top title background image
flash

CIQ-PO162688.js

Status: finished
Submission Time: 2022-05-27 18:53:18 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
FormBook, VjW0rm

Comments

Tags

  • js
  • Vjw0rm

Details

  • Analysis ID:
    635313
  • API (Web) ID:
    1002816
  • Analysis Started:
    2022-05-27 19:01:26 +02:00
  • Analysis Finished:
    2022-05-27 19:19:56 +02:00
  • MD5:
    ebcb99f17238dde1ca4c12316ebce4a7
  • SHA1:
    1662814aa8638312144d7be033875b2365e89696
  • SHA256:
    e873129006fb7f83c9bec9516fd3ce2e3737f79df1458606445e61926a844f4a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 14/55
malicious
Score: 17/35
malicious
Score: 26/26
malicious
malicious

IPs

IP Country Detection
81.169.145.161
Germany
3.64.163.50
United States
185.53.179.172
Germany
Click to see the 9 hidden entries
85.159.66.93
Turkey
162.0.230.89
Canada
23.19.171.24
United States
68.66.224.33
United States
185.27.134.149
United Kingdom
185.134.245.113
Norway
23.82.37.10
United States
91.193.75.133
Serbia
198.54.117.217
United States

Domains

Name IP Detection
www.brandpay.xyz
3.64.163.50
www.xn--wsthof-camping-gsb.com
0.0.0.0
www.thepowerofanopenquestion.com
0.0.0.0
Click to see the 22 hidden entries
www.gafcbooster.com
0.0.0.0
www.angelmatic.net
0.0.0.0
www.halecamilla.site
0.0.0.0
www.siberup.xyz
0.0.0.0
www.jdhwh2nbiw234.com
0.0.0.0
www.gabefancher.com
0.0.0.0
www.vitality-patients.online
0.0.0.0
halecamilla.site
207.174.214.35
www.shcylzc.com
23.82.37.10
www.getbusinesscreditandfunding.com
68.66.224.33
www.tentanguang.online
185.27.134.149
xn--wsthof-camping-gsb.com
81.169.145.161
www.waermark.com
185.53.179.172
www.localbloom.online
185.134.245.113
natroredirect.natrocdn.com
85.159.66.93
www.harmlett.com
23.19.171.24
www.topings33.com
162.0.230.89
dilshadkhan.duia.ro
91.193.75.133
parkingpage.namecheap.com
198.54.117.217
www.multiverseofbooks.com
66.96.130.20
cdl-lb-1356093980.us-east-1.elb.amazonaws.com
3.208.142.147
www.refreshertowels.com
23.231.99.207

URLs

Name Detection
http://dilshadkhan.duia.ro:6670/Vreineer
http://dilshadkhan.duia.ro:6670/Vre_
http://dilshadkhan.duia.ro:6670/Vred
Click to see the 97 hidden entries
http://www.tentanguang.online/np8s/
http://www.waermark.com/np8s/?3fk4oN=upNApQGgxnIpkDsed4j6UePR+EOmKhNhiuHKrn3aPCq0+c3DSqp4vkB5DGytvWTvww8fhFgzIA==&aDHdzD=vpgdJ4mxrh
www.gafcbooster.com/np8s/
http://dilshadkhan.duia.ro:6670/Vrej
http://dilshadkhan.duia.ro:6670/Vreagent
http://dilshadkhan.duia.ro:6670/Vreo
http://www.topings33.com/np8s/?3fk4oN=+1vSQSU4VFPBNkL8EMH3DU8MRg7YeuqbcMOylP3M0ivye7s4zRc3erRZEMEN43A2RNb83bcySA==&Eh=mhUxl
http://dilshadkhan.duia.ro:6670/Vren
http://dilshadkhan.duia.ro:6670/Vret
http://dilshadkhan.duia.ro:6670/VreZ
http://dilshadkhan.duia.ro:6670/Vreageen-usWScript.Quit
http://dilshadkhan.duia.ro:6670/VreKTsNClZO
http://dilshadkhan.duia.ro:6670/VreZXBsYWNl
http://dilshadkhan.duia.ro:6670/VreSE
http://dilshadkhan.duia.ro:6670/Vreem
http://www.harmlett.com/np8s/?3fk4oN=Hfm8tjP++bF99H8Yixu4yiAA2pucxCUNYZIpJGNk6F/7VNXQ3kF6oq1cnnPYkdM2cMsNINi87w==&Eh=mhUxl
http://www.brandpay.xyz/np8s/
http://dilshadkhan.duia.ro:6670/VreMP
http://dilshadkhan.duia.ro:6670/Vre02-00600806D9B6
http://dilshadkhan.duia.ro:6670/Vreo=
http://dilshadkhan.duia.ro:6670/VreU
http://dilshadkhan.duia.ro:6670/Vreadkhan.duu
http://dilshadkhan.duia.ro:6670/VreN_5
http://dilshadkhan.duia.ro:6670/VreA%
http://dilshadkhan.duia.ro:6670/VreZ3
http://www.siberup.xyz/np8s/?3fk4oN=cDXfWuCokJFrdCwhVntnDB+RdogU7uBP5U/Sv42Lexzi+FyRpCsvSOHB1BJBbWkp2bvyU0/jbw==&Eh=mhUxl
http://dilshadkhan.duia.ro:6670/VrePSAiQ2wi
http://dilshadkhan.duia.ro:6670/VreH
http://dilshadkhan.duia.ro:6670/VreM
http://dilshadkhan.duia.ro:6670/VreL
http://dilshadkhan.duia.ro:6670/VreP
http://www.shcylzc.com/np8s/
http://dilshadkhan.duia.ro:6670/VreT
http://dilshadkhan.duia.ro:6670/VreM%
http://www.getbusinesscreditandfunding.com/np8s/?3fk4oN=0pptgqp0MeRyeb/9nmudohOLKq4u2ksDwR1w+rnfL4/we0tceqenlGY7vNOGaAQzxdf5zVwFvA==&aDHdzD=vpgdJ4mxrh
http://dilshadkhan.duia.ro:6670/VreR
http://dilshadkhan.duia.ro:6670/VreMjdcXHZi
http://dilshadkhan.duia.ro:6670/VreX
http://dilshadkhan.duia.ro:6670/VreZigpIHsNrr
http://dilshadkhan.duia.ro:6670/Vre63209-4053062332-100
http://dilshadkhan.duia.ro:6670/Vree5
http://dilshadkhan.duia.ro:6670/Vreadkhan.d
http://dilshadkhan.duia.ro:6670/VrebWcgPSAi
http://dilshadkhan.duia.ro:6670/VreM7d
http://www.xn--wsthof-camping-gsb.com/np8s/
http://www.getbusinesscreditandfunding.com/np8s/?3fk4oN=0pptgqp0MeRyeb/9nmudohOLKq4u2ksDwR1w+rnfL4/we0tceqenlGY7vNOGaAQzxdf5zVwFvA==&Eh=mhUxl
http://dilshadkhan.duia.ro:6670/Vre8
http://dilshadkhan.duia.ro:6670/Vre=
http://www.siberup.xyz/np8s/
http://www.harmlett.com/np8s/?aDHdzD=vpgdJ4mxrh&3fk4oN=Hfm8tjP++bF99H8Yixu4yiAA2pucxCUNYZIpJGNk6F/7VNXQ3kF6oq1cnnPYkdM2cMsNINi87w==
http://dilshadkhan.duia.ro:6670/VrezjB
http://dilshadkhan.duia.ro:6670/Vre3
http://dilshadkhan.duia.ro:6670/Vreecuritycenter7
http://www.getbusinesscreditandfunding.com/np8s/
http://dilshadkhan.duia.ro:6670/Vrewz
http://www.harmlett.com/np8s/
http://dilshadkhan.duia.ro:6670/Vreecuritycenterre
http://dilshadkhan.duia.ro:6670/UZXh0
http://www.shcylzc.com/np8s/?3fk4oN=25I4eedf3LYXj+mrZ2jI6olVDZbg0jTgzRvorLdGhmBPpJDDPx12pMPLDd38wf67F/cvJLwRDA==&Eh=mhUxl
http://dilshadkhan.duia.ro:6670/VrePSAiUkYirr
http://dilshadkhan.duia.ro:6670/Vreod
http://dilshadkhan.duia.ro:6670/Vre_3
http://www.brandpay.xyz/np8s/?3fk4oN=hgAcLcCQcJ9fw2P/Tuk0sK1oy/IuL6u1zsG1wPPsT2rq6CikgixxXMntvKpZqETXTWLI6sH0ZA==&Eh=mhUxl
http://www.vitality-patients.online/np8s/
http://www.vitality-patients.online/np8s/?3fk4oN=RNX6HKFDcklLmbBc9PWX652dIgRYJcuZVnkYPjFZaGFpi0fgSjcQ52/zYZHNiyjWO0COcN7HSw==&Eh=mhUxl
http://www.tentanguang.online/np8s/?3fk4oN=v4u/ceKk0Zb55n135mmkOO9h9NxJ7kGAyBx+qrEyA785N/4y0zrdRsBV3cMwWbOW5k3YBKZGqA==&Eh=mhUxl
http://www.waermark.com/np8s/
http://www.gabefancher.com/np8s/
http://www.xn--wsthof-camping-gsb.com/np8s/?3fk4oN=1Nsioc0lpQImfCEv7q3CJRvbkNIovvFEONaUY8zyneWF7ypKO8GgemnIz/Jz3qNJ0RZyolUFog==&Eh=mhUxl
http://dilshadkhan.duia.ro:6670/Vreo&
https://www.namebrightstatic.com/images/error_board.png)
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
http://www.gabefancher.com
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt
http://www.msn.com/de-ch/?ocid=iehp
https://www.namebrightstatic.com/images/bg.png)
https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0LMEM
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1#
https://www.namebrightstatic.com/images/logo_off.gif)
http://dilshadkhan.duia.ro:6ecuritycenter2=
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1rdw
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
http://statcounter.com/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=16c
http://schemas.mi
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g
https://www.namebrightstatic.com/images/header_bg.png)
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0BW
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
https://www.google.com/chrome/j
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0&
http://www.msn.com/?ocid=iehp
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.google.com/chrome/

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Irlr8ftbp\u8g48fg0phzxan.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\Irlr8ftbp\u8g48fg0phzxan.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\bin.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RmiIjXZkdd.js
ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\RmiIjXZkdd.js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Temp\DB1
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
Composite Document File V2 Document, Cannot read section info
#