Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

CIQ-PO162667.js

Status: finished
Submission Time: 2022-05-27 17:17:14 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
FormBook, VjW0rm

Comments

Tags

  • js
  • Vjw0rm

Details

  • Analysis ID:
    635232
  • API (Web) ID:
    1002734
  • Analysis Started:
    2022-05-27 17:24:10 +02:00
  • Analysis Finished:
    2022-05-27 17:40:47 +02:00
  • MD5:
    3d6bfb78b4507146f160b706604da6f9
  • SHA1:
    9c189911fb19625c1f9418096fb8b5c65b1d34e9
  • SHA256:
    b92b2c3a689cd2c5929f4123642004b7f23482c036dbf467813a18c91b3537df
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 14/56
Open Full Report
malicious
Score: 17/35
malicious
Score: 26/26
malicious
malicious

IPs

IP Country Detection
154.220.100.142
 Seychelles
160.153.136.3
 United States
3.64.163.50
 United States
Click to see the 10 hidden entries
104.21.4.45
 United States
85.159.66.93
 Turkey
162.0.230.89
 Canada
132.148.165.111
 United States
134.122.201.217
 United States
137.220.133.198
 Singapore
172.96.186.204
 Canada
91.193.75.133
 Serbia
52.17.85.125
 United States
34.102.136.180
 United States

Domains

Name IP Detection
kishanshree.com
 132.148.165.111
www.thepowerofanopenquestion.com
 0.0.0.0
www.liveafunday.xyz
 0.0.0.0
Click to see the 24 hidden entries
www.gafcbooster.com
 0.0.0.0
www.heavymettlelawyers.com
 0.0.0.0
www.brawlhallacodestore.com
 0.0.0.0
www.siberup.xyz
 0.0.0.0
www.sekolahkejepang.com
 0.0.0.0
www.jdhwh2nbiw234.com
 0.0.0.0
www.rasheedabossmoves.com
 0.0.0.0
www.kishanshree.com
 0.0.0.0
www.brandpay.xyz
 3.64.163.50
www.o7oiwlp.xyz
 134.122.201.217
www.ratebill.com
 137.220.133.198
liveafunday.xyz
 172.96.186.204
www.salondutaxi.com
 188.114.96.3
www.2264a.com
 104.21.4.45
www.interlink-travel.com
 154.220.100.142
natroredirect.natrocdn.com
 85.159.66.93
www.topings33.com
 162.0.230.89
sekolahkejepang.com
 103.247.11.212
dilshadkhan.duia.ro
 91.193.75.133
rasheedabossmoves.com
 160.153.136.3
www.screeshot.com
 185.53.179.170
www.shcylzc.com
 23.82.37.10
heavymettlelawyers.com
 34.102.136.180
shop.freewebstore.org
 52.17.85.125

URLs

Name Detection
http://dilshadkhan.duia.ro:6670/VreMTf
http://dilshadkhan.duia.ro:6670/Vre-
http://dilshadkhan.duia.ro:6670/Vre_ndefender://%ProgramFiles%
Click to see the 85 hidden entries
http://dilshadkhan.duia.ro:6670/Vre((
http://dilshadkhan.duia.ro:6670/Vrenter2
http://dilshadkhan.duia.ro:6670/Vre0
http://dilshadkhan.duia.ro:6670/)
http://dilshadkhan.duia.ro:6670/Vre.duia.ro:6670/Vre
http://www.ratebill.com/np8s/?c2MH6DeP=OAQ8ZAk71VYHsoGBQeS0cLLvyBMKMlAsSK0ta2CkcQgnl+jMatCDHwZEkCDKr1q9/u4Y&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/VreZ6
http://dilshadkhan.duia.ro:6670/VreV2
http://www.kishanshree.com/np8s/
http://dilshadkhan.duia.ro:6670/Vre7
http://dilshadkhan.duia.ro:6670/VreMrf_
http://www.siberup.xyz/np8s/
http://dilshadkhan.duia.ro:6670/VrelderViewDual2WWW
http://dilshadkhan.duia.ro:6670/VreA2
http://www.liveafunday.xyz/np8s/
http://dilshadkhan.duia.ro:6670/VrePSAiQ2wi
http://dilshadkhan.duia.ro:6670/VreI
http://www.topings33.com/np8s/
http://dilshadkhan.duia.ro:6670/Vredir=C:
http://www.interlink-travel.com/np8s/?Bl=lHUDzXfpVJ_&c2MH6DeP=O5u6OlqxnDtTF3riQ4xVZIWxoHxK/fTzbXBC76K0hST926FmxCw4JGrgecy53rLpUaVG
http://dilshadkhan.duia.ro:6670/VreZigpIHsN
http://www.o7oiwlp.xyz/np8s/?Bl=lHUDzXfpVJ_&c2MH6DeP=Wi2RbeLHGdcMG/4zbWZrHjxVNTurLVF13zSFjScR2hfe23jELpoygCvTVMXCwbd5YdLw
http://dilshadkhan.duia.ro:6670/Vres2
http://dilshadkhan.duia.ro:6670/Vre
http://dilshadkhan.duia.ro:6670/Vrec&
http://dilshadkhan.duia.ro:6670/Vre%(
http://dilshadkhan.duia.ro:6670/Vre02-00600806D9B6
http://dilshadkhan.duia.ro:6670/Vrex.
http://dilshadkhan.duia.ro:6670/VreoH
http://dilshadkhan.duia.ro/
http://www.brawlhallacodestore.com/np8s/?c2MH6DeP=SjFSW0qH8X1Gu/+4r88YNPSLQa2KKx1h4LPt291Cc0nRXdmgbio7b0swgPTE4uOj94VU&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/VreEa
http://dilshadkhan.duia.ro:6670/VreQa
http://dilshadkhan.duia.ro:6670/VreoKo
http://dilshadkhan.duia.ro:6670/
http://dilshadkhan.duia.ro:6670/Vrerd
http://dilshadkhan.duia.ro:6670/Vreadkhan.duu
http://dilshadkhan.duia.ro:6670/Vre$
https://www.interlink-travel.com/np8s/?Bl=lHUDzXfpVJ_&c2MH6DeP=O5u6OlqxnDtTF3riQ4xVZIWxoHxK/fTzbXBC7
http://www.o7oiwlp.xyz/np8s/
http://dilshadkhan.duia.ro:6670/Vre?9
http://dilshadkhan.duia.ro:6670/VreM
http://www.rasheedabossmoves.com/np8s/
http://www.kishanshree.com/np8s/?c2MH6DeP=vlrq3Iq6CNBS64Mt3AOFKZFqCoQQX/EcbdCgZyJL/t2S6EN96XJkdyy29bgYyDpdikhs&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/VrebWcgPSAi
www.gafcbooster.com/np8s/
http://dilshadkhan.duia.ro:6670/VreDENTIFIER=Intel64
http://dilshadkhan.duia.ro:6670/Vreo
http://dilshadkhan.duia.ro:6670/Vrerwl
http://www.interlink-travel.com/np8s/?c2MH6DeP=O5u6OlqxnDtTF3riQ4xVZIWxoHxK/fTzbXBC76K0hST926FmxCw4JGrgecy53rLpUaVG&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/Vrenter2oft6
http://www.interlink-travel.com/np8s/
http://dilshadkhan.duia.ro:6670/VreKTsNClZO
http://dilshadkhan.duia.ro:6670/VreIER=Intel64
http://www.o7oiwlp.xyz/np8s/?c2MH6DeP=Wi2RbeLHGdcMG/4zbWZrHjxVNTurLVF13zSFjScR2hfe23jELpoygCvTVMXCwbd5YdLw&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/Vre1dG
http://www.liveafunday.xyz/np8s/?Bl=lHUDzXfpVJ_&c2MH6DeP=z2yIa7cx1SROgCPUWMRj7QFmCzRewXUzLnClNkjkn7TUjkjwrW0kK9KMlL9EtH2oI1i9
http://dilshadkhan.duia.ro:6670/VreZXBsYWNlrr
http://dilshadkhan.duia.ro:6670/VreMjo
http://dilshadkhan.duia.ro:6670/VreZXBsYWNl
http://www.ratebill.com/np8s/
http://www.topings33.com/np8s/?c2MH6DeP=+1vSQSU4VFPBNkL8EMH3DU8MRg7YeuqbcMOylP3M0ivye7s4zRc3erRZEPodkGcNW4yt&hFQL=JXUhrvXxUhF4
http://www.2264a.com/np8s/?c2MH6DeP=SaZV+ETfGqRGg8UpLQ9gT5lpaRa7t1Wyj9mLK06zGilC1KjP8kiErJAXediVB/P9DJGG&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/Vreoftows
http://dilshadkhan.duia.ro:6670/VreYXIgaXQg
http://dilshadkhan.duia.ro:6670/Vre._8
http://www.siberup.xyz/np8s/?c2MH6DeP=cDXfWuCokJFrdCwhVntnDB+RdogU7uBP5U/Sv42Lexzi+FyRpCsvSOHB1ClRHn4SxuGj&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/VreN
http://dilshadkhan.duia.ro:6670/VreE-8C82-00AA004BA90B
http://dilshadkhan.duia.ro/sers
http://dilshadkhan.duia.ro:6670/VreZigpIHsNrr
http://dilshadkhan.duia.ro:6670/Vre63209-4053062332-100
http://www.rasheedabossmoves.com/np8s/?c2MH6DeP=pvCvVC1srqMzTu3vjZ/Pi4S7puQ7WYlroZs2vwEH9SE4BkgUF4SEMyF7QpXUX37idvZ6&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/Vre2a
http://dilshadkhan.duia.ro:6670/Vreadkhan.d
http://www.brandpay.xyz/np8s/?c2MH6DeP=hgAcLcCQcJ9fw2P/Tuk0sK1oy/IuL6u1zsG1wPPsT2rq6CikgixxXMntvJFJ21PsUjiZ&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/VreZ
http://dilshadkhan.duia.ro:6670/Vre783C6-CB41-11D1-8B02-00600806D9B6
http://www.2264a.com/np8s/
http://www.liveafunday.xyz/np8s/?c2MH6DeP=z2yIa7cx1SROgCPUWMRj7QFmCzRewXUzLnClNkjkn7TUjkjwrW0kK9KMlL9EtH2oI1i9&hFQL=JXUhrvXxUhF4
http://dilshadkhan.duia.ro:6670/Vre$_&
http://www.heavymettlelawyers.com/np8s/
http://www.heavymettlelawyers.com/np8s/?c2MH6DeP=sGHpREHB6zr3UC4aQViiUpNRv9hYNnMtmn0rCl8QdyZ+urDz6JFWhhwh7EVf+dC28syJ&hFQL=JXUhrvXxUhF4
http://www.o7oiwlp.xyz
http://schemas.microsoft.co

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Cex8di\5hol_r7nkdhp.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\bin.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\JmtwmJXhXe.js
 ASCII text, with very long lines
 #
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JmtwmJXhXe.js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Temp\DB1
 SQLite 3.x database, last written using SQLite version 3032001
 #