Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

CIQ-PO116266.js

Status: finished
Submission Time: 2022-05-27 18:34:21 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
FormBook, VjW0rm

Comments

Tags

  • js
  • Vjw0rm

Details

  • Analysis ID:
    635299
  • API (Web) ID:
    1002801
  • Analysis Started:
    2022-05-27 18:44:09 +02:00
  • Analysis Finished:
    2022-05-27 19:00:29 +02:00
  • MD5:
    eb430ba81f36e80bb1a0b27a686ea1a9
  • SHA1:
    df9efb1dff452353f5ea481ecf721901107907ba
  • SHA256:
    813f90ecb1ef908f765c987d20937654d2071da8d86ed60352f554786c11afb9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 6/93
Open Full Report
malicious
Score: 17/35
malicious
Score: 26/26
malicious
malicious

IPs

IP Country Detection
188.114.96.3
 European Union
198.54.117.216
 United States
45.39.111.146
 United States
Click to see the 15 hidden entries
103.247.11.212
 Indonesia
91.193.75.133
 Serbia
23.82.37.10
 United States
198.54.117.244
 United States
170.39.76.27
 Reserved
132.148.165.111
 United States
162.0.230.89
 Canada
81.169.145.161
 Germany
15.197.142.173
 United States
160.153.136.3
 United States
154.220.100.142
 Seychelles
104.21.8.218
 United States
52.17.43.61
 United States
34.102.136.180
 United States
198.54.117.211
 United States

Domains

Name IP Detection
littlebeartreeservices.com
 160.153.136.3
www.losangelesrentalz.com
 0.0.0.0
www.xn--wsthof-camping-gsb.com
 0.0.0.0
Click to see the 27 hidden entries
www.udrivestorage.com
 0.0.0.0
www.gafcbooster.com
 0.0.0.0
www.brawlhallacodestore.com
 0.0.0.0
www.sekolahkejepang.com
 0.0.0.0
www.brandingaloha.com
 0.0.0.0
www.jdhwh2nbiw234.com
 0.0.0.0
www.lazarusnatura.com
 0.0.0.0
www.geo-pacificoffshore.com
 0.0.0.0
www.kishanshree.com
 0.0.0.0
www.littlebeartreeservices.com
 0.0.0.0
www.wps-mtb.com
 0.0.0.0
www.shcylzc.com
 23.82.37.10
kishanshree.com
 132.148.165.111
xn--wsthof-camping-gsb.com
 81.169.145.161
www.68chengxinle.com
 45.39.111.146
www.salondutaxi.com
 188.114.96.3
www.jlbwaterdamagerepairseattle.com
 170.39.76.27
www.interlink-travel.com
 154.220.100.142
www.topings33.com
 162.0.230.89
sekolahkejepang.com
 103.247.11.212
dilshadkhan.duia.ro
 91.193.75.133
www.medyumgalip.com
 104.21.8.218
losangelesrentalz.com
 15.197.142.173
www.nachuejooj07.xyz
 198.54.117.244
brandingaloha.com
 34.102.136.180
shop.freewebstore.org
 52.17.43.61
parkingpage.namecheap.com
 198.54.117.211

URLs

Name Detection
http://www.brawlhallacodestore.com/np8s/?U48h=SjFSW0qH8X1Gu/+4r88YNPSLQa2KKx1h4LPt291Cc0nRXdmgbio7b0swgPTE4uOj94VU&m88hS=6ld8i2BhSR2pvHw
http://www.kishanshree.com/np8s/
http://www.xn--wsthof-camping-gsb.com/np8s/?U48h=1Nsioc0lpQImfCEv7q3CJRvbkNIovvFEONaUY8zyneWF7ypKO8GgemnIz8ljrbRyzkwj&m88hS=6ld8i2BhSR2pvHw
Click to see the 91 hidden entries
http://dilshadkhan.duia.ro:6670/Vre-
http://dilshadkhan.duia.ro:6670/Vre088214C05064EeSI
http://dilshadkhan.duia.ro:6670/Vre0
http://dilshadkhan.duia.ro:6670/VretBgsX
http://www.jlbwaterdamagerepairseattle.com/np8s/?U48h=d/nstEfJj6EqHIao63FJ0s9GuqA95KQHoqtaktjr9/p2jHwlkCQ3yhCEo2yEkzAcnCwi&m88hS=6ld8i2BhSR2pvHw
http://dilshadkhan.duia.ro:6670/Vre5
http://dilshadkhan.duia.ro:6670/Vre8
http://dilshadkhan.duia.ro:6670/VreKS5yZXBsrro
http://dilshadkhan.duia.ro:6670/Vre=
http://dilshadkhan.duia.ro:6670/VrejIJ
http://dilshadkhan.duia.ro:6670/VreKS5yZXBsrr
http://dilshadkhan.duia.ro:6670/Vre;
http://dilshadkhan.duia.ro:6670/Vre-Agent((o
http://www.kishanshree.com/np8s/?2dEPbf=4hfxZPP84Ri&U48h=vlrq3Iq6CNBS64Mt3AOFKZFqCoQQX/EcbdCgZyJL/t2S6EN96XJkdyy29bgYyDpdikhs
http://dilshadkhan.duia.ro:6670/VreC:HOMEPATH=
http://dilshadkhan.duia.ro:6670/VreC
http://dilshadkhan.duia.ro:6670/Vrei4
http://dilshadkhan.duia.ro:6670/Vreadkhan.duuE4
http://www.topings33.com/np8s/
http://dilshadkhan.duia.ro:6670/VreM
http://dilshadkhan.duia.ro:6670/VreIFIER=Intel64
http://dilshadkhan.duia.ro:6
http://dilshadkhan.duia.ro:6670/Vreadkhan.duuO
http://www.topings33.com/np8s/?U48h=+1vSQSU4VFPBNkL8EMH3DU8MRg7YeuqbcMOylP3M0ivye7s4zRc3erRZEPodkGcNW4yt&m88hS=6ld8i2BhSR2pvHw
http://www.shcylzc.com/np8s/
http://www.68chengxinle.com/np8s/
http://www.sekolahkejepang.com/np8s/
http://dilshadkhan.duia.ro:6670/Vres2
http://dilshadkhan.duia.ro:6670/Vre
http://dilshadkhan.duia.ro:6670/VreDQppZiAo
http://dilshadkhan.duia.ro:6670/Vre-0
http://dilshadkhan.duia.ro:6670/Vre~42e
http://dilshadkhan.duia.ro:6670/Vre02-00600806D9B6
http://www.udrivestorage.com/np8s/
http://dilshadkhan.duia.ro:6670/Vrex4
http://dilshadkhan.duia.ro:6670/VreDQpyZXR1
http://dilshadkhan.duia.ro:6670/VreVE
http://www.shcylzc.com/np8s/?U48h=25I4eedf3LYXj+mrZ2jI6olVDZbg0jTgzRvorLdGhmBPpJDDPx12pMPLDebssumACK1+&m88hS=6ld8i2BhSR2pvHw
http://www.losangelesrentalz.com/np8s/?U48h=8LogcizAnzdlGnQxjqmkKg1ptkiP35PZAMc6f9pH/hY/tlO3rV33gx6kBCmuDEKP6O8z&m88hS=6ld8i2BhSR2pvHw
http://dilshadkhan.duia.ro:6670/
http://dilshadkhan.duia.ro:6670/Vreadkhan.duu
http://dilshadkhan.duia.ro:6670/VrePro
http://dilshadkhan.duia.ro:6670/Vre-Agent((O
http://dilshadkhan.duia.ro:6670/Vreows
http://dilshadkhan.duia.ro:6670/Vre-Agent((
http://dilshadkhan.duia.ro:6670/Vreg
http://www.medyumgalip.com/np8s/?2dEPbf=4hfxZPP84Ri&U48h=vppS5AedQQffRlEeclZ7feN7VEirdPdpHk1lk+jbM2J+jzoAXquLk4CVs2mn5+uwvQPb
http://dilshadkhan.duia.ro:6670/Vrem
http://dilshadkhan.duia.ro:6670/Vre0n
http://dilshadkhan.duia.ro:6670/Vrek
http://dilshadkhan.duia.ro:6670/VrebWcgPSAi
www.gafcbooster.com/np8s/
http://dilshadkhan.duia.ro:6670/Vreo
http://dilshadkhan.duia.ro:6670/Vrenter2Pacv
http://dilshadkhan.duia.ro:6670/Vrer
http://dilshadkhan.duia.ro:6670/VreOI
http://www.lazarusnatura.com/np8s/
http://dilshadkhan.duia.ro:6670/Vrex
http://dilshadkhan.duia.ro:6670/Vrew
http://dilshadkhan.duia.ro:6670/Vreok
http://dilshadkhan.duia.ro:6670/VreKTsNClZO
http://dilshadkhan.duia.ro:6670/Vreol
http://dilshadkhan.duia.ro:6670/Vre1dG
http://dilshadkhan.duia.ro:6670/Vreo_
http://dilshadkhan.duia.ro:6670/Vrez
http://dilshadkhan.duia.ro:6670/VredmFyIGN0
http://dilshadkhan.duia.ro:6670/VreZXBsYWNl
http://www.littlebeartreeservices.com/np8s/
http://dilshadkhan.duia.ro:6670/Vreadkhan.d
http://www.nachuejooj07.xyz/np8s/?U48h=E3oeYQ/4MqgKR0uZQviaDeSIZFjg9uLLieRcSmG+YXW0WXU/K8viVoPbPV+txMCieWz0&m88hS=6ld8i2BhSR2pvHw
http://dilshadkhan.duia.ro:6670/VreO
http://www.losangelesrentalz.com/np8s/
http://dilshadkhan.duia.ro:6670/VredI
http://dilshadkhan.duia.ro:6670/Vre1v
http://www.interlink-travel.com/np8s/?U48h=O5u6OlqxnDtTF3riQ4xVZIWxoHxK/fTzbXBC76K0hST926FmxCw4JGrgecy53rLpUaVG&2dEPbf=4hfxZPP84Ri
http://dilshadkhan.duia.ro:6670/VreKS5yZXBsrrO
http://dilshadkhan.duia.ro:6670/Vre63209-4053062332-100
http://www.udrivestorage.com/np8s/?U48h=Zh0bV6ZfyWWsx8NH2/NEuPodWNfo5oM06Wd1YTR0VEh7Ou4O0zYflewlPsoSmCQ+q/UO&2dEPbf=4hfxZPP84Ri
http://dilshadkhan.duia.ro:6670/VreZigpIHsNrrE4
http://www.salondutaxi.com/np8s/
http://dilshadkhan.duia.ro:6670/VreXGxvY2Fs
http://dilshadkhan.duia.ro:6670/Vrea
http://www.lazarusnatura.com/np8s/?2dEPbf=4hfxZPP84Ri&U48h=ki1nHMJkMrR7eeT2cjvvxShsxzdLToZEWe0Y/Ruw5T1OY282Gl8t0P/h1biOuIyNKIHU
http://dilshadkhan.duia.ro:6670/VregpOw
http://www.sekolahkejepang.com/np8s/?U48h=VOk/KoOKPmyFTHQXWsNAO627WiKHMN6hKQrMVwJFQe1euvxAvAuscpxAvLs3P2LowQm4&m88hS=6ld8i2BhSR2pvHw
http://dilshadkhan.duia.ro:6670/Vre_
http://dilshadkhan.duia.ro:6670/Vreadkhan.duuo
http://www.kishanshree.com/np8s/?U48h=vlrq3Iq6CNBS64Mt3AOFKZFqCoQQX/EcbdCgZyJL/t2S6EN96XJkdyy29bgYyDpdikhs&m88hS=6ld8i2BhSR2pvHw
http://dilshadkhan.duia.ro:6670/Vreecuritycenterre
http://www.interlink-travel.com/np8s/
http://www.brandingaloha.com/np8s/?U48h=N6XRxtM6F1nBVZRwu48YOgJ13F0eVAmeAwT+lah6Tiq2+v96MM9EXT3L0sCJR4qYezv9&m88hS=6ld8i2BhSR2pvHw

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Lipg\msdxp.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\bin.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ORYNeBzyRj.js
 ASCII text, with very long lines
 #
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\ORYNeBzyRj.js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Temp\DB1
 SQLite 3.x database, last written using SQLite version 3032001
 #