Cab_Invoice_pdf.exe

Status: finished

Submission Time: 2021-12-04 23:20:30 +01:00

Malicious

Evader

Comments

Details

Analysis ID:
534002
API (Web) ID:
901524
Analysis Started:

2021-12-04 23:20:31 +01:00
Analysis Finished:

2021-12-04 23:36:30 +01:00
MD5:
e5dc6a7459fd6ef46afee60318470b03
SHA1:
c0a036def9b2d42804c164b156aaf007d9fffa02
SHA256:
ea0fd73223e8313da714a6924c1dfae72f2c976935c2b323a6b192c063b0063a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 72	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 42/67

Open Full Report

malicious

Score: 12/36

malicious

Score: 17/29

malicious

IPs

IP	Country	Detection
142.250.145.109	United States
142.250.145.108	United States

Domains

Name	IP	Detection
smtp.gmail.com	142.250.145.108

URLs

Name	Detection
http://crls.pki.goog/gts1c3/moVDfISia2k.crla
http://crls.pki.goog/gts1c3/moVDfISia2k.crlr
http://ocsp.thawte.com0
Click to see the 53 hidden entries
http://pki.goog/repo/certs/gts1c3.dere2
http://crl.ver)
http://crls.pki.goog/gts1c3/moVDfISia2k.crl
http://crl.pki.goog/gtsr1/gtsr1.crl0W
https://www.tiktok.com/legal/report/feedback
http://pki.goog/gsr1/gsr1.crt02
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
http://pki.goog/gsr1/gsr1.crtloc
https://pki.goog/repository/0
http://crls.pki.goog/gts1c3/moVDfISia2k.crlc
http://crl.pki.goog/gtsr1/gtsr1.crl
https://www.disneyplus.com/legal/your-california-privacy-rights
https://www.disneyplus.com/legal/privacy-policy
http://crl.p
http://crl.pki.goog/gtsr1/gtsr1.crlXx
https://www.tiktok.c
https://www.openssl.org/H
https://disneyplus.com/legal.
http://crl.pki.goog/gtsr1/gtsr1.crl:
http://pki.goog/repo/certs/gts1c3.dery1
http://crl.pki.goog/gtsr1/gtsr1.crlACE
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
http://crl.pki.goog/gsr1/gsr1.crle
http://help.disneyplus.com.
http://pki.goog/repo/certs/gts1c3.der0
http://crls.pki.goog/gts1c3/moVDfISia2k.crl#
http://pki.goog/gsr1/gsr1.crt
http://crl.pki.goog/gsr1/gsr1.crl0;
http://crls.pki.goog/gts1c3/moVDfISia2k.crl(
http://pki.goog/repo/certs/gts1c3.derB2
http://crls.pki.goog/gts1c3/moVDfISia2k.crl0
https://github.com/mhammond/pywin32
http://crl.pki.goog/gsr1/gsr1.crl
http://pki.goog/repo/certs/gtsr1.der81
http://pki.goog/repo/certs/gts1c3.der
http://pki.goog/repo/certs/gtsr1.derv2
http://crl.pki.goog/gtsr1/gtsr1.crlR
http://pki.goog/gsr1/gsr1.crte
http://pki.goog/repo/certs/gtsr1.der
http://crl.pki.goog/gsr1/gsr1.crldn
http://crl.pki.goog/gtsr1/gtsr1.crlT
http://www.python.org/download/releases/2.3/mro/.
http://pki.goog/repo/certs/gtsr1.der$
http://pki.goog/repo/certs/gtsr1.der04
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.pki.goog/gtsr1/gtsr1.crlb
http://crl.pki.goog/gtsr1/gtsr1.crld
http://www.iana.org/time-zones/repository/tz-link.html
https://github.com/BoboTiG/python-mss
http://www.python.org/dev/peps/pep-0205/
https://support.google.com/mail/?p=BadCredentials
http://python.org/dev/peps/pep-0263/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\_MEI24122\python38.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_ctypes.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_bz2.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\_MEI61562\_asyncio.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\VCRUNTIME140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\Include\pyconfig.h	C source, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\_MEI24122\win32gui.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\win32event.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\win32api.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\unicodedata.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\ucrtbase.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\select.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\pywintypes38.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_decimal.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\pyexpat.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\libssl-1_1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\libffi-7.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\libcrypto-1_1.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\file.exe.manifest	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\_MEI24122\base_library.zip	Zip archive data, at least v2.0 to extract	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-utility-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-time-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-stdio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-runtime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-namedpipe-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-process-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-datetime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\api-ms-win-core-console-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_win32sysloader.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_ssl.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_socket.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_queue.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_overlapped.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_multiprocessing.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_lzma.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI61562\_hashlib.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_multiprocessing.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-file-l2-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-file-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-file-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-errorhandling-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-debug-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-datetime-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-console-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_win32sysloader.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_ssl.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_socket.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_queue.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_overlapped.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-handle-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_lzma.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_hashlib.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_decimal.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_ctypes.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_bz2.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\_asyncio.pyd	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\VCRUNTIME140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\Include\pyconfig.h	C source, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\4y2igpme	ASCII text, with no line terminators	#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm	data	#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db	Extensible storage engine DataBase, version 0x620, checksum 0x0f1d7f0c, page size 16384, DirtyShutdown, Windows version 10.0	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-string-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-math-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-locale-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-filesystem-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-environment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-convert-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-crt-conio-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-util-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-timezone-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-sysinfo-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-synch-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-synch-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\Microsoft\Network\Downloader\edb.log	MPEG-4 LOAS	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-rtlsupport-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-profile-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-processthreads-l1-1-1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-processthreads-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-processenvironment-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-namedpipe-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-memory-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-localization-l1-2-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-libraryloader-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-interlocked-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\_MEI24122\api-ms-win-core-heap-l1-1-0.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#

Cab_Invoice_pdf.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Cab_Invoice_pdf.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Cab_Invoice_pdf.exe