Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Unclear Proforma Invoice.vbs

Status: finished
Submission Time: 2022-08-08 17:23:09 +02:00
Malicious
Trojan
Evader
Spyware
GuLoader, FormBook

Comments

Tags

  • vbs

Details

  • Analysis ID:
    680487
  • API (Web) ID:
    1047993
  • Analysis Started:
    2022-08-08 17:28:37 +02:00
  • Analysis Finished:
    2022-08-08 17:58:13 +02:00
  • MD5:
    2ccae65c60d12ce9d0d097db0d58cefa
  • SHA1:
    4114f1b5a7c5ded759ca00fcbb10acfb4c72085f
  • SHA256:
    d85deda96531cdada16f3d37ee1ad279289c60509f37b28e0d0dac0bd7e4c4ed
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

malicious

IPs

IP Country Detection
154.23.227.120
 United States
104.21.39.116
 United States
13.248.216.40
 United States
Click to see the 19 hidden entries
199.15.163.148
 United States
154.95.160.71
 Seychelles
217.21.87.131
 United Kingdom
188.114.96.3
 European Union
154.80.183.133
 Seychelles
217.160.0.178
 Germany
103.150.61.226
 unknown
81.95.96.29
 Czech Republic
216.18.208.202
 United States
89.46.108.25
 Italy
154.210.161.216
 Seychelles
104.21.51.250
 United States
145.14.153.89
 Netherlands
185.27.134.153
 United Kingdom
66.29.155.228
 United States
130.211.17.207
 United States
142.250.185.179
 United States
142.251.39.115
 United States
101.99.94.169
 Malaysia

Domains

Name IP Detection
www.edico-al.com
 0.0.0.0
itsfindia.online
 217.21.87.131
www.wwwf2dni.com
 154.80.183.133
Click to see the 31 hidden entries
td-balancer-199-15-163-148.wixdns.net
 199.15.163.148
www.itsfindia.online
 0.0.0.0
www.5111.site
 0.0.0.0
www.ghanesa.xyz
 0.0.0.0
www.vtubber.com
 0.0.0.0
www.laforet.info
 0.0.0.0
www.coolarts.xyz
 13.248.216.40
www.et-secure.info
 0.0.0.0
www.hikingtaibah.com
 0.0.0.0
www.svgjp.com
 0.0.0.0
www.productislandsize.xyz
 0.0.0.0
www.programmedsolution.com
 0.0.0.0
www.aia-art.com
 0.0.0.0
www.xc8b49c6mnmdts.xyz
 0.0.0.0
www.worldbrands.wine
 81.95.96.29
www.mojawapo.com
 154.23.227.120
www.emitacademy.com
 154.95.160.71
www.muziclips.com
 154.210.161.216
www.147bronzeway.com
 104.21.51.250
hikingtaibah.com
 145.14.153.89
www.linuxizes.com
 66.29.155.228
www.receiveprim.online
 188.114.96.3
www.blueonb.com
 185.27.134.153
xc8b49c6mnmdts.xyz
 216.18.208.202
www.maximilianvonah.com
 217.160.0.178
ghanesa.xyz
 103.150.61.226
www.ap-render.com
 89.46.108.25
www.secureartist.com
 104.21.39.116
ghs.googlehosted.com
 142.251.39.115
www.ymsb.info
 130.211.17.207
pltraffic39.com
 72.52.179.174

URLs

Name Detection
http://www.muziclips.com/tuid/
http://www.svgjp.com/tuid/
http://www.emitacademy.com/tuid/?M8s=w86DJpgx5FYlUfRP&m4bd=83varyKolJl8CknPQYlgcSGzNVcyrkZOB+D5ZpiMClZzhWRqo67UpTDjwxWvk8XKYz02
Click to see the 97 hidden entries
http://www.receiveprim.online/tuid/?m4bd=5V7M8j5VuGkiy9NL3tIypAJy22VFPCeBH5Oh5nibDDbINvkaWpZ6bb8s5rlg19isjBzt&M8s=w86DJpgx5FYlUfRP
http://www.itsfindia.online/tuid/?M8s=w86DJpgx5FYlUfRP&m4bd=mghAatraeoVXXTpIg6GKnKl23LbAAQF/82d90oG2Rt9sZLGICR2WykimnZjjCp2p0vtb
http://www.ghanesa.xyz/tuid/?m4bd=cJ4k7DdOtYQngKRIFYz9xfmhcqtIvpGa85+jixf523tlwbXsspzXRN02o1TtG1NqJ3tW&APPTx=9r9PSR
http://www.xc8b49c6mnmdts.xyz/tuid/?m4bd=vocXnNkofrtqV2skOi0toh6MZkzBPgY3NaQb1h7517U8PmTkl0G2bMX+HFjiIYqpZAQ5&APPTx=9r9PSR
http://www.svgjp.com/tuid/?m4bd=p0pyYx380zTi+CiqScB4rLgyoRdRZyFFdRM5Rh8HyCuUL1S9LlJi1JnCbSa7CQi/RAeh&8pB=3fY8ljB8rp-H
http://www.ghanesa.xyz/tuid/
http://pesterbdd.com/images/Pester.png
http://www.secureartist.com/tuid/?m4bd=LeABM0dRx+cjh3zMeGVoLpl9dcpUDuhE6Ym2dCR4YXuE8jour2rN+gEOINsGd1piKr34&M8s=w86DJpgx5FYlUfRP
http://www.worldbrands.wine/tuid/
http://www.wwwf2dni.com/tuid/?m4bd=HIOGqwzZ3Isl7OEwvKn7zxoCIrzNSH0uht2lzyEyFHfgP4651xyJdMCZXys0BRyGrE8f&8pB=3fY8ljB8rp-H
http://www.secureartist.com/tuid/
http://www.receiveprim.online/tuid/
http://www.coolarts.xyz/tuid/
http://www.coolarts.xyz/tuid/?m4bd=9gXeVPWqRuIX9bIiSDPSAo7Wpwb+1c/G4dykJbOMN5RD0q8y2Pxv3NPChbg6lQ1LsmOi&M8s=w86DJpgx5FYlUfRP
http://www.ghanesa.xyz/tuid/?M8s=w86DJpgx5FYlUfRP&m4bd=cJ4k7DdOtYQngKRIFYz9xfmhcqtIvpGa85+jixf523tlwbXsspzXRN02o1TtG1NqJ3tW
http://www.mojawapo.com/tuid/?m4bd=WEOQpGNSR38PhgWGQI/4C8NMlFMwGI3qKGQVHk5AxuPmXhsKWgjXW9kcijjoxdm/j8Qu&APPTx=9r9PSR
http://www.linuxizes.com/tuid/
http://www.ap-render.com/tuid/
http://www.ghanesa.xyz/tuid/?m4bd=cJ4k7DdOtYQngKRIFYz9xfmhcqtIvpGa85+jixf523tlwbXsspzXRN02o1TtG1NqJ3tW&8pB=3fY8ljB8rp-H
https://mysql.active24.com/
https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
https://gui.active24.cz/img/default-domain/image.png
https://gui.active24.cz/img/default-domain/notify.png
http://k8s2t.emitacademy.com
https://webmail.active24.com/
https://faq.active24.com/cz/920729-Dom%c3%a9ny-a-DNS
https://github.com/Pester/Pester
https://outlook.com
http://s249r.emitacademy.com
https://gui.active24.cz/img/default-domain/dns.png
https://www.active24.cz/o-spolecnosti/kariera
https://outlook.com:
https://gui.active24.cz/img/icon/favicon-96x96.png
https://www.active24.cz/cssc/a21/main.less?v=b0266c48432540148d77fe7f70991539
http://schemas.micro
https://gui.active24.cz/img/default-domain/free.png
http://i1upy.emitacademy.com
https://mssql.active24.com/
https://contoso.com/License
https://www.active24.cz/o-spolecnosti
https://webftp.active24.com/
https://faq.active24.com/cz/162807-DNS-hosting?l=cs
https://gui.active24.cz/img/icon/ms-icon-144x144.png
https://github.com/Pester/PesterT
https://gui.active24.cz/css/landing.css
https://gui.active24.cz/img/icon/apple-icon-180x180.png
http://j4itc.emitacademy.com
http://101.99.94.169/WHvBvQsIuWdD218.inf3#
https://www.active24.cz/domeny#m-certifikace
http://www.programmedsolution.com/tuid/?m4bd=CvVARU9fNp+vKMKeLa6AXw4JheY799aWEuKndqaVaC/gFtqDUvqUT5Zi2l9zF52EiAp1&M8s=w86DJpgx5FYlUfRP
https://www.active24.cz/o-spolecnosti/kontakty
https://www.active24.cz/weby/mojestranky
https://go.micro
https://api.msn.com/v1/news/Feed/Windows?ok
http://www.programmedsolution.com/tuid/?m4bd=CvVARU9fNp+vKMKeLa6AXw4JheY799aWEuKndqaVaC/gFtqDUvqUT5Zi2l9zF52EiAp1&APPTx=9r9PSR
http://101.99.94.169/g
https://nuget.org/nuget.exe
https://gui.active24.cz/img/icon/favicon-16x16.png
https://www.active24.cz/jak-na-tvorbu-webu
https://customer.active24.com/
https://aka.ms/pscore6lB
http://www.emitacademy.com/
https://gui.active24.cz/library/theme/hp16/style.css
https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
https://www.active24.cz/dnssec
https://www.active24.cz/objednavka/login
http://www.emitacademy.com/images/mlogo.png
http://www.emitacademy.com/sitemap.xml
https://excel.office.com
http://schemas.microsoft.c
https://api.msn.com:443/v1/news/Feed/Windows?
https://faq.active24.com/cz/806087-Z%c3%a1kladn%c3%ad-informace
http://klmy8.emitacademy.com
http://zb379.emitacademy.com
https://www.msn.com/en-us/news/world/uk-climate-activists-face-prison-for-blocking-highz
https://www.active24.cz/klientska-zona/zakaznicka-podpora
https://www.active24.cz/upozorneni
https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
https://contoso.com/Icon
https://gui.active24.cz/font/active24-icons.ttf
https://faq.active24.com/cz/932337-Spolupr%c3%a1ce
https://www.active24.cz/domeny
http://nrokq.emitacademy.com
http://www.apache.org/licenses/LICENSE-2.0.html
https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
https://word.office.com
http://bxs6w.emitacademy.com
https://faq.active24.com/cz/757409-Bezpe%c4%8dnost
https://faq.active24.com/cz/808905-E-mailov%c3%a1-%c5%99e%c5%a1en%c3%ad
https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
http://y3w1s.emitacademy.com
https://gui.active24.cz/img/default-domain/dnssec.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://www.active24.cz/spoluprace
http://65bxm.emitacademy.com
http://www.ymsb.info/tuid/?M8s=w86DJpgx5FYlUfRP&m4bd=x1lqSWX2LKO1JKV9bkchYXFCTPqYoW8UylSztnXFuZ2/7+2KqJfWLK3RcwQMnMv5S2vv
http://www.vtubber.com/tuid/?m4bd=vE0t2WxjBi8H4KsoCXQPFaaEcnaL0cW4rsHN0mKSQSi6rgkDy1GsjEniIX065GWycDne&UlCp=CJEhZPH

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
 data
 #
C:\Users\user\AppData\Local\Temp\DB1
 SQLite 3.x database, last written using SQLite version 3035005
 #
C:\Users\user\AppData\Local\Temp\RESBA75.tmp
 Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48e, 9 symbols
 #
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p4elcppe.v1c.ps1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ro4sxpqd.lc5.psm1
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\tmhd51lu\CSCDE243CA280D4B5C9E282790C554DB9.TMP
 MSVC .res
 #
C:\Users\user\AppData\Local\Temp\tmhd51lu\tmhd51lu.0.cs
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmhd51lu\tmhd51lu.cmdline
 UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\tmhd51lu\tmhd51lu.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmhd51lu\tmhd51lu.out
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
 #