Register Login

sloganpng

top title background image

Wire-84844663637346665.PDF.vbs

Status: finished

Submission Time: 2022-01-21 17:12:41 +01:00

Malicious

Trojan

Spyware

Evader

FormBook GuLoader

Comments

Tags

Details

Analysis ID:
557834
API (Web) ID:
925353
Analysis Started:

2022-01-21 17:19:23 +01:00
Analysis Finished:

2022-01-21 17:33:56 +01:00
MD5:
2eb1625e8d4e3f9b19ab947d188d0be8
SHA1:
7aad4e8d8f521d1c36a7468418047c8a5751b7e9
SHA256:
354529cf4cd5498c64a0c69c6dd9eb8962250542eea7f89a76faf64f5086da35
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 5/43

IPs

IP	Country	Detection
133.242.141.149	Japan

Domains

Name	IP	Detection
research.the-miyanichi.co.jp	133.242.141.149
canonicalizer.ucsuri.tcs	0.0.0.0

URLs

Name	Detection
www.recountsol.xyz/ty13/
https://research.the-miyanichi.co.jp/wp-^
https://research.the-miyanichi.co.jp/
Click to see the 15 hidden entries
https://contoso.com/License
https://research.the-miyanichi.co.jp/wp-content/uploads/bin_GuOImF134.bin
https://github.com/Pester/Pester
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://research.the-miyanichi.co.jp/P
https://contoso.com/Icon
https://research.the-miyanichi.co.jp/wp-content/uploads/bin_GuOImF134.bin5
https://nuget.org/nuget.exe
https://contoso.com/
http://www.apache.org/licenses/LICENSE-2.0.html
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e006e0061007600
http://pesterbdd.com/images/Pester.png
https://research.the-miyanichi.co.jp/wp-content/uploads/bin_GuOImF134.binT
http://nuget.org/NuGet.exe
http://www.autoitscript.com/autoit3/J

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Roaming\N6AQ8R9T\N6Alogri.ini	data	#
C:\Users\user\AppData\Roaming\N6AQ8R9T\N6Alogrv.ini	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	data	#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Temp\DB1	SQLite 3.x database, last written using SQLite version 3032001	#
C:\Users\user\AppData\Local\Temp\RES843C.tmp	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j3s1041w.3ng.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twf0pup4.skl.psm1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\lmt3yvf4\CSC3B7445246D634A3891EBDF5913136B1.TMP	MSVC .res	#
C:\Users\user\AppData\Local\Temp\lmt3yvf4\lmt3yvf4.0.cs	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\lmt3yvf4\lmt3yvf4.cmdline	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\lmt3yvf4\lmt3yvf4.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\lmt3yvf4\lmt3yvf4.out	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators	#
C:\Users\user\AppData\Local\Temp\myste.dat	data	#
C:\Users\user\AppData\Roaming\N6AQ8R9T\N6Alogim.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3	#
C:\Users\user\AppData\Roaming\N6AQ8R9T\N6Alogrg.ini	data	#
C:\Users\user\Documents\20220121\PowerShell_transcript.980108.L7PrKMB+.20220121172145.txt	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#