Register Login

sloganpng

top title background image

Anexo-comprovativo-de-transaccao-N-jf5h3az8xc6-DOC-469.vbs

Status: finished

Submission Time: 2020-07-03 20:24:34 +02:00

Malicious

Ransomware

Evader

Comments

Tags

Details

Analysis ID:
243306
API (Web) ID:
382314
Analysis Started:

2020-07-03 20:24:34 +02:00
Analysis Finished:

2020-07-03 20:38:07 +02:00
MD5:
3fde400fc6c3b401e9e934699907766c
SHA1:
59fa542d34f771eb4e1854a834facad18b1f4cec
SHA256:
3e018a8015f3f7eda7b3e365696e355a23bf4f85cacbbd770679e3f47ef34006
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 72	System: unknown

IPs

IP	Country	Detection
216.58.207.80	United States
8.8.8.8	United States

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\hywruoxidbh.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JI06SAW\P-14-7[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G8R7M7YU\0[1].zip	Zip archive data, at least v2.0 to extract	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\0.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Roaming\26865055978297\sgjdgrhcgdtmbvetx60218633532523.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hywruoxidbh.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	#