Payment Copy.exe

Status: finished

Submission Time: 2022-04-04 11:37:12 +02:00

Malicious

Trojan

Evader

FormBook

Comments

Details

Analysis ID:
602352
API (Web) ID:
969860
Analysis Started:

2022-04-04 11:47:38 +02:00
Analysis Finished:

2022-04-04 11:59:45 +02:00
MD5:
219f68a5479c09286580a583cac95c30
SHA1:
5aa4afa9a64567421ec5ee446b91afb555ad088c
SHA256:
3a3e12eabec6d3f196912bfeca3527aa7f965721489217d25b663af4a88cd25f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 8/93

malicious

Score: 15/42

malicious

IPs

IP	Country	Detection
104.238.71.140	United States
34.117.168.233	United States
34.102.136.180	United States

Domains

Name	IP	Detection
td-ccm-168-233.wixdns.net	34.117.168.233
ulrichfab.com	104.238.71.140
www.aboutrealestatenewyork.com	0.0.0.0
Click to see the 8 hidden entries
www.printgo119.com	0.0.0.0
www.headwaylearning.com	0.0.0.0
www.rapina.biz	0.0.0.0
www.ulrichfab.com	0.0.0.0
www.unitedtogetherofl.com	0.0.0.0
www.zj-fabric.com	0.0.0.0
www.anarsamadov.com	156.250.90.90
aboutrealestatenewyork.com	34.102.136.180

URLs

Name	Detection
http://www.rapina.biz/u6fn/?F8Exqn5=TDHj/oxMV4jMJS8PhAM/jkpp/gQUpN57IpaSW459mbJB8sT+dr4EZQ1r5gKbb/ESduTx&mT=BdxXA
http://www.ulrichfab.com/u6fn/?F8Exqn5=lKNMGGP4KGq+Y7+z/sZIj8gRmG/pluB/wAzhE2MVvpotiBXqO0t+ia4Qh1lPyAQVeCps&mT=BdxXA
www.ulrichfab.com/u6fn/
Click to see the 32 hidden entries
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-user.html
http://www.jiyu-kobo.co.jp/
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designers8
http://www.fonts.com
http://www.sandoll.co.kr
http://www.fontbureau.comdial
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://www.sakkal.com
https://zwyr157wwiu6eior.com/v1/users/servicesCapplication/x-www-form-urlencoded
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.apache.org/licenses/LICENSE-2.0
http://www.sajatypeworks.com
http://www.carterandcone.coml
http://www.fontbureau.coma
http://www.goodfont.co.kr
http://www.aboutrealestatenewyork.com/u6fn/?F8Exqn5=Z74lXovmnYGDc0CKV9cX28ZANXsTuRqUh6fuR1zW4jift281P7xDC98pU8w47clAzsJL&mT=BdxXA
http://www.fontbureau.com/designers
https://zwyr157wwiu6eior.com/v1/users/tokens
http://www.tiro.com
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
https://zwyr157wwiu6eior.com/v1/users/services
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://www.fontbureau.com

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment Copy.exe.log	ASCII text, with CRLF line terminators	#

Deep Malware Analysis

Payment Copy.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

Payment Copy.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Payment Copy.exe