Register Login

sloganpng

top title background image

HSBC Payment Advice.exe

Status: finished

Submission Time: 2021-11-25 18:47:24 +01:00

Malicious

Ransomware

Phishing

Trojan

Spyware

Exploiter

Evader

GuLoader AveMaria UACMe

Comments

Tags

Details

Analysis ID:
528768
API (Web) ID:
896293
Analysis Started:

2021-11-25 18:47:52 +01:00
Analysis Finished:

2021-11-25 18:57:18 +01:00
MD5:
a069e61b357f625a7b3595150412c42d
SHA1:
5fa560d04b13db7e0216bda2ca5f1c3b94a8912e
SHA256:
0fb47a47bc025991b3ed8895aa84030def6e5cc538a9cec279a73f4528d549c6
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 37/66

Open Full Report

malicious

Score: 7/35

malicious

Score: 22/45

IPs

IP	Country	Detection
38.103.244.107	United States

Domains

Name	IP	Detection
barr2.ddns.net	194.5.97.4
spuredge.com	38.103.244.107

URLs

Name	Detection
https://spuredge.com/warzone_JBBOxCEy72.bin
https://github.com/syohex/java-simple-mine-sweeperC:

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\images.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\images.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkoahsjv.1ht.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tubbusjo.0kz.psm1	very short file (no magic)	#
C:\Users\user\Documents\20211125\PowerShell_transcript.051829.7+5fXBbe.20211125185051.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#