Register Login

sloganpng

top title background image

http://dropbox.com/s/2l0ep7yboohz83e/SWIFT%20MT203%20DOKUMENT%20EUR27000%20ORDER%202020.7z?dl=1

Status: finished

Submission Time: 2020-05-28 08:47:46 +02:00

Malicious

Trojan

Evader

Nanocore

Comments

Tags

Details

Analysis ID:
233725
API (Web) ID:
363603
Analysis Started:

2020-05-28 08:47:46 +02:00
Analysis Finished:

2020-05-28 08:52:37 +02:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 96	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 48/73

malicious

Score: 26/48

IPs

IP	Country	Detection
79.134.225.11	Switzerland
162.125.69.6	United States
162.125.8.1	United States
Click to see the 1 hidden entries
162.125.248.1	United States

Domains

Name	IP	Detection
wilpap321.ddns.net	79.134.225.11
dropbox.com	162.125.248.1
papaw456.serveftp.com	79.134.225.11
Click to see the 6 hidden entries
www.dropbox-dns.com	162.125.8.1
edge-block-www.dropbox-dns.com	162.125.69.6
onedrive.live.com	0.0.0.0
www.dropbox.com	0.0.0.0
uc9c3b3bb917cdb4d4342a1b65ce.dl.dropboxusercontent.com	0.0.0.0
i4irzw.ch.files.1drv.com	0.0.0.0

URLs

Name	Detection
http://www.w3.
https://i4irzw.ch.files.1drv.com/y4ml1Q01tCRlfaCV-OLWZQ03k3ARTvfojHWkYgT1zV5l5oS0whsbm9x74IXOkou2CzD
https://i4irzw.ch.files.1drv.com/
Click to see the 2 hidden entries
https://onedrive.live.com/download?cid=F191CCC6E999117D&resid=F191CCC6E999117D%21207&authkey=AKOuWEK
https://onedrive.live.com/

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\x4vz0vwg.gpu\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat	data	#
C:\Users\user\subfolder1\filename1.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1055416-A0FA-11EA-AADD-C25F135D3C65}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1055418-A0FA-11EA-AADD-C25F135D3C65}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SWIFT%20MT203%20DOKUMENT%20EUR27000%20ORDER%202020[1].htm	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.7z.u1u7zwy.partial	7-zip archive data, version 0.4	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.7z.u1u7zwy.partial:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.7z:Zone.Identifier	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\SWIFT%20MT203%20DOKUMENT%20EUR27000%20ORDER%202020[1].7z	7-zip archive data, version 0.4	#
C:\Users\user\AppData\Local\Temp\1rx3jsee.zoo\unarchiver.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DF706DBA5C421E7CAE.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFFFC7077C101F1532.TMP	data	#