Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

SBA_Payroll_Protection_Application_Documents_Prom_Note_Benef.exe

Status: finished
Submission Time: 2020-04-15 16:34:44 +02:00
Malicious
Phishing
Trojan
Spyware
Evader
Remcos FormBook

Comments

Tags

Details

  • Analysis ID:
    222751
  • API (Web) ID:
    342167
  • Analysis Started:
    2020-04-15 16:40:54 +02:00
  • Analysis Finished:
    2020-04-15 16:59:29 +02:00
  • MD5:
    5452d8a0d215ef0e43bd4e3cafc5d1d7
  • SHA1:
    b918b3e3a5ccee8c8b2a97fae374fbf89d1a6180
  • SHA256:
    c3afc46062e988f282b2f82566de29da21a7d37d3e2ebdbb4097a8f23f5e9309
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 16/71
malicious
Score: 20/44

IPs

IP Country Detection
35.232.16.77
 United States
23.105.131.161
 United States

Domains

Name IP Detection
www.lions97.com
 0.0.0.0
site-cdn.onenote.net
 0.0.0.0
www.p8jy8r66.biz
 0.0.0.0
Click to see the 4 hidden entries
www.jamesbowiemarching.com
 0.0.0.0
www.mogaston.top
 0.0.0.0
www.749230y.info
 0.0.0.0
cqjcc.org
 35.232.16.77

URLs

Name Detection
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM
http://www.imvu.comr
http://myurl/myfile.bin
Click to see the 11 hidden entries
http://cps.letsencrypt.org0
https://cqjcc.org/bin_encrypted_1B4530.bin
http://cert.int-x3.letsencrypt.org/0#
http://ocsp.int-x3.letsencrypt.org0/
http://www.imvu.com
https://login.yahoo.com/config/login
http://www.nirsoft.net
http://www.nirsoft.net/
https://cqjcc.org/builf2_encrypted_96DB6DF.bin
http://cps.root-x1.letsencrypt.org0
http://www.ebuddy.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Stratagema\SLENTA.exe
 empty
 #
C:\Users\user\AppData\Local\Temp\Stratagema\SLENTA.vbs
 empty
 #
C:\Users\user\AppData\Local\Temp\Stratagema\dnwn.exe
 empty
 #
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\mromgkeganyurrxxsetqfiqsgoy
 empty
 #
C:\Users\user\AppData\Local\Temp\rvtnul
 empty
 #
C:\Users\user\AppData\Local\Temp\srphppteakaagjytqbyzfyqsc
 empty
 #
C:\Users\user\AppData\Roaming\Google\logs.dat
 empty
 #