Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
CSRF protection violation occurred, your changes were not processed!
flash

file.exe

Status: finished
Submission Time: 2024-12-23 13:56:08 +01:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe

Details

  • Analysis ID:
    1579888
  • API (Web) ID:
    1579888
  • Analysis Started:
    2024-12-23 13:56:08 +01:00
  • Analysis Finished:
    2024-12-23 14:05:58 +01:00
  • MD5:
    b96e6785937bd52b1281fb98f0abcf25
  • SHA1:
    d27572ada589769bfdb99dabbd485556e39010ba
  • SHA256:
    519678c24f6036d935bdd915090f07ad1fea068dc2491861648c6b00698de514
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 12/38

IPs

IP Country Detection
45.38.60.47
 United States
104.21.40.196
 United States
198.252.111.49
 Canada

Domains

Name IP Detection
lebahsemesta57.click
 198.252.111.49
www.vytech.net
 45.38.60.47
www.7b5846.online
 104.21.40.196
Click to see the 4 hidden entries
www.ux-design-courses-53497.bond
 0.0.0.0
www.imxtld.club
 0.0.0.0
www.lebahsemesta57.click
 0.0.0.0
api.msn.com
 0.0.0.0

URLs

Name Detection
http://www.vytech.net/hwu6/?NvW8gh=3eE7W8JGsE0Z0gf0dkzWoMqC44Ih/LpQP6YOK8HSo/jc9NPr5lNFbiMzFCC+b/Y1vVpG&1bd=qBZpwRT8rpbTOZn
https://outlook.com
https://www.msn.com/en-us/news/crime/us-rep-henry-cuellar-of-texas-is-carjacked-by-three-armed-attac
Click to see the 97 hidden entries
http://www.dental-implants-83810.bond/hwu6/
http://www.dangdut4dselalu.pro/hwu6/www.lf758.vip
https://android.notify.windows.com/iOS
https://www.rd.com/list/polite-habits-campers-dislike/
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
http://www.locerin-hair.shop/hwu6/www.edmaker.online
https://aka.ms/odirmP
http://www.ux-design-courses-53497.bond
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
http://www.otzen.info
http://www.apoppynote.com/hwu6/
http://www.vytech.net/hwu6/www.lebahsemesta57.click
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
http://schemas.micr
http://www.eternityzon.shop
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
http://www.ozzd86fih4.onlineReferer:
http://www.inefity.cloud/hwu6/www.bethlark.top
http://www.04506.clubReferer:
http://www.stairr-lift-find.today
http://www.6vay.boats/hwu6/www.66sodovna.net
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
http://www.edmaker.online/hwu6/www.dental-implants-83810.bond
http://www.bethlark.top/hwu6/www.apoppynote.com
https://www.msn.com/en-us/news/crime/
https://powerpoint.office.comcember
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
http://www.vytech.netReferer:
http://www.rider.vision/hwu6/
http://www.ozzd86fih4.online/hwu6/
http://www.migraine-treatment-36101.bond
http://schemas.mi
http://www.8e5lr5i9zu.buzz/hwu6/www.inefity.cloud
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
http://www.otzen.infoReferer:
https://www.msn.com/en-us/news/us/texas-congressman-is-victim-of-carjacking-in-washington-d-c/ar-AA1
http://www.vibrantsoul.xyz/hwu6/www.dangdut4dselalu.pro
https://outlook.com_
http://www.ozzd86fih4.online/hwu6/www.6vay.boats
http://www.imxtld.clubReferer:
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
http://www.maheshg.xyz
http://www.inefity.cloudReferer:
http://www.eternityzon.shop/hwu6/
http://www.dental-implants-83810.bondReferer:
http://www.edmaker.onlineReferer:
http://www.dangdut4dselalu.pro/hwu6/
http://www.6vay.boats/hwu6/
http://www.lebahsemesta57.click/hwu6/
http://www.04506.club/hwu6/www.maheshg.xyz
http://www.66sodovna.net/hwu6/I:
http://www.04506.club
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
http://www.7b5846.onlineReferer:
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
https://excel.office.com
http://www.dental-implants-83810.bond/hwu6/www.8e5lr5i9zu.buzz
https://deff.nelreports.net/api/report?cat=msn
http://www.vibrantsoul.xyz
https://api.msn.com:443/v1/news/Feed/Windows?
http://www.vibrantsoul.xyzReferer:
http://www.7b5846.online/hwu6/
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
http://www.8e5lr5i9zu.buzz/hwu6/
http://www.migraine-treatment-36101.bond/hwu6/www.rider.vision
http://www.inefity.cloud/hwu6/
http://www.bethlark.topReferer:
http://www.vytech.net/hwu6/
http://www.sugatoken.xyz/hwu6/
https://aka.ms/odirmr
http://www.ux-design-courses-53497.bond/hwu6/
http://www.04506.club/hwu6/
http://www.rider.visionReferer:
http://www.cloggedpipes.net/hwu6/
https://word.office.com
https://wns.windows.com/L
http://www.lf758.vipReferer:
http://www.autoitscript.com/autoit3/J
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
http://www.imxtld.club
https://aka.ms/Vh5j3kP
http://www.vibrantsoul.xyz/hwu6/www.locerin-hair.shop
http://www.maheshg.xyzReferer:
http://www.bethlark.top
http://www.lf758.vip
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0tG-dark
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
http://www.maheshg.xyz/hwu6/
http://www.66sodovna.net
http://www.eternityzon.shop/hwu6/www.7b5846.online
http://www.otzen.info/hwu6/www.migraine-treatment-36101.bond
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
http://www.66sodovna.net/hwu6/www.04506.club
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY

Dropped files

No malicious files found. See full and IOC report for all dropped files.