Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

v8MaHZpVOY2L.vbs

Status: finished
Submission Time: 2021-08-02 22:02:06 +02:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    458149
  • API (Web) ID:
    825737
  • Analysis Started:
    2021-08-02 22:02:07 +02:00
  • Analysis Finished:
    2021-08-02 22:13:12 +02:00
  • MD5:
    5d6eee678e2f66bef8885b3b3064db81
  • SHA1:
    4f64fdc2929e29ad8c001a0c3d8ad02f175f68d8
  • SHA256:
    9889b06c39eab474b06205ab27007447ee6e7eebdb8ac2e55b31eaacdcde8a49
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 20/58
Open Full Report
malicious
Score: 5/35
malicious
Score: 10/28
malicious

IPs

IP Country Detection
185.228.233.17
 Russian Federation

Domains

Name IP Detection
gtr.antoinfer.com
 185.228.233.17
app.flashgameo.at
 185.228.233.17
resolver1.opendns.com
 208.67.222.222

URLs

Name Detection
http://gtr.antoinfer.com/rlxVSKuL/2_2BsetYpYqkPa4ojd3ueIs/LptIHuoMYe/oePXHReeS37D5yQcj/NVMKXI44Lp_2/FBXX9_2Bb20/jKEI_2Bgs2rJZa/uDvTh6TWLh5vgJvzY3DD5/t9e4NaZqHQBjkiny/8qc8N7JBB_2BWAp/j62HsMJoXm5nFzMKnH/PUlPiGqu_/2BwmGwUAtbFIfQPHyxkA/s1QKb9NHLGrKFNlhNvS/ugnsSzKyJjdaSAXMmE7nnq/w4loggPNqDjSA/3u_2Fu4X/o8m8kFpFCtqZfzxEWO6Thbv/o4OD2d7LJV/azLj6lFTEoSfLl1Au/Hx1vAUoJagaa/8_2Faxj3Ge9/KUQqi9K
http://app.flashgameo.at/G_2BtrdeOa30tm0G9t89_/2B2JiDdQSL9x3Q_2/FX260sNBDITgyeI/BpdcrPIFomZZkoPh3u/AGrnxiUWf/rTd4z_2FOnqpP22ZfzjV/mxG1oweqZWhdtbLmZAx/FWCeM7DpHnLSREoZzBO0OT/Gl1f2t9tfS_2B/ptWI3fqD/FvNQq67awVJw_2B1kVzh8_2/BYbRBRJlE6/co1z79C1RuybQlL62/8psEOCbjHHAG/PdRgwv9Npt6/R_2FEA3He8vvaK/f3TQbAUz8vl1HZbrGMu9B/8naEcnAAoMKIKsYO/rVxHWtDfSOnGKso/2ZAFkBCgt5yBJA/G
http://nuget.org/NuGet.exe
Click to see the 8 hidden entries
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/Pester/Pester
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\beneficial.odt
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\xbktblub\xbktblub.cmdline
 UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2d5wfsji.ow5.ps1
 very short file (no magic)
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_slzfxbde.xn1.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\adobe.url
 MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\xbktblub\xbktblub.0.cs
 UTF-8 Unicode (with BOM) text
 #
C:\Users\user\AppData\Local\Temp\xbktblub\xbktblub.out
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
 #
C:\Users\user\Documents\20210802\PowerShell_transcript.841618.nGLqID_F.20210802220653.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #