my_presentation_o6y.js

Status: finished

Submission Time: 2020-04-06 22:06:56 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
220655
API (Web) ID:
338085
Analysis Started:

2020-04-06 22:07:09 +02:00
Analysis Finished:

2020-04-06 22:26:46 +02:00
MD5:
780082207026faabb8381f780fc9d462
SHA1:
573f12e0a23eccd91a82b9a14fa0c5753ad05149
SHA256:
1a3891253e423f0fbc89be4014a2c1cd4389ffd8982829d859f8a6a955dad959
Technologies:

Engines
IOCs

Joe Sandbox

Download Report	Detection	Info
	malicious
Full Report Management Report IOC Report	unknown Score: 0	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Without Instrumentation

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/71

IPs

IP	Country	Detection
5.101.51.143	Russian Federation

Domains

Name	IP	Detection
f1.pipen.at	5.101.51.143
api10.dianer.at	5.101.51.143

URLs

Name	Detection
http://f1.pipen.at/favicon.ico
http://f1.pipen.at/api1/olUj7VUg1W3_2B/Cm5em_2FIcoskF811yIlL/i5nyfJyOrsWaXAKa/wBuJs4wlgM_2BIy/t7o6sF4_2BEpb09e9D/e5ZukIG8o/FlemDlH5hm_2F_2BFN0s/2ZhIljtSaDFHSFEhyew/jBOrkKF_2FTTlaXJ3G7bcb/cK8SP8_2BRVIR/lu4YunYb/C7Y1WSSkLn2bCWF59L8cx45/SfuRwGoB6R/TJl48VgwKcXEC54Kl/Bzq0fT7_2FF_/2FQVuwY6mBp/UM3AQAfl6p2rLp/cMcs9TfWup_0A_0DRyv7X/E31Y4NNdfiq4NT8k/Gaeagtq3m74H3qK/lt2GxcKXxzzH0ftWw1/79Q1BmnDc/bht_2FB
http://f1.pipen.at/api1/fwo7DZYH_2BAKA9AO/nNoc7nnjpHEi/npqhf3GSHBr/v2V9gDEMWaip2f/WTZSyEKW70I6E_2BOGX8L/f1xas9w9a_2BQrc8/WmdaxoK73Rm87LL/JhJ_2FMMtqKcQxmhgf/S7RjNE9eu/brt07Jz86RaM4rk_2FBt/CORp_2BglkCLtmgMfGz/3bxYiCsOxAX38PGGPweCXx/7WraUC1th8DcB/U9IobK90/F0x_2BxxLQ9nLPSso3T1SD7/nbI9FZzdKq/iEddMW90JucsG5r6S/H_0A_0D7xk8S/3WhzWfKfGKz/j7q36j_2BqTV5s/7J_2FLYZ_2B1aW7EqQErh/D89Stq2I/FqlBS0nYVsijuN/m
Click to see the 29 hidden entries
http://f1.pipen.at/api1/8iQXGwCpzdKMz8g3/vR1Bs0PsJjWOKd0/CgIrsJRd_2BvCvUxkm/EXOKfEHNo/sYKGsI3cQNMqIc2s8Lkt/2WJiM46ejLxs3iANNJ9/h0d_2F80v8eQI71I9xW1ix/X25fj7vexiZHH/25toGcJ2/4qCC4KWagf38YJweMGTX2yy/g2VE2_2FE4/qml86HUU6i7BR1mLC/EYgG2gZ_2BJv/tirHghlS6iC/oeDlpjoTA6Q2pQ/XDM2St3rAcudiIsIc_2B9/FXw73bdttSLdvg_0/A_0DzW3gUjl_2Fr/YsYX0XolzoV8_2Fstv/ZS_2BgcF_/2FGwEtDMf1jKkxNFe920/LlyrF9mJyINdvtY/9G_2F
http://https://file://USER.ID%lu.exe/upd
http://f1.pipen.at/api1/fwo7DZYH_2BAKA9AO/nNoc7nnjpHEi/npqhf3GSHBr/v2V9gDEMWaip2f/WTZSyEKW70I6E
http://www.wikipedia.com/
http://www.founder.com.cn/cn
http://constitution.org/usdeclar.txt
http://www.youtube.com/
http://www.jiyu-kobo.co.jp/
http://www.sakkal.com
http://www.fonts.com
http://www.sandoll.co.kr
http://www.live.com/
http://www.zhongyicts.com.cn
http://www.reddit.com/
http://www.autoitscript.com/autoit3/J
http://fontfabrik.com
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.sajatypeworks.com
http://www.carterandcone.coml
http://www.twitter.com/
http://www.goodfont.co.kr
http://api10.dianer.at/jvassets/xI/t64.dat
http://www.amazon.com/
http://www.tiro.com
http://constitution.org/usdeclar.txtC:
http://www.founder.com.cn/cn/bThe
http://www.nytimes.com/
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\TAvvi.txt	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\BMV.MdUZxGc	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnestjxp.m12.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lddzxr40.g2z.ps1	ASCII text, with no line terminators	#
C:\Users\user\Documents\20200406\PowerShell_transcript.376483.g09j5lcv.20200406222154.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

my_presentation_o6y.js

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

my_presentation_o6y.js Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

my_presentation_o6y.js