click.wsf

Status: finished

Submission Time: 2023-03-20 09:05:58 +01:00

Malicious

Trojan

Evader

Emotet

Comments

Details

Analysis ID:
830321
API (Web) ID:
1197426
Analysis Started:

2023-03-20 09:05:59 +01:00
Analysis Finished:

2023-03-20 09:12:40 +01:00
MD5:
016fa961b9af49d75b597c2f61ab344c
SHA1:
2fee0634cfa2988ee8f000724efc1c6c18beef23
SHA256:
8343af0017ad64499072d1485302948a7ad744a638bd2deab301ae108b6b18fd
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 13/92

malicious

Score: 19/24

malicious

IPs

IP	Country	Detection
188.44.20.25	Macedonia
172.105.226.75	United States
213.239.212.5	Germany
Click to see the 51 hidden entries
5.135.159.50	France
186.194.240.217	Brazil
119.59.103.152	Thailand
159.89.202.34	United States
91.121.146.47	France
160.16.142.56	Japan
201.94.166.162	Brazil
91.207.28.33	Kyrgyzstan
103.75.201.2	Thailand
103.43.75.120	Japan
164.90.222.65	United States
45.235.8.30	Brazil
153.126.146.25	Japan
72.15.201.15	United States
187.63.160.88	Brazil
82.223.21.224	Spain
173.212.193.249	Germany
95.217.221.146	Germany
149.56.131.28	Canada
182.162.143.56	Korea Republic of
1.234.2.232	Korea Republic of
129.232.188.93	South Africa
94.23.45.86	France
66.228.32.31	United States
110.232.117.186	Australia
103.132.242.26	India
104.168.155.143	United States
79.137.35.198	France
115.68.227.76	Korea Republic of
163.44.196.120	Singapore
206.189.28.199	United States
31.31.196.172	Russian Federation
186.202.153.5	Brazil
203.26.41.131	Australia
107.170.39.149	United States
159.65.88.10	United States
197.242.150.244	South Africa
185.4.135.165	Greece
183.111.227.137	Korea Republic of
45.176.232.124	Colombia
169.57.156.166	United States
164.68.99.3	Germany
139.59.126.41	Singapore
167.172.253.162	United States
167.172.199.165	United States
202.129.205.3	Thailand
147.139.166.154	United States
153.92.5.27	Germany
192.229.221.95	United States
52.109.76.141	United States
52.109.13.63	United States

Domains

Name	IP	Detection
bbvoyage.com	31.31.196.172
gomespontes.com.br	186.202.153.5
penshorn.org	203.26.41.131
Click to see the 1 hidden entries
www.gomespontes.com.br	0.0.0.0

URLs

Name	Detection
http://wrappixels.co
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/476
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/
Click to see the 49 hidden entries
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/
https://penshorn.org/admin/Ses8712iGR8du/
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/uM
https://164.90.222.65/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://www.gomespontes.com.br/
https://www.gomespontes.com.br/logs/pd/
http://ozmeydan.com/cekici/9/
https://bbvoyage.com/useragreement/ElKHvb4QIQqSrh6Hqm/
http://softwareulike.com/cWIYxWMPkK/
https://www.gomespontes.com.br/logs/pd/l
https://66.228.32.31:7080/wfqhlvcfruxkwghn/ivirkxueekmcz/.DLL
https://160.16.142.56:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://160.16.142.56:8080/M
http://softwareulike.com/cWIYxWMPkK/yM
https://167.172.199.165:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://104.168.155.143:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/dll
http://ozmeydan.com/cekici/9/xM
https://104.168.155.143:8080/P
https://187.63.160.88:80/wfqhlvcfruxkwghn/ivirkxueekmcz/VnX
https://104.168.155.143:8080/
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/zM
https://160.16.142.56:8080/
https://91.121.146.47:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://penshorn.org/admin/Ses8712iGR8du/95DC4.tmp.dll(
https://www.gomespontes.com.br/logs/pd/0w
http://softwareulike.com/cWIYxWMPkK/_
https://160.16.142.56:8080/)
http://wrappixels.com/wp-admin/GdIA2oOQEiO5G/H#K#0
https://163.44.196.120:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://91.121.146.47:8080/
https://163.44.196.120:8080/
https://163.44.196.120:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/z
https://www.gomespontes.com.br/logs/pd/vM
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/cw34006
https://167.172.199.165:8080/l
https://167.172.199.165:8080/
https://91.121.146.47:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/dllgz
https://187.63.160.88:80/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://66.228.32.31:7080/wfqhlvcfruxkwghn/ivirkxueekmcz/
https://www.gomespontes.com.br/s
https://163.44.196.120:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/bK
https://164.90.222.65/)
https://104.168.155.143:8080/Y
https://portalevolucao.com/GerarBoleto/fLIOoFbFs1jHtX/wM
https://160.16.142.56:8080/wfqhlvcfruxkwghn/ivirkxueekmcz//
https://penshorn.org/admin/Ses8712iGR8du/tM
https://104.168.155.143:8080/4
https://91.121.146.47:8080/wfqhlvcfruxkwghn/ivirkxueekmcz/X

Dropped files

Name	File Type	Hashes
C:\Users\user\Desktop\click.wsf	ASCII text, with no line terminators	#
C:\Users\user\Desktop\rad1F9A4.tmp.dll	HTML document, ASCII text	#
C:\Users\user\Desktop\rad75349.tmp.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
Click to see the 5 hidden entries
C:\Windows\System32\BlUwZJEPejvMeG\xhwdmo.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 62582 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20230320T0906180748-804.etl	old-fs dump file (16-bit, assuming PDP-11 endianness), Previous dump Thu Jan 1 01:07:36 1970, This dump Thu Jan 1 01:09:04 1970,	#
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	data	#

click.wsf

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

click.wsf Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

click.wsf