top title background image
flash

Nuovo documento 1.vbs

Status: finished
Submission Time: 2020-04-14 19:50:04 +02:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    222479
  • API (Web) ID:
    341639
  • Analysis Started:
    2020-04-14 19:50:05 +02:00
  • Analysis Finished:
    2020-04-14 19:56:09 +02:00
  • MD5:
    440d1606c70102759b03a3b3bc8dbc49
  • SHA1:
    ddc59d70cc561cc9c03d046e96fcda4ce083047b
  • SHA256:
    1c3e4ead3bf84a8aeb8f1f204a55eb053c849d7241e171ca8c912c40ce727ac4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 25/71

IPs

IP Country Detection
89.191.225.207
Russian Federation
212.60.5.16
Russian Federation

Domains

Name IP Detection
primecontentstudios.com
89.191.225.207
trattoriafiori.xyz
212.60.5.16
site-cdn.onenote.net
0.0.0.0

URLs

Name Detection
http://primecontentstudios.com/pagigpy75.php?uid=
http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
https://trattoriafiori.xyz/index.htmL2
Click to see the 15 hidden entries
https://trattoriafiori.xyz/index.htm
https://trattoriafiori.xyz
http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
http://primecontentstudios.com/pagigpy75.php?uid=._o
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://primecontentstudios.com/pagigpy75.php?uid=_______Set
https://trattoriafiori.xyz/index.htm.xyz/index.htm
https://sectigo.com/CPS0C
http://primecontentstudios.com/
https://trattoriafiori.xyz/index.htmRoot
http://primecontentstudios.com/pagigpy75.php?uid==
https://sectigo.com/CPS0B
http://ocsp.sectigo.com0
http://primecontentstudios.com/pagigpy75.php?uid=WW

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\PaintHelper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1E5F6926-7EC4-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{1E5F6928-7EC4-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{290E5EAB-7EC4-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\N7MEVT7N\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\N7MEVT7N\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NZSELCGE\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\S7T0HNLH\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\Y0D0GH26\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF689278BECED51105.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF870CBDCF36CA9CF8.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF9615D8604579F7B3.TMP
data
#