Register Login

sloganpng

top title background image

start[526268].vbs

Status: finished

Submission Time: 2021-09-10 06:58:08 +02:00

Malicious

Trojan

Evader

Ursnif

Comments

Tags

Details

Analysis ID:
480986
API (Web) ID:
848555
Analysis Started:

2021-09-10 06:58:09 +02:00
Analysis Finished:

2021-09-10 07:07:16 +02:00
MD5:
b0de0a696f7b17724fef5c5e0af2bd1d
SHA1:
3de72b8cae6a84f82e05cae18f48a1a302dbebc3
SHA256:
e3a1fb3e932aae628aa08bde31be3b30861fa90ca16db4f81d7989093e1fddbe
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 8/89

malicious

IPs

IP	Country	Detection
185.251.90.253	Russian Federation

Domains

Name	IP	Detection
art.microsoftsofymicrosoftsoft.at	185.251.90.253
atl.bigbigpoppa.com	185.251.90.253
resolver1.opendns.com	208.67.222.222

URLs

Name	Detection
http://art.microsoftsofymicrosoftsoft.at/fpsVrgA85_2/BZUV9Iws3c_2Fj/GkkWmnklFKPgFBQ8hMP6W/ISGgirn8yOZisrZs/5_2BH8scRlnvRek/EGKptIwp8lSo93GFx6/ymWkd9jdg/4KpkPYuuZAAAek8BuLEK/tznSDyfWtC0KjQGP2d_/2BrsiHfOmQlV7YgPTes0MP/b6lv_2B55mg9j/CZcF_2Fn/c7jP_2BxBvmhfldW4gAwZkY/uow0BznEMg/Wu3a_2FnHyKBj_2BJ/8ZnXzqvUM8Ze/cMFtkguu1z4/ENTz8901wZ21V2/97iMfuV3Gozq6_2FCxmu3/2vuyb0vOGb_2B1J_/2BS8kN2df/902r
http://atl.bigbigpoppa.com/NhQOwDmOWNWhoZkCuvIJYT/yyrgcNktQOio5/MAWNnOPh/YOpi6p7HZNMrM8dfCZNfhKR/6onGC0_2Fj/Z9tF912mepKiyl36W/W4huWMRggYfW/XcsWaKpGEUD/RLGSHFoZE1byyc/rlBcayy_2BaEyDegqhXic/uK_2B61p_2BSvpFm/KyqmkPSMKG7KXQh/rKyHlYF1pKbQ_2FrYs/GJ_2FCBgc/9AGhinNAfGtoNp19N2M0/VRQmCiVDj4baSUAqCoz/3V8nTzokn2tRxlMEPZAuLu/2tgH0PvXzWJgh/YQdIJgxg/bNHS_2BzqfAV52iuY_2FTg4/1Z1d8SkfRiehoMkV7n/yUZu
http://nuget.org/NuGet.exe
Click to see the 8 hidden entries
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/Pester/Pester
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\fum.cpp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\hvjfk3yo\hvjfk3yo.0.cs	UTF-8 Unicode (with BOM) text	#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.0.cs	UTF-8 Unicode (with BOM) text	#
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.out	ASCII text, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\1cv1ijms\CSC65E6130637C74F63B377719165F577CE.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\RESFECC.tmp	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b51iw0xu.4zo.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_upl555bt.hac.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\adobe.url	MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\hvjfk3yo\hvjfk3yo.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\hvjfk3yo\hvjfk3yo.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\Documents\20210910\PowerShell_transcript.767668.YlCTH0VE.20210910070227.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#