Nuovo documento 1.vbs

Status: finished

Submission Time: 2020-04-23 20:08:22 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
224946
API (Web) ID:
346465
Analysis Started:

2020-04-23 20:11:26 +02:00
Analysis Finished:

2020-04-23 20:20:28 +02:00
MD5:
e9c937259a589fa3a30d60e04e8fd11f
SHA1:
0f5d9f45de87ea1b6f136f4c39e269d9e0f46ee4
SHA256:
b99ac573e0a998252441b5f6f5420a75ae4d071675b3feaa2d59b0ba415e1e7c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/59

malicious

Score: 6/48

IPs

IP	Country	Detection
89.191.225.207	Russian Federation
185.22.153.166	Russian Federation

Domains

Name	IP	Detection
rolandojgarcia.com	89.191.225.207
site-cdn.onenote.net	0.0.0.0
barecao.xyz	185.22.153.166

URLs

Name	Detection
http://rolandojgarcia.com/pagigpy75.php:
http://rolandojgarcia.com/pagigpy75.phpO5?
http://rolandojgarcia.com/pagigpy75.php
Click to see the 19 hidden entries
http://rolandojgarcia.com/pagigpy75.php2
http://rolandojgarcia.com/pagigpy75.php_______Set
http://rolandojgarcia.com/
https://barecao.xyz/favicon.ico
http://www.twitter.com/
http://www.reddit.com/
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://www.live.com/
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://www.amazon.com/
http://www.wikipedia.com/
https://barecao.xyz
http://www.nytimes.com/
https://sectigo.com/CPS0C
http://www.youtube.com/
https://barecao.xyz/index.htm
https://barecao.xyz/index.htmdex.htm
https://barecao.xyz/index.htmRoot
http://ocsp.sectigo.com0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\PaintHelper.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\f2oqx0oi.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\~DF3718358378F491A1.TMP	data	#
Click to see the 45 hidden entries
C:\Users\user\AppData\Local\Temp\CSC77BC04006FB247D3A31CB167F1BAF8A.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\RES4B18.tmp	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1i32wtml.qzd.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_flcmhvwr.nhc.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\f2oqx0oi.0.cs	C++ source, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\f2oqx0oi.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF04F926A40DCF9D79.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF069FCFF18D3E0F3D.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\8OJ03BG5\index[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\~DF4563720317568BEC.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4F1F8F6F4B10894B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF5AD93B8C40DA7028.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF736A28E4B38D4918.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF76E9C49390A666AE.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF86EAF5CB001B9ECA.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF90D5C70BAC9316A6.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFDA26CBDC1AC8B5F6.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFF5B722616F59DCFA.TMP	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QYMSQAA33ZMMHM6PGDYH.temp	data	#
C:\Users\user\Documents\20200423\PowerShell_transcript.367706.c9lL3j2b.20200423201448.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9ADEEA82-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9ADEEA84-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A1AB3841-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A1AB3843-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A7B24F40-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A7B24F42-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A7B24F44-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AFE5959C-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AFE5959E-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B7EEEA77-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B7EEEA79-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9ADEEA80-85D9-11EA-AAE5-44C1B3FB757B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\r1ckxmj\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel	#

Nuovo documento 1.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Nuovo documento 1.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Nuovo documento 1.vbs