Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Remittance Information (MT-103).vbs

Status: finished
Submission Time: 2022-01-24 15:40:26 +01:00
Malicious
Trojan
Spyware
Evader
FormBook GuLoader

Comments

Tags

  • vbs

Details

  • Analysis ID:
    558870
  • API (Web) ID:
    926391
  • Analysis Started:
    2022-01-24 15:44:07 +01:00
  • Analysis Finished:
    2022-01-24 15:59:24 +01:00
  • MD5:
    d693624e3d9614a0dc9cf5a5cd1bb8ef
  • SHA1:
    9c50c26e8b2f9c9acfa3192385df88d3144f351c
  • SHA256:
    dcc73a1351b6b79d48f7b42a96edfb142ffe46f896e1ab9f412a615b1edd7c9b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
108.175.14.116
 United States
151.106.117.33
 Germany

Domains

Name IP Detection
www.dentalbatonrouge.com
 108.175.14.116
bulkwhatsappsender.in
 151.106.117.33
www.bulkwhatsappsender.in
 0.0.0.0
Click to see the 1 hidden entries
www.yzicpa.com
 0.0.0.0

URLs

Name Detection
http://www.dentalbatonrouge.com/k6sm/?d48pAVX=VId1XGgV51+banGxzL0dUPYEUmU95ttpJOMZNiN8gg3/S9FPXBDAGWpY0ehao+dqxo0M4PI93Q==&8pnDfl=Lb3tdB30pX2
1,0,350726710,000000A51B2F5000,00000104,00000010,00020000,00000000,1,0
https://www.bulkwhatsappsender.in/bin_FlDFmmV154.bin
Click to see the 32 hidden entries
http://www.dentalbatonrouge.com/k6sm/
www.usyeslogistics.com/k6sm/
https://www.bulkwhatsappsender.in/bin_FlDFmmV154.bin1
http://www.msn.com/de-ch/?ocid=iehpMicrosoftEdge_DNTExceptionLMEM8P
https://madecosmetics.store/bin_FlDFmmV154.bin
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=30055406629
https://www.google.com/chrome/https://www.google.com/chrome/thank-you.htmlabout:blankhttps://adservi
https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0o
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://contextual.media.net/medianet.phpcid=8CU157172&crid=722878611&size=306x271&https=1
https://contoso.com/
https://nuget.org/nuget.exe
http://www.msn.com/de-ch/ocid=iehpD
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gt
http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/?ocid=iehp
https://www.google.com/chrome/
http://www.autoitscript.com/autoit3/J
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=7859736
https://github.com/Pester/Pester
https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
http://www.msn.com/ocid=iehp
https://www.dentalbatonrouge.com/k6sm/?d48pAVX=VId1XGgV51
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=9774759596232;g
https://contoso.com/Icon
https://contoso.com/License
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png
https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=3005540662929;gtm=
https://contextual.media.net/medianet.phpcid=8CU157172&crid=858412214&size=306x271&https=1
https://www.bulkwhatsappsender.in/bin_FlDFmmV154.binhttps://madecosmetics.store/bin_FlDFmmV154.bin
http://nuget.org/NuGet.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\K-NBS4VB\K-Nlogri.ini
 data
 #
C:\Users\user\AppData\Roaming\K-NBS4VB\K-Nlogrv.ini
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
 data
 #
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Temp\5wwhq3bl\5wwhq3bl.0.cs
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\5wwhq3bl\5wwhq3bl.cmdline
 UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\5wwhq3bl\5wwhq3bl.dll
 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\5wwhq3bl\5wwhq3bl.out
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
 #
C:\Users\user\AppData\Local\Temp\5wwhq3bl\CSCEED551C9B69E4D3BACB27851B833AAE.TMP
 MSVC .res
 #
C:\Users\user\AppData\Local\Temp\Champag6.dat
 data
 #
C:\Users\user\AppData\Local\Temp\DB1
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Temp\RES4377.tmp
 Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4jebmlly.2vw.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jcpbiel0.fg2.ps1
 very short file (no magic)
 #
C:\Users\user\AppData\Roaming\K-NBS4VB\K-Nlogim.jpeg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
 #
C:\Users\user\AppData\Roaming\K-NBS4VB\K-Nlogrg.ini
 data
 #
C:\Users\user\Documents\20220124\PowerShell_transcript.284992.XtWh3q5P.20220124154518.txt
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
 #