Invoiceo.exe

Status: finished

Submission Time: 2021-05-03 14:49:17 +02:00

Malicious

Trojan

Evader

FormBook

Comments

Details

Analysis ID:
402845
API (Web) ID:
707852
Analysis Started:

2021-05-03 14:49:18 +02:00
Analysis Finished:

2021-05-03 15:05:08 +02:00
MD5:
8f2489d7ce50e99109af9925818daf2b
SHA1:
5481d53e59fda1e0d849b677e15b410ba6f64fbc
SHA256:
0013853950647289e952326b93ce46aa3e73db654367ef3c005e29257db31fba
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 10/47

IPs

IP	Country	Detection
154.207.58.218	Seychelles

Domains

Name	IP	Detection
www.tabuk24.com	154.207.58.218
www.swim-maki.com	0.0.0.0

URLs

Name	Detection
http://www.tabuk24.com/csi/?TTgLKx=uFNDtp4H1nDLCVd&mR-ptRI=N6ynhade2rGTzfH7Obdga9j8h7xnVmduHv/FNLw2V1/oBiufSguui3vD99XwSD3G2mHh
www.swim-maki.com/csi/
http://www.naturaldesiproducts.comReferer:
Click to see the 90 hidden entries
http://www.foodbyroyalbites.com/csi/www.bioshope.online
http://www.kontrey.comReferer:
http://www.kontrey.com
http://www.tabuk24.com
http://www.swim-maki.com
http://www.bioshope.online
http://www.bahama-id.com/csi/
http://www.ss01center.com/csi/
https://go.micro
http://www.nelivo.com
http://www.bermudesfcrasettlement.comReferer:
http://www.adtlive.com/csi/www.rare-snare.com
http://www.kontrey.com/csi/www.bahama-id.com
http://www.adtlive.com/csi/
http://www.swim-maki.comReferer:
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty
http://www.bahama-id.com/csi/www.uspaypausa.com
http://www.adtlive.com
http://www.bioshope.onlineReferer:
https://github.com/unguest
http://www.jiyu-kobo.co.jp/
http://www.tabuk24.com/csi/
http://www.rare-snare.com/csi/
http://www.wristaidmd.comReferer:
http://www.uspaypausa.comReferer:
http://www.bahama-id.com
http://www.bioshope.online/csi/www.wristaidmd.com
http://www.kontrey.com/csi/
http://www.naturaldesiproducts.com/csi/M
http://www.rare-snare.comReferer:
http://www.fontbureau.com/designers8
http://www.wristaidmd.com
http://www.tabuk24.com/csi/www.swim-maki.com
http://www.ss01center.com
http://www.naturaldesiproducts.com
http://www.fontbureau.com/designers/frere-jones.html
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.tabuk24.comReferer:
http://www.ss01center.comReferer:
http://www.carterandcone.coml
http://www.sakkal.com
http://www.tiro.com
http://www.sajatypeworks.com
http://www.nelivo.com/csi/
http://www.ss01center.com/csi/www.naturaldesiproducts.com
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
http://www.goodfont.co.kr
http://www.analistaweb.net/csi/
http://www.analistaweb.net
http://www.swim-maki.com/csi/
http://www.foodbyroyalbites.comReferer:
http://www.fontbureau.com/designers
http://www.wristaidmd.com/csi/
http://www.bioshope.online/csi/
http://www.rare-snare.com/csi/www.analistaweb.net
http://www.bermudesfcrasettlement.com/csi/
http://www.microsoft.co
http://www.bahama-id.comReferer:
http://www.fontbureau.com/designers?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
http://www.nelivo.comReferer:
http://www.analistaweb.net/csi/www.kontrey.com
http://www.rare-snare.com
http://www.nelivo.com/csi/www.adtlive.com
http://www.foodbyroyalbites.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.adtlive.comReferer:
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
http://www.swim-maki.com/csi/www.bermudesfcrasettlement.com
http://www.sandoll.co.kr
http://www.fonts.com
http://www.bermudesfcrasettlement.com
http://www.naturaldesiproducts.com/csi/
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designersG
http://www.uspaypausa.com/csi/www.ss01center.com
http://www.uspaypausa.com/csi/
http://www.wristaidmd.com/csi/www.nelivo.com
http://www.uspaypausa.com
http://fontfabrik.com
http://www.galapagosdesign.com/staff/dennis.htm
http://www.founder.com.cn/cn/cThe
http://www.foodbyroyalbites.com/csi/
http://www.analistaweb.netReferer:
http://www.typography.netD

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoiceo.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmpEE1D.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\yYxmxiApi.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dpod1dif.1ty.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvegrtut.myf.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t10emffs.5zu.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vijt5kae.3jh.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_voiu13at.ago.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y0wayzft.p4m.ps1	very short file (no magic)	#
C:\Users\user\AppData\Roaming\yYxmxiApi.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\Documents\20210503\PowerShell_transcript.065367.35C6bBM3.20210503145014.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210503\PowerShell_transcript.065367.K12PJCIf.20210503145011.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\Documents\20210503\PowerShell_transcript.065367.wOdK0DyO.20210503145012.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

Invoiceo.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Invoiceo.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Invoiceo.exe