dokument11900326.hta

Status: finished

Submission Time: 2020-03-26 09:45:16 +01:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
218146
API (Web) ID:
333218
Analysis Started:

2020-03-26 09:45:16 +01:00
Analysis Finished:

2020-03-26 09:52:57 +01:00
MD5:
08be5482114ed74eea82ab8424124a6f
SHA1:
80092d05155cfa430f838e7cd9dcdaf16f0f892d
SHA256:
1571f852d1b57dacf471d6cda6c085ecd52006344630fa3e605b58c3a5397c39
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
203.124.113.131	Singapore

Domains

Name	IP	Detection
yubz.net	203.124.113.131

URLs

Name	Detection
http://yubz.net/mix.exe2
http://www.twitter.com/
http://www.reddit.com/
Click to see the 15 hidden entries
http://yubz.net/mix.exe0:?
http://www.live.com/
http://www.amazon.com/
https://abby.comd
http://yubz.net/
http://www.wikipedia.com/
https://abby.com
http://yubz.net/mix.exe
https://www.msn.com/content/images/icons/Favicon_EdgeStart.ico
https://abby.com/
http://yubz.net/mix.exe7
http://www.youtube.com/
http://yubz.net/mix.exe?/
https://www.msn.com/content/images/icons/Favicon_EdgeStart.ico~
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\ZwlegcGh.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 33 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF14DF6E7E31A8C933.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF46C1AE0030C2E73C.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF5F0F00BC1B4D2C13.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF70611BDF80FC99DF.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFA6B85340EA66D50E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFDD224A68B9567CAD.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFFDBB89F39BF081EB.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{67DEB399-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{89A1733C-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DF24A3D-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47ACDE3A-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67DEB39B-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89A1733E-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3DF24A3B-6F3E-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\v8bxa9r\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

dokument11900326.hta

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

dokument11900326.hta Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

dokument11900326.hta