2tsY1gtYQe.exe

Status: finished

Submission Time: 2020-11-28 11:54:51 +01:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
324124
API (Web) ID:
550022
Analysis Started:

2020-11-28 12:01:04 +01:00
Analysis Finished:

2020-11-28 12:08:54 +01:00
MD5:
75dd85a6d1389e53fb125ebd9d2711a3
SHA1:
39d33f5c7aa2364f0f345f566946758ad3af80d4
SHA256:
2b120acc21bb146f94d229b7efeef732ab31dc9874fa00174f61e7673982a309
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 45/71

malicious

Score: 24/29

IPs

IP	Country	Detection
185.219.220.94	Sweden
151.101.1.192	United States
192.229.221.185	United States
Click to see the 1 hidden entries
143.204.215.116	United States

Domains

Name	IP	Detection
loadshemsplot.xyz	185.219.220.94
microsoftwindows.112.2o7.net	15.237.136.106
dh1y47vf5ttia.cloudfront.net	143.204.215.116
Click to see the 9 hidden entries
cs1227.wpc.alphacdn.net	192.229.221.185
liveperson.map.fastly.net	151.101.1.192
logincdn.msauth.net	0.0.0.0
accdn.lpsnmedia.net	0.0.0.0
publisher.liveperson.net	0.0.0.0
assets.onestore.ms	0.0.0.0
lptag.liveperson.net	0.0.0.0
static-assets.fs.liveperson.com	0.0.0.0
mem.gfx.ms	0.0.0.0

URLs

Name	Detection
https://support.office.com/th-th/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://lpcdn.lpsnmedia.net/le_unified_window/9.12.0.19-release_4769/resources/loader_on_warmGray5_7
https://schema.org/ItemList
Click to see the 86 hidden entries
https://support.office.com/fi-fi/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
http://github.com/requirejs/domReady
https://release.moscnuat.com
https://support.office.com/id-id/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://mem.gfx.ms
https://support.office.com/en-us/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.microsoftstore.com.cn/software/microsoft-365
https://support.office.com/nl-nl/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.youtube.com/user/MicrosoftCH
https://support.office.com/fr-ch/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/es-mx/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.microsoftstore.com.cn/surface
https://support.office.com/zh-cn/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.microsoftstore.com.cn/hardware/xbox
https://www.microsoftstore.com.cn/cart
https://va.msg.liveperson.net
https://support.office.com/en-ae/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://lpcdn.lpsnmedia.net
http://github.com/requirejs/requirejs/LICENSE
https://support.office.com/en-ie/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.microsoftstore.com.cn/hardware/accessories/surface
https://www.microsoftstore.com.cn/microsoft-365/microsoft-365
https://channel9.msdn.com/
http://schema.org/Organization
http://www.live.com/
http://github.com/aFarkas/lazysizes
https://www.xbox.com/
https://support.office.com/it-it/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/en-ng/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/cs-cz/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
http://www.wikipedia.com/
https://onedrive.live.com/about/de-ch/
https://www.linkedin.com/company/1035
https://support.office.com/fr-fr/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
http://www.youtube.com/
https://support.office.com/ru-ru/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/pl-pl/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/en-za/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/he-il/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/es-cl/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://twitter.com/microsoft_ch
http://www.twitter.com/
https://support.office.com/ar-sa/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://va.idp.liveperson.net
https://support.office.com/ja-jp/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/sk-sk/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://mem.gfx.ms/meversion?partner=MSHomePage&market=de-ch&uhf=1
https://support.office.com/pt-pt/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/en-ca/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/zh-hk/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/zh-tw/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://publisher.liveperson.net/iframe-le-tag/iframe.html?lpsite=60270350&lpsection=store-sales
https://www.microsoftstore.com.cn/xbox
https://www.microsoftstore.com.cn/hardware/accessories/xbox
https://static-assets.fs.liveperson.com/microsoft/lp_ada_enhancements-prod.css
http://www.amazon.com/
https://www.skype.com/de/
https://support.office.com/tr-tr/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://assets.onestore.ms
https://products.office.com/de-ch/academic/compare-office-365-education-plans
https://support.office.com/es-co/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.onenote.com/?omkt=de-CH
https://support.office.com/de-de/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://publisher.liveperson.net
https://microsoftwindows.112.2o7.net
https://support.office.com/en-in/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Roles/Alert_Role
http://www.nytimes.com/
http://www.apache.org/licenses/LICENSE-2.0
https://www.microsoftstore.com.cn/checkout
https://support.office.com/de-ch/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
http://www.reddit.com/
https://support.office.com/da-dk/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/hu-hu/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://outlook.live.com/owa/
https://support.office.com/pt-br/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/nb-no/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/ko-kr/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/en-gb/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.microsoftstore.com.cn/hardware/surface
https://www.21vbluecloud.com/dynamics365/
https://support.office.com/es-es/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/vi-vn/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://support.office.com/sv-se/article/get-support-or-advice-18948a4c-3eb1-4b30-b1bc-a4cc29eb7655
https://www.instagram.com/microsoftch/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\94-3cd1e0[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\65-478888[1].css	UTF-8 Unicode (with BOM) text, with very long lines	#
Click to see the 74 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\zones[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\wcp-consent[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\twitter[1].png	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\linkedin[1].png	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\latest[1].woff2	Web Open Font Format (Version 2), TrueType, length 34052, version 0.0	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jsll-4[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\iframe[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE1Mu3b[1].png	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\e3-082b89[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cartcount[1].htm	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE4rriw[1].png	PNG image data, 40 x 40, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\RE3Vc2M[1].wdp	JPEG-XR	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\tag[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\social[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mwfmdl2-v3.54[1].woff	Web Open Font Format, TrueType, length 26288, version 0.0	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\me[1].htm	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\lp_ada_enhancements-prod[1].js	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Temp\~DFDB45CE98218A909C.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF8FBA83EEC5070EA3.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF859C4A3D90DE0E8D.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF724610E3F111291D.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF68A6692B1F72E627.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF67E3D37EE042C482.TMP	data	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\me[1].htm	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.3.1.min[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\cartcount[1].htm	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\accountproperties[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4sQDc[1].png	PNG image data, 40 x 40, 2-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4pxBu[1].png	PNG image data, 40 x 40, 8-bit gray+alpha, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4pndL[1].png	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4HSnu[1].png	PNG image data, 1600 x 600, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\RE4CFyx[1].wdp	JPEG-XR	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4E4rT[1].wdp	JPEG-XR	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\.jsonp[1].js	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4H4KA[1].wdp	JPEG-XR	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{580999A0-3169-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{490CE92C-3169-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2DF065A7-3169-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5809999E-3169-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{490CE92A-3169-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2DF065A5-3169-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\social[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\facebook[1].png	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\a4-539297[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RE4pkvE[1].png	PNG image data, 40 x 40, 8-bit gray+alpha, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RE4GyBM[1].wdp	JPEG-XR	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\MeControl_zXOsandYqRnW6Qh35WUOMw2[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\1x1clear[1].gif	GIF image data, version 89a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\youtube[1].png	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\publisher.liveperson[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\meversion[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\meCore.min[1].js	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\meBoot.min[1].js	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\instagram[1].png	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\accountproperties[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE4Hykp[1].wdp	JPEG-XR	#

2tsY1gtYQe.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

2tsY1gtYQe.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

2tsY1gtYQe.exe