Register Login

sloganpng

top title background image

look_presentation_84275.vbs

Status: finished

Submission Time: 2020-09-17 15:51:07 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Tags

Details

Analysis ID:
286986
API (Web) ID:
469126
Analysis Started:

2020-09-17 15:51:08 +02:00
Analysis Finished:

2020-09-17 15:57:31 +02:00
MD5:
30c60df7f7febee8404ef1ca2c1fac0a
SHA1:
1acc068ef95e1b4378f752f839a1c9dcc5c58b2d
SHA256:
18d6ba48ce77fd70ba56dc0e6dc2c2f5b45614f181974b3ed8c646164e197af6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 7/56

malicious

IPs

IP	Country	Detection
8.208.101.13	Singapore

Domains

Name	IP	Detection
api10.laptok.at	8.208.101.13

URLs

Name	Detection
http://api10.laptok.at/api1/m0nTTmquy9C65rQ4tn/qQCDRAZlN/q1ZwoMEB0ubMQVoh5n7V/WtESt0Z5hctG6G_2Bjz/bU
http://api10.laptok.at/favicon.ico
http://api10.laptok.at/api1/w_2FoTeexQyD/Fghyn08znyt/1WysawwP7aPlBF/GV3Z_2B1tmX6SKWu5Mi_2/F42kIzQgtwmx9mfr/7nEyUwwGqXrpuGi/8QMa318Mn5f5FJtuDo/NlIjbbeHf/3xbZB4jP46e1hv_2Fv1Y/KPjnvo7YujU4NzmZHqM/vabinagUfyButwYTDG_2FM/kOBGLkWRYTYcT/ixq5z9Q2/Pe6HFdq4V12ZLUrTtHBn_2F/iqkLK8Ok2w/qwZzMenqB_2FFI3nB/bfP7_2F9kcOb/_2Fm48HYkA_/0A_0DNPM980PgR/luzZbO4_2BK4_2FRbwgPc/jnmJbgz4m_2Bjwnb/XYfjDn7PLlZKfKI/Z7O26GDhR/O82a
Click to see the 2 hidden entries
http://api10.laptok.at/api1/m0nTTmquy9C65rQ4tn/qQCDRAZlN/q1ZwoMEB0ubMQVoh5n7V/WtESt0Z5hctG6G_2Bjz/bU1rZac12CzT2CcifnlH5H/FCAR8LLB8T2KF/nPngZxIW/d8PFvGKxutD7aErRf1uwxEb/n7wTAc12MP/oAHF9p0YLtepeBrgS/1XWdHfH5G1NW/1Axl3h8e7ww/oZMeb_2ByvvRUa/qEVVRjZolFjr_2B9kgn0_/2FXNj0N02u_2B31X/GmB42bPxMUpEmkd/_2FrVeYtO34cmwwh_0/A_0DhpcMr/3FGCUEXMhEcTmB2S4PBD/kRVwj5PJkj5VtaTz67D/CED
http://api10.laptok.at/api1/w_2FoTeexQyD/Fghyn08znyt/1WysawwP7aPlBF/GV3Z_2B1tmX6SKWu5Mi_2/F42kIzQgtw

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\Greenbelt.iso	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\hosiery.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Temp\~DFE0E8DCCB111DAFA9.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFBE698B02FCA68207.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF6470B281BA2D7249.TMP	data	#
C:\Users\user\AppData\Local\Temp\vacant.mp3	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\quackery.mxf	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\macrostructure.iso	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\fest.js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9BB46AC9-F938-11EA-90E3-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Euclid.rs	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\CED[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\O82a[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9BB46ACD-F938-11EA-90E3-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9BB46ACB-F938-11EA-90E3-ECF4BB570DC9}.dat	Microsoft Word Document	#