j2TrdIoHFE7b.vbs

Status: finished

Submission Time: 2020-09-11 19:13:52 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
284622
API (Web) ID:
464442
Analysis Started:

2020-09-11 19:13:54 +02:00
Analysis Finished:

2020-09-11 19:27:02 +02:00
MD5:
0671e735481a55031081895bf0f57760
SHA1:
11788132e8b10e6370530d68d2d562737ef1dae0
SHA256:
f9ad25e0810fc3f545213be438f531677595044c6a64d6b367e93b9aad9910e6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 92	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 7/57

IPs

IP	Country	Detection
84.38.183.216	Russian Federation

Domains

Name	IP	Detection
api10.laptok.at	84.38.183.216

URLs

Name	Detection
http://api10.laptok.at/api1/ByN_2Ba5pHmCUKwc/LkgDlS93ASX_2Bw/_2Bpmdzy9fRnvTk6J2/goHi0A6bz/oxCru_2FGYAoKpN1zBqI/gyCK_2FpAv2t0nWc62X/_2FqBH9kri5d_2FIIHQB_2/Fu49sKuTiZqQe/zsxykUCG/Vi2BTzaP8edSr97QiWG5hf2/sUXbjQP5DG/YgdiDn53bv80QUH_2/BEpbalczJFBY/yQjLswAPXgZ/qmZoG11Z1bPgRN/yxC7N6YFKVO9jwKxnNP2Q/LXm6IfbDjvgRxgab/HFXgIA_0A_0DYw1/4IfJg_2FJ0sYwMmurl/qqtg1KtFp/SZMupMmZc7imxqM976fJ/7_2Fsm5P_2FVJU7x9IO/9vnRp
http://api10.laptok.at/api1/xnSgUzPUlfzDY/NnQK_2FF/Kqmx7XhG7YFPPHp212iNaR7/TKvOl_2BtH/m3jG9qeTV83WDVAQZ/zMmfH0Ea5HKo/994rCMGbyXi/hc1IqdP_2FyYpK/vtsIYLFyt_2BhFTJdiogi/GtIZ00K3g_2Bxep2/9hRwhxl38Hpzw3J/f0zK5MJHl0QxCvZD8n/bXLIwWVOr/spTB6nLJPHHwRvgUQ6_2/BdmuHP1ixwgSHI1q_2B/D_2FHiYEFH4arvJUtMmnXV/gRfPMVSgmVKOv/GST2lC9_/0A_0DU5vH8Mj7f4sOWE5Xar/lEDvZ2EcY3/_2F2WFAa9gcoHv_2Bc/yxI0q
http://api10.laptok.at/api1/ERlhcvFaXd/GqSHxNi2o8a9pppFq/1US1edpWD9vt/ERJVbq2exXK/uYEcBxYQ0puwql/adlEZyCqctF1gLl43_2FK/ldMnWMiy86CvhbpI/LM3FeoIcqaGMkHh/3VwE7Lwos2Yt70oN8b/bPPFOLM2g/vNtyHqpevUDMD93vtWEX/LeOxmXDE8OQsvaav4SK/rPAkQ8Horb_2BK7NJ8agHA/cqNhQ56Fed7Xa/FDSO66_2/BERxE_2FmU86HAgyp8f7lVa/zbsdreY_2F/cnlq_0A_0DnHC9UV_/2Fr8H9SBNERe/ZLfJT25voLa/f7CVerY2F8FJw4/R9LvlRTUrCR7rbsOBasXk/R7Lfj
Click to see the 14 hidden entries
http://api10.laptok.at/api1/wSD_2FKZHisrP/MO_2BDWP/0zhoZvR2AmI6pPiHI9HdvxQ/UYayVW6KUF/p3e869GjGFi18Gu5_/2BIz0dYK5Fkk/NBvumHMvGek/SHygw4g0M4CvzV/IIUw5JYAv4bjWpGiNfVUm/xAmnPrJH6Gb_2FV0/xNsncwTIasTPfyJ/_2B8N0UizCVL02fLVe/BCNolMG4b/TmAoNUJhn5xMYnZzAYwk/dB0L8V0_2Fn9rbkxZOR/cnb4TZXrfoY5dOrbrfIKgC/v3sxNfnjH2UUo/tEn_0A_0/D9tZVyorkcCZANi_2BwmPR_/2F37SK3V6j/CNHSOE_2F94veTxkh/6NGIxtR34t0f/NmqZfZThSzd3/S
http://api10.laptok.at/api1/Q2S_2F_2FF_2F/Jhc84r6W/DOdsfq1FICiKIl9m89pH2t_/2FEZdM7j2g/a3lQN9HeeevGGQ7Wl/s_2B2sW2rm0U/caU9Q6rqhhd/Un0FHNyGMazt8c/iD8NOmeCMDoBFUEIooO_2/BJ9ch4AjrHdPedaU/P9J_2Bk7eAjNekL/b_2BiB8Rm72z572xvk/PSFJu_2BC/zU8_2FrlvdK8cTzsDUvT/xe_2BPtFUbeEsYQG8DW/QQ1jc_2Fh1EDMGidoE2z7o/nnhRtZzQbv4d8/20sYbms2/Cx2Yks8_0A_0D8qF7EAUhSN/UclxjJkn7Z/r_2BpY3wUzeaX2Jom/FPWWpglAd7Ai/liPPD6IfqjF8KpHITg/Pgj
http://api10.laptok.at/api1/wBdLJFIdNx_2F0E/nNLvsuZSHH_2FIbeFO/BE_2F4JeP/LT0mwtJbAfsgn1xmPmx_/2F5GWbYEfy1Gn63M_2B/_2Bs_2Flhia2cKq3ICLgA_/2FrrGg7mff5yt/SHCKZ6Tt/xyzUgjPVIgTpnoiuMW7IoZh/trZ4_2BmAr/zrqIC4YIe30AKuzxr/_2BFVt4Y1si2/lG2lDpzdj8x/qDhb32vJ2RB9cw/Nv6OdMCf751A9V7ff0U7H/dYg_2BYJ5Ow4H2rJ/2RVPKE2XDgCzZvD/koDqnlklpic_0A_0D7/C_2B2kWa1/GtCSkY1vSD_2BaE_2FDJ/JPKuMU_2BzJ5nRmu2Rh/V_2FYT4X
http://api10.laptok.at/api1/uP6dS_2BMjl_/2Ff6pE5oBHR/OL2vr5G67W_2Fz/1ONyiuhjZBmGx_2Fd2SwU/bs54JDJUaSah9Jpj/_2B6Uzn7v9dlVVZ/AQ_2FC0dEsmRmsdS0R/F3VycrnZL/1SLHPAgp2VELiwfZiUt7/IgzRq3adeaf8rKvMx9J/3sI2_2FYEFx138BFRXqa5c/UjcOYKjbdxyDe/3aFM_2F_/2FAGQ_2BPU5e_2Bvl0J1MyN/03QeuTUWO8/55YMNFd5cpVa_2FGC/GxLG7duFNVIb/g9odwiL9jNs/iIdlq_0A_0DrXj/F4r0mwPasaYBlGGWZY_2F/4tJN6AFTgTbJIl1E/N05mpOEU/l
http://api10.laptok.at/api1/DygN80dQ_2BaGuSVpw/bANybTlq9/wpkl21VRdQ3TOJrcRaki/FZVqBPUbvhW_2BevuKl/GsBt0aOTzVYILjUucpTmP4/FZ11lSAA7KpuP/ageZ9pl4/Lbx_2FqMifjto9D2TgNOLSm/rHbXQqvzm2/zc9SrIBa8GsUKdGWq/C19rQVqkDnok/qfqzhZ3cHL_/2FkfRgmSKc02tD/7tCvxVN8uUpHTZp4KEfSW/JAEh_2BSLVZ_2BaW/FZ4q2kGmWH13sfA/98VwVazRUpObuvF_2B/_0A_0DlIA/XUcbN5EORSjAIznJA9mu/MGJsQjUEqdRy7_2F0sJ/qRR9oiwuDII9gSGlKzkh4Z/v6_2BzWk
http://api10.laptok.at/api1/iSDZW0gW/FHitodpK1N7Y3oE1u77lQYK/IONG8VIzKH/siCwYSY2kuo4wx6EZ/8L2Qvw0eqUw2/I7NO1HjDrRE/5GanGbBobDoc58/na3Q_2B_2FJrpcag_2FIz/i_2BMAfwtqgEFSEb/roES8FF88GModpl/cCNa23kRLvGrKjLgwN/KcMhiO7TO/4cYxLFBZpQqgZc88hd3c/ibpkZm7KlqOOO2v40am/EqtUMS7vVjiizfWY1WwNev/A2AdVZSeKmkoR/DASGEzsI/B_2BUe_0A_0DiEmMjenNgW0/Y8O9rQwe7c/2jmiPy7O_2BOAvCUG/pWyxtMo_2BzW/HZr8FNXk1Fb/JDjG70ME/LE8
http://api10.laptok.at/api1/fqNQ_2FXTt2dTj/CXII90dg5f79HV7B_2Bij/21yB93hsr_2Byb3f/e9_2B3XStOM0iUH/zosE6zTnwL3_2B2pxj/KgAtNGysF/STFb73TfWMEYCYogYbSC/4sRVEeHsCAIArG1GGyy/vsEWC_2BjcYCXxSqZ5d06n/2QDk3EZo3I_2B/DjHer5KB/xYxvHTvipDezh_2BNMjwj1Q/wMoiXn0yAe/vpduI6SN217a5FOMl/anSg_2Bf_2Be/mELPiRo_2Fg/CqK5biWJyRoWdb/Ydi_2FUwlo6S7S_0A_0Dg/G6DVtJSxKKfsoBe6/DP1E3QO3mAGXQJ_/2Fqc8P7fao3284R/H8
http://www.live.com/
http://www.twitter.com/
http://www.reddit.com/
http://www.amazon.com/
http://www.wikipedia.com/
http://www.youtube.com/
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\ogress.psd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\locate.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 37 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\ErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\http_404[2]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\handgun.s3m	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\recumbent.woff2	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

j2TrdIoHFE7b.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

j2TrdIoHFE7b.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

j2TrdIoHFE7b.vbs