PaymentNotification.vbs

Status: finished

Submission Time: 2021-04-28 20:41:58 +02:00

Malicious

Phishing

Trojan

Adware

Spyware

Evader

HawkEye njRat AsyncRAT MailPassView

Comments

Details

Analysis ID:
399489
API (Web) ID:
701133
Analysis Started:

2021-04-28 20:48:42 +02:00
Analysis Finished:

2021-04-28 21:05:14 +02:00
MD5:
f5b9f4ae6470dd78d53b60dcc6b32a5b
SHA1:
c12a160ff346463dfea1a2a5b015b0efd56a9645
SHA256:
3fb7c96dcb667562f755e56f05a892aa8326d0c905055f1ea75177e1785df46b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 7/58

Open Full Report

malicious

Score: 29/32

malicious

Score: 43/47

malicious

IPs

IP	Country	Detection
103.6.196.196	Malaysia
185.140.53.71	Sweden
104.16.154.36	United States
Click to see the 1 hidden entries
207.241.227.114	United States

Domains

Name	IP	Detection
neesoontat.com.my	103.6.196.196
whatismyipaddress.com	104.16.154.36
ia601504.us.archive.org	207.241.227.114
Click to see the 2 hidden entries
81.189.14.0.in-addr.arpa	0.0.0.0
mail.neesoontat.com.my	0.0.0.0

URLs

Name	Detection
185.140.53.71
http://www.jiyu-kobo.co.jp/arge
http://www.galapagosdesign.com/staff/dennis.htmQK
Click to see the 97 hidden entries
http://www.sakkal.com
https://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&
http://www.urwpp.de
http://www.sandoll.co.kr
http://www.fonts.com
https://login.yahoo.com/config/login
http://www.carterandcone.com;
http://www.founder.com.cn/cnu
http://www.carterandcone.comfacb
http://www.jiyu-kobo.co.jp/jp/i
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
http://www.apache.org/licenses/LICENSE-2.0
http://www.founder.com.cn/cnm
http://www.founder.com.cn/cnlw
http://fontfabrik.com
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
http://www.galapagosdesign.com/staff/dennis.htm
http://www.typography.netD
http://www.carterandcone.com
http://www.goodfont.co.kr
http://www.jiyu-kobo.co.jp/jp/3
http://www.tiro.com
http://www.fontbureau.comTTFd
http://www.jiyu-kobo.co.jp/uild
http://www.fontbureau.com/designers8
https://ia601504.us.archive.org/
http://crl.godaddy.com/gdroot.crl0F
http://www.jiyu-kobo.co.jp/
http://crl.g
http://www.monotype.
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/cabarga.htmlN
https://ia601504.us.archive.org/25/items/codigo_202104/codigo.txt
http://www.fontbureau.comdi
http://www.fontbureau.comd
http://www.carterandcone.comal
http://www.fontbureau.coma
http://www.jiyu-kobo.co.jp/jp/
http://www.founder.com.cn/cn/S
http://www.jiyu-kobo.co.jp/jp/r
https://ia601504.us.archive.org/3
http://www.fontbureau.comessed8
http://www.jiyu-kobo.co.jp/udi
http://www.jiyu-kobo.co.jp/Y0et
http://www.fontbureau.comF
https://ia601504.us.archive.org/25/items/codigo_202104/codigo.txt3u
http://www.fontbureau.com
http://www.carterandcone.comafet6
https://2542116.fls.doubleclick.net/activi
http://www.carterandcone.comMP_
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.carterandcone.comhly#
http://certificates.godaddy.com/repository/gdig2.crt0
http://www.zhongyicts.com.cn
http://www.nirsoft.net/
http://www.fontbureau.comdita
http://whatismyipaddress.com/
http://www.urwpp.deDPlease
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://c
http://www.site.com/logs.php
http://www.galapagosdesign.com/
http://www.galapagosdesign.com/DPlease
http://whatismyipaddress.com/-
http://www.jiyu-kobo.co.jp/wab
http://www.jiyu-kobo.co.jp/vno8
http://www.jiyu-kobo.co.jp/3
http://www.jiyu-kobo.co.jp/8
http://www.fontbureau.comtua
http://www.founder.com.cn/cn/cThe
http://www.sajatypeworks.com
http://www.jiyu-kobo.co.jp/96
http://www.fontbureau.com/designers
http://www.jiyu-kobo.co.jp/r
http://www.fontbureau.com/designers?
http://certificates.godaddy.com/repository/0
http://www.jiyu-kobo.co.jp/jp/G
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.fontbureau.com/designersG
http://www.founder.com.cn/cn)
http://www.fontbureau.comitu
http://www.jiyu-kobo.co.jp/i
http://fontfabrik.com;
http://www.jiyu-kobo.co.jp/het
http://www.fontbureau.comcomF
http://www.carterandcone.com-E
http://www.fontbureau.com/designers/frere-jones.html
http://crl.godaddy.com/gdroot-g2.crl0=w
http://crl.godaddy.com/gdroot-g2.crl0F
http://www.carterandcone.coml
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
https://certs.godaddy.com/repository/0
http://www.jiyu-kobo.co.jp/G
http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.co
http://www.jiyu-kobo.co.jp/L
http://certs.godaddy.com/repository/1301
http://crl.godaddy.com/gdig2s1-1597.crl0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\Tmp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\pgr.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmp87E4.tmp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Temp\tmpFB21.tmp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\79c06ef4ef423d882819c4e66285ec85.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d4c6a6df7bab3dad31763de990c4ed82.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\servieda.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58596 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Tmp.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\d4c6a6df7bab3dad31763de990c4ed82.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\codigo[1].txt	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\holderwb.txt	Little-endian UTF-16 Unicode text, with no line terminators	#
C:\Users\user\AppData\Roaming\pid.txt	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\pidloc.txt	ASCII text, with no line terminators	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#

PaymentNotification.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

PaymentNotification.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

PaymentNotification.vbs