top title background image
flash

08042021New-PurchaseOrder.exe

Status: finished
Submission Time: 2021-04-08 12:19:16 +02:00
Malicious
Trojan
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • bat
  • Yahoo

Details

  • Analysis ID:
    383917
  • API (Web) ID:
    669940
  • Analysis Started:
    2021-04-08 12:23:00 +02:00
  • Analysis Finished:
    2021-04-08 12:37:51 +02:00
  • MD5:
    27233176a2a979195b01a53ec16c7631
  • SHA1:
    0ef424d2000f18e6b83473535bf85d22ed9ab79b
  • SHA256:
    397a62fc978f7a97a87caaf9c35e98e4a053de4e786beee73a6c1ac0e99c9fc9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 7/48

IPs

IP Country Detection
172.67.150.212
United States

Domains

Name IP Detection
myliverpoolnews.cf
172.67.150.212

URLs

Name Detection
http://ocsp.sectigo.com0
https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
Click to see the 97 hidden entries
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
https://felix.data.tm-awx.com/ampconfig.json"
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194
https://s2-prod.liverpool.com/
https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
https://securepubads.g.doubleclick.net/tag/js/gpt.js
http://schema.org/BreadcrumbList
https://www.liverpool.com/schedule/
http://schema.org/NewsArticle
https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
https://www.liverpool.com/all-about/steven-gerrard
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-E349A863A698863617D7B55886FAE832.html
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
https://www.liverpool.com/all-about/curtis-jones
https://www.liverpool.com/liverpool-fc-news/features/liverpool-gini-wijnaldum-rumours-fitness-199533
https://i2-prod.liverpoolecho.co.uk/incoming/article17172788.ece/ALTERNATES/s1200/1_GettyImages-1178
https://www.liverpool.com/liverpool-fc-news/features/liverpool-barcelona-real-madrid-psg-17164868
https://reach-id.orbit.tm-awx.com/analytics.js.gz
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg
https://www.liverpool.com/liverpool-fc-news/features/rhian-brewster-liverpool-arsenal-team-17172763&
https://www.liverpool.com/all-about/transfers
http://myliverpoolnews.cf
https://www.liverpool.com/
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s180/0_GettyImages-1304940818.
https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
https://www.liverpool.com/all-about/champions-league
https://sectigo.com/CPS0D
https://i2-prod.liverpool.com/incoming/article17166876.ece/ALTERNATES/s615/0_GettyImages-1175998874.
https://sectigo.com/CPS0C
https://www.liverpool.com/all-about/andrew-robertson
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5183A347C7BAD04E3424599E1B978F29.html
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s180/0_GettyImages-1231353837.
https://mab.data.tm-awx.com/rhs"
https://myliverpoolnews.cf4
https://www.liverpool.com/all-about/georginio-wijnaldum
http://schema.org/ListItem
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s615/0_Salah-Pressing.jpg
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.nirsoft.net/
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154
https://www.liverpool.com/liverpool-fc-news/
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png
https://www.liverpool.com/all-about/premier-league
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668
https://c.amazon-adsystem.com/aax2/apstag.js
http://www.microsoft.co
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-
https://s2-prod.mirror.co.uk/
https://www.liverpool.com/all-about/ozan-kabak
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg
https://felix.data.tm-awx.com/felix.min.js
https://github.com/Pester/Pester
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png
https://reachplc.hub.loginradius.com"
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\SWqTT\SWqTT.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dva0twzw.csn.ps1
very short file (no magic)
#
Click to see the 20 hidden entries
C:\Users\user\JMfuFTspQyAokpYkLoiLJnktrYABdrUoj
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\Documents\20210408\PowerShell_transcript.445817.ku7owyer.20210408122414.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210408\PowerShell_transcript.445817.dfbKEN5N.20210408122415.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\test.bat
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\fd1184c9-c9ac-4916-9473-72e4acc27c78\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\test.bat
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\ad2a32e8-d371-420d-aff0-c38bfb943d1f\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n5lfjoqp.nj0.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iu12tuhx.b3d.ps1
very short file (no magic)
#
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_08042021New-Purc_27713ebec8c220f2d5c09c5ea843cd62601d18_a44221a1_197a503e\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_autfnfbp.5ke.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\test.bat
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\6c8082d4-9c17-4dbf-af3a-b69aa21e82f5\AdvancedRun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58596 bytes, 1 file
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A06.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER48CD.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A64.tmp.dmp
Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Thu Apr 8 19:24:28 2021, 0x1205a4 type
#