flash

PaymentNotification.vbs

Status: finished
Submission Time: 28.04.2021 20:41:58
Malicious
Phishing
Trojan
Adware
Spyware
Evader
HawkEye njRat AsyncRAT MailPassView

Comments

Tags

  • vbs

Details

  • Analysis ID:
    399489
  • API (Web) ID:
    701133
  • Analysis Started:
    28.04.2021 20:48:42
  • Analysis Finished:
    28.04.2021 21:05:14
  • MD5:
    f5b9f4ae6470dd78d53b60dcc6b32a5b
  • SHA1:
    c12a160ff346463dfea1a2a5b015b0efd56a9645
  • SHA256:
    3fb7c96dcb667562f755e56f05a892aa8326d0c905055f1ea75177e1785df46b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
7/58

malicious
29/32

malicious
43/47

malicious

IPs

IP Country Detection
103.6.196.196
Malaysia
185.140.53.71
Sweden
104.16.154.36
United States
Click to see the 1 hidden entries
207.241.227.114
United States

Domains

Name IP Detection
neesoontat.com.my
103.6.196.196
whatismyipaddress.com
104.16.154.36
ia601504.us.archive.org
207.241.227.114
Click to see the 2 hidden entries
81.189.14.0.in-addr.arpa
0.0.0.0
mail.neesoontat.com.my
0.0.0.0

URLs

Name Detection
185.140.53.71
https://ia601504.us.archive.org/25/items/codigo_202104/codigo.txt
http://www.fontbureau.com/designers/cabarga.htmlN
Click to see the 97 hidden entries
http://www.founder.com.cn/cn
http://www.monotype.
http://crl.g
http://www.jiyu-kobo.co.jp/
http://crl.godaddy.com/gdroot.crl0F
https://ia601504.us.archive.org/
http://www.fontbureau.com/designers8
http://www.jiyu-kobo.co.jp/uild
http://www.carterandcone.com-E
http://www.fontbureau.com/designers
http://www.jiyu-kobo.co.jp/96
http://www.sajatypeworks.com
http://www.founder.com.cn/cn/cThe
http://www.fontbureau.comtua
http://www.jiyu-kobo.co.jp/8
http://www.jiyu-kobo.co.jp/3
http://www.jiyu-kobo.co.jp/vno8
http://www.jiyu-kobo.co.jp/wab
http://whatismyipaddress.com/-
http://www.galapagosdesign.com/DPlease
http://www.carterandcone.comafet6
http://www.site.com/logs.php
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://c
http://www.urwpp.deDPlease
http://whatismyipaddress.com/
http://www.fontbureau.comdita
http://www.nirsoft.net/
http://www.zhongyicts.com.cn
http://certificates.godaddy.com/repository/gdig2.crt0
http://www.carterandcone.comhly#
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.carterandcone.comMP_
https://2542116.fls.doubleclick.net/activi
http://www.galapagosdesign.com/
http://crl.godaddy.com/gdig2s1-1597.crl0
http://certs.godaddy.com/repository/1301
http://www.jiyu-kobo.co.jp/L
http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.co
http://www.jiyu-kobo.co.jp/G
https://certs.godaddy.com/repository/0
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
http://www.carterandcone.coml
http://crl.godaddy.com/gdroot-g2.crl0F
http://crl.godaddy.com/gdroot-g2.crl0=w
http://www.fontbureau.com/designers/frere-jones.html
http://www.jiyu-kobo.co.jp/r
http://www.fontbureau.comcomF
http://www.jiyu-kobo.co.jp/het
http://fontfabrik.com;
http://www.jiyu-kobo.co.jp/i
http://www.fontbureau.comitu
http://www.founder.com.cn/cn)
http://www.fontbureau.com/designersG
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.jiyu-kobo.co.jp/jp/G
http://certificates.godaddy.com/repository/0
http://www.fontbureau.com/designers?
http://www.carterandcone.comal
http://www.tiro.com
http://www.jiyu-kobo.co.jp/jp/3
http://www.goodfont.co.kr
http://www.carterandcone.com
http://www.typography.netD
http://www.galapagosdesign.com/staff/dennis.htm
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
http://fontfabrik.com
http://www.founder.com.cn/cnlw
http://www.founder.com.cn/cnm
http://www.jiyu-kobo.co.jp/arge
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
http://www.jiyu-kobo.co.jp/jp/i
http://www.carterandcone.comfacb
http://www.founder.com.cn/cnu
http://www.carterandcone.com;
https://login.yahoo.com/config/login
http://www.fonts.com
http://www.sandoll.co.kr
http://www.urwpp.de
https://contextual.media.net/checksync.phphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&
http://www.sakkal.com
http://www.galapagosdesign.com/staff/dennis.htmQK
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
https://ia601504.us.archive.org/25/items/codigo_202104/codigo.txt3u
http://www.fontbureau.comF
http://www.jiyu-kobo.co.jp/Y0et
http://www.jiyu-kobo.co.jp/udi
http://www.fontbureau.comessed8
https://ia601504.us.archive.org/3
http://www.jiyu-kobo.co.jp/jp/r
http://www.founder.com.cn/cn/S
http://www.jiyu-kobo.co.jp/jp/
http://www.fontbureau.coma
http://www.fontbureau.comTTFd
http://www.fontbureau.comd
http://www.fontbureau.comdi

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Tmp.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\pgr.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmp87E4.tmp.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Temp\tmpFB21.tmp.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\79c06ef4ef423d882819c4e66285ec85.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d4c6a6df7bab3dad31763de990c4ed82.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\servieda.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58596 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Tmp.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\d4c6a6df7bab3dad31763de990c4ed82.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\codigo[1].txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\holderwb.txt
Little-endian UTF-16 Unicode text, with no line terminators
#
C:\Users\user\AppData\Roaming\pid.txt
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\pidloc.txt
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#