DHL 2723 382830 RECIBO, PDF.EXE

Status: finished

Submission Time: 2020-05-04 11:18:20 +02:00

Malicious

Ransomware

Trojan

Spyware

Evader

Remcos

Comments

Details

Analysis ID:
227217
API (Web) ID:
350923
Analysis Started:

2020-05-04 11:18:21 +02:00
Analysis Finished:

2020-05-04 11:30:29 +02:00
MD5:
f87f0c455fc3add59148a1ae01d774ea
SHA1:
b1efea7c9606fa07ab6cc2f285ac05f12781b168
SHA256:
bbcf35c594bb3c5c49cdedd4d7e2169ecb65083c9aac68348c28115f136add9f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 53/72

malicious

Score: 26/31

Domains

Name	IP	Detection
onyeomam2020.ddns.net	0.0.0.0

URLs

Name	Detection
http://go.microsoft.
http://go.microsoft.LinkId=42127

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\DHL 2723 382830 RECIBO, PDF.EXE.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\tQVctBZDKZIa.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmp5E9E.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
Click to see the 70 hidden entries
C:\Users\user\AppData\Roaming\remcos\remcos.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\remcos\logs.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111935.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111945.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111944.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111943.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111942.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111941.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111940.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111939.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111938.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111937.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111936.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111948.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111934.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111933.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111932.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111931.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111954.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\tQVctBZDKZIa.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\remcos\remcos.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111959.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111958.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111957.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111956.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111955.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111946.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111953.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111952.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111951.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111950.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111949.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111929.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111947.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111901.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111909.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111908.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111907.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111906.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111905.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111904.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111903.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111902.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111910.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111900.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111859.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111858.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111857.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\tmp7B7D.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\install.vbs	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\remcos.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\installutil.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111918.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111928.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111927.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111925.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111924.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111923.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111922.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111921.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111920.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111930.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111917.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111916.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111915.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111914.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111913.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111912.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Screenshots\time_20200504_111911.png	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced	#

DHL 2723 382830 RECIBO, PDF.EXE

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

DHL 2723 382830 RECIBO, PDF.EXE Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

URLs

Dropped files

Search started

DHL 2723 382830 RECIBO, PDF.EXE