Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://onedrive.live.com/download?cid=BCE0D307A6632A77&resid=BCE0D307A6632A77%21114&authkey=APAWjPF_jjXfX4g

Status: finished
Submission Time: 2020-06-24 18:19:50 +02:00
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    241255
  • API (Web) ID:
    378242
  • Analysis Started:
    2020-06-24 18:21:00 +02:00
  • Analysis Finished:
    2020-06-24 18:32:35 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 27/73
malicious
Score: 12/31

IPs

IP Country Detection
173.201.193.101
 United States

Domains

Name IP Detection
smtpout.secureserver.net
 173.201.193.101
onedrive.live.com
 0.0.0.0
8e0huw.bl.files.1drv.com
 0.0.0.0

URLs

Name Detection
http://zeIHe8mpB5avaBzd.org
http://crl.starfieldtech.com/sfroot.crl0L
http://ocsp.starfieldtech.com/0F
Click to see the 19 hidden entries
http://www.globalsign.net/repository/03
https://onedrive.live.com/download?cid=BCE0D307A6632A77&resid=BCE0D307A6632A77%21114&authkey=APAWjPF
https://onedrive.live.com/download?cid=BCE0D307A6632A77&resid=BCE0D307A6632A77%
http://www.globalsign.net/repository/0
https://onedrive.live.com/download?cid=BCE0D307A6632A77&resid=BCE0D307A6632A77
http://certificates.starfieldtech.com/repository/sfig2.crt0
http://smtpout.secureserver.net
http://crl.starfieldtech.com/sfig2s1-126.crl0c
http://ocsp.starfieldtech.com/0;
http://secure.globalsign.net/cacert/PrimObject.crt0
http://www.globalsign.net/repository09
http://ocsp.starfieldtech.com/08
http://crl.starfieldtech.com/sfroot-g2.crl0L
http://certs.starfieldtech.com/repository/1402
http://www.autoitscript.com/autoit3/0
http://certificates.starfieldtech.com/repository/0
https://certs.starfieldtech.com/repository/0
https://8e0huw.bl.files.1drv.com/y4mTvF_0CtvQ_Rp8lfdqfRCI5csxAJu9TQTYqu8pvqH5Dt9M64UWlw24dEeNIBluJv9
http://secure.globalsign.net/cacert/ObjectSign.crt09

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\1k4znch2.ulk\LPO_121190871.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\52939977\npivfvdsg.pif
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
 PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 80 hidden entries
C:\Users\user\AppData\Local\Temp\52939977\sbthlmuq.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\mlpfl.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\rlaoow.icm
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\qwadkglx.msc
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\qpakk.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\qouvptw.cpl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\qnkofahc.dll
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\qixdronsoi.ico
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\pswwdprct.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\plbkdsrfu.pdf
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\pcgxh.ppt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\oogcrpcrx.xml
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\olsvhdbmg.xml
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\okueernrsd.xml
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\nuwsxq.mp3
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\nlwoh.txt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\nkvnukkx.ppt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\nkhstatj.pdf
 ASCII text, with CRLF line terminators
 #
C:\Users\user\temp\wsncbl.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wlxvv.pdf
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\download\LPO_121190871.7z
 7-zip archive data, version 0.4
 #
C:\Users\user\Desktop\download\.wget-hsts
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\cmdline.out
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\yc0jpuy5.i1l\unarchiver.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\xvqkcsal.msc
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wxjnqp.bin
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wuhd.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wsncbl.dat
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\sgnlwwk.ppt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wllacfn.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wilcqtw.mp3
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\wbxh.ico
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\uqdbhrdrm.bmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\tungrvvhmd.msc
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\swhahcgoli.ini
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\svan.ico
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\shff.cpl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\sgptjppi.ini
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\dwhciwv.ppt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\gbken.ico
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\fxhbgw.docx
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\fqfltm.mp3
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\fmfcnr.ppt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\flvuxwkaea.xml
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\fkhbcugr.mp3
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\feslpcm.ini
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\fdiiwnqpk.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\faqsldafxj.ppt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\evtsfs.bmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\ghtqi.bmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\dsvsawn.xml
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\dslad.msc
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\dibm.jpg
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\cvkpx.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\cuuw.ini
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\btku.bmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\bhammpopdf.bmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\awxbvulfwj.xml
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\aotrtw.ini
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\kvhe.exe
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\midnf.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\maeugbvaax.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\lrqqtwfwdm.xls
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\lplobvpwg.bin
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\lexbkmgn.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\ldqq.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\lbxcifg.docx
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\latspmpl.xl
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\kvmeqjkt.xls
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\mlngtlflh.xls
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\ktnorg.txt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\khsoag.bin
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\jvtesbsnbv.bmp
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\jiffrt.iox
 data
 #
C:\Users\user\AppData\Local\Temp\52939977\ixacj.xls
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\idtmh.icm
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\gsdc.vbs
 Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\grogtjdw.exe
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\52939977\gkhuvc.bmp
 ASCII text, with CRLF line terminators
 #