451796267.xls

Status: finished

Submission Time: 2020-04-09 06:20:40 +02:00

Malicious

E-Banking Trojan

Trojan

Exploiter

Evader

Ursnif

Comments

Details

Analysis ID:
221391
API (Web) ID:
339515
Analysis Started:

2020-04-09 06:20:41 +02:00
Analysis Finished:

2020-04-09 06:28:21 +02:00
MD5:
02403364e60ab29d5ffa86acb3d2a913
SHA1:
cf3aa8c526a33add9b97c16a0a20716538d8265c
SHA256:
966669eea02cf10fd1de0b99919b5f2ec57a83485a5026404a7dabf80aca1fd6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: unknown

Third Party Analysis Engines

Open Full Report

malicious

Score: 43/72

malicious

Score: 30/47

malicious

IPs

IP	Country	Detection
89.46.107.12	Italy

Domains

Name	IP	Detection
www.slgroupsrl.com	89.46.107.12
triomigratio.xyz	0.0.0.0

URLs

Name	Detection
https://triomigratio.xyz/index.htmavelLog
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
https://triomigratio.xyz/index.htms://triomigratio.xyz/index.htm
Click to see the 8 hidden entries
https://triomigratio.xyz/index.htmRoot
http://ocsp.sectigo.com0
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
https://triomigratio.xyz/index.htm
https://triomigratio.xyz/index.htm7o
https://triomigratio.xyz
https://sectigo.com/CPS0C
https://triomigratio.xyz/index.htmyz/index.htm

Dropped files

Name	File Type	Hashes
C:\ProgramData\JEsNEuI.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\1406202d00s408s1[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\www451A.tmp	MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators	#
Click to see the 55 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\errorPageStrings[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\httpErrorPagesScripts[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\CabF903.tmp	Microsoft Cabinet archive data, 57416 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\TarF904.tmp	data	#
C:\Users\user\AppData\Local\Temp\www4504.tmp	MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\www450F.tmp	MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF2723DC0E7E6E865A.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF382A425126811CD7.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF70CC944DA3F6A87B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF7CE58A7F1DDFD27B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF8883CB702F959531.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF8FA3423CEBF710A8.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFAB737005D1B53E7C.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBC68425D41F21F32.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFF45FBCD31A25367A.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFFAF70B682F39A9B8.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFFE5606D051A8B10F.TMP	data	#
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Aug 7 11:48:48 2017, mtime=Mon Aug 7 11:48:48 2017, atime=Wed May 31 02:32:40 2017, length (…)	#
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ASCII text, with CRLF line terminators	#
C:\Users\user\Favorites\Links\Suggested Sites.url	MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F179F433-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 57416 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	data	#
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C00F02E1-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D70EB051-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E4445241-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F179F431-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FEBBCFA1-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C00F02E3-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C00F02EE-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D70EB053-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4445243-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FEBBCFA3-7A19-11EA-B813-B2C276BF9C88}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\NewErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

451796267.xls

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

451796267.xls Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

451796267.xls