheshelley.xyz
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.galapagosdesign.com/i
http://www.facom.usReferer:
http://www.sakkal.com
http://www.scottdunn.life
http://www.sandoll.co.kr
http://www.fonts.com
http://www.fontbureau.comalic(
http://www.facom.us/g2fg/
http://www.investmenofpairs.club
http://www.youser.online
http://www.5gt-mobilevsverizon.com/g2fg/
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm
http://www.investmenofpairs.club/g2fg/www.mvrsnike.com
http://www.typography.netD
http://www.funinfortmyers.com
http://www.goodfont.co.kr
http://www.vikavivi.com/g2fg/?5jO8=DFNPA2&4hcPZDI=0GmFLK6BvEHG6f+3yW7rq0gaxsjlf4zIxfT9kyp2W28lfhZZPzt3YRzsuLSdeGjNDRe3j9pduQ==
http://www.jiyu-kobo.co.jp/(
http://www.facom.us
http://www.galapagosdesign.com/DPlease
http://www.investmenofpairs.club/g2fg/
http://www.tiro.comuA
http://www.vikavivi.com
http://www.jiyu-kobo.co.jp/2
http://www.fontbureau.com(
https://github.com/AlexZeGamer/AnagramGame#lblTxtWordToGuess
http://www.urwpp.deDPlease
http://www.fontbureau.comgrita
http://www.founder.com.cn/cn/cThe
https://www.google.com
http://www.sajatypeworks.com
http://www.cardano-dogs.comReferer:
http://www.fontbureau.com/designers
http://www.tiro.com0
http://www.mvrsnike.comReferer:
http://www.sajatypeworks.comiv
http://www.jiyu-kobo.co.jp/M
http://www.youser.onlineReferer:
http://www.fontbureau.com/designers/frere-jones.html
http://www.carterandcone.coml
http://www.investmenofpairs.clubReferer:
http://www.fontbureau.come.com
http://www.fontbureau.comalic?
http://www.celimot.xyz
http://www.celimot.xyz/g2fg/
http://www.jiyu-kobo.co.jp/F
http://www.cardano-dogs.com
http://www.funinfortmyers.comReferer:
http://www.mentallyillmotherhood.comReferer:
http://www.galapagosdesign.com/
http://www.autoitscript.com/autoit3/J
http://www.fontbureau.com=
http://www.fontbureau.com.TTF
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cn
http://www.mentallyillmotherhood.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmp617E.tmp
 XML 1.0 document, ASCII text
 #
C:\Users\user\AppData\Roaming\XAEXefKaRG.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\XAEXefKaRG.exe:Zone.Identifier
 ASCII text, with CRLF line terminators
 #