Register Login

sloganpng

top title background image

FGGx944Qu7.exe

Status: finished

Submission Time: 2024-05-19 08:04:06 +02:00

Malicious

Trojan

Spyware

Evader

FormBook

Comments

Tags

Details

Analysis ID:
1443953
API (Web) ID:
1443953
Original Filename:
21d18e20b8b0e17e0b554b5940a7aaed.exe
Analysis Started:

2024-05-19 08:04:06 +02:00
Analysis Finished:

2024-05-19 08:14:24 +02:00
MD5:
21d18e20b8b0e17e0b554b5940a7aaed
SHA1:
bad65794a2bc8c23d373f82e11978f11af1af57d
SHA256:
b600c43e2980691952532a79e7a0aef2351aeef6f740fd2f56647509c93b6da0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 49/73

malicious

Score: 15/24

malicious

malicious

IPs

IP	Country	Detection
172.67.140.176	United States
34.149.87.45	United States
199.59.243.225	United States

Domains

Name	IP	Detection
www.birthingwitht.com	0.0.0.0
www.drapples.club	0.0.0.0
www.oobzxod2xn.cc	172.67.140.176
Click to see the 2 hidden entries
94950.bodis.com	199.59.243.225
td-ccm-neg-87-45.wixdns.net	34.149.87.45

URLs

Name	Detection
https://ac.ecosia.org/autocomplete?q=
https://duckduckgo.com/chrome_newtab
http://www.oobzxod2xn.cc/q0r6/?uZgP=5pyvScKx6ZbOO2uX774/2f03V4PpvoLdLg/OCd1FMvXsxJY7YeHi6SxOzHnr25kvmJZHa8XXHydHc3e54xwdxF+eQrhYMnjeuarocBe7v18XiUqzaWXVlPw=&a6m=8Rw4HDhPzbgPS
Click to see the 11 hidden entries
https://duckduckgo.com/ac/?q=
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
http://www.drapples.club/q0r6/
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://www.drapples.club
https://www.ecosia.org/newtab/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\tmp1454.tmp	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\TBsjWljiCpR.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FGGx944Qu7.exe.log	ASCII text, with CRLF line terminators	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TBsjWljiCpR.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\20291vC	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1k4wtsks.qys.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1rfx4p55.jzt.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2odq22e3.wb2.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uya4cokv.3zx.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wftn1kob.rrm.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wms5kunf.vwh.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ys2tmhij.gni.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zuw0b1st.zey.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\tmp350B.tmp	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Roaming\TBsjWljiCpR.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#