DHL SHIPMENT NOTIFICATION 1146789443.exe

Status: finished

Submission Time: 2022-05-14 15:09:31 +02:00

Malicious

Phishing

Trojan

Adware

Spyware

Exploiter

Evader

AgentTesla, AveMaria, UACMe

Comments

Details

Analysis ID:
626594
API (Web) ID:
994101
Analysis Started:

2022-05-14 15:09:35 +02:00
Analysis Finished:

2022-05-14 15:24:37 +02:00
MD5:
f883d433fab3b7ae0c25625e75a03b38
SHA1:
d29ddef177a748397abef51f7ec2188fc06506d5
SHA256:
0606d4bc2c27f402be8e98ba28d3af0d35c1c85d3be43690fabe971a687af9ed
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 7/41

malicious

IPs

IP	Country	Detection
76.8.53.133	United States
51.210.156.152	France

Domains

Name	IP	Detection
exportersglobe.com	51.210.156.152
mail.exportersglobe.com	0.0.0.0
x1.i.lencr.org	0.0.0.0

URLs

Name	Detection
76.8.53.133
http://FuVaco.com
http://www.galapagosdesign.com/DPlease
Click to see the 52 hidden entries
http://www.fonts.com
http://www.sandoll.co.kr
http://www.sajatypeworks.coma
http://www.urwpp.deDPlease
http://www.zhongyicts.com.cn
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
https://api.ipify.org%
http://www.carterandcone.comN%CL.
http://www.apache.org/licenses/LICENSE-2.0
http://www.fontbureau.com
http://x1.i.lencr.org/
http://cps.letsencrypt.org0
http://www.tiro.comt
http://www.tiro.como
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
http://www.carterandcone.coml
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn
http://www.fontbureau.com/designers/frere-jones.html
http://DynDns.comDynDNSnamejidPsi/Psi
http://www.jiyu-kobo.co.jp/
http://www.fontbureau.com/designers8
https://api.ipify.org%facebooktwittergmailinstagrammovieskypepornhackwhatsappdiscordemailpassword%st
https://github.com/syohex/java-simple-mine-sweeperC:
http://r3.i.lencr.org/0
http://www.fontbureau.com/designersG
http://www.sajatypeworks.com0
http://www.sajatypeworks.com2
http://www.fontbureau.com/designers/?
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers?
http://www.tiro.com
http://www.fontbureau.com/designers
http://www.founder.c
http://www.goodfont.co.kr
https://gdvnpTNIZqNaaR.net
http://www.carterandcone.com
https://github.com/syohex/java-simple-mine-sweeper
http://127.0.0.1:HTTP/1.1
http://www.carterandcone.coml%
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://www.carterandcone.comsmJ
http://www.galapagosdesign.com/staff/dennis.htm
http://fontfabrik.com
http://www.carterandcone.comr%wL0
http://crl.veris
http://x1.c.lencr.org/0
http://x1.i.lencr.org/0
http://r3.o.lencr.org0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\INVESTORORIGIN.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\System32\drivers\etc\hosts	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\ZWLqFmhrZsaGO.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#
Click to see the 14 hidden entries
C:\Users\user\AppData\Roaming\ZWLqFmhrZsaGO.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmp8559.tmp	XML 1.0 document, ASCII text	#
C:\Users\user\AppData\Local\Temp\INVESTORORIGN.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL SHIPMENT NOTIFICATION 1146789443.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_INVESTORORIGIN.e_77f278dc5a2c1c3935eb52616b8cb594c251e8e_0e345062_1a0b7f2e\Report.wer	Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ald43iwi.q5u.ps1	very short file (no magic)	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqdexkj3.urd.psm1	very short file (no magic)	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	data	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6957.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER65CB.tmp.WERInternalMetadata.xml	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators	#
C:\Users\user\Documents\20220514\PowerShell_transcript.760639.TC5_eELU.20220514151113.txt	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5763.tmp.dmp	Mini DuMP crash report, 15 streams, Sat May 14 22:11:57 2022, 0x1205a4 type	#

DHL SHIPMENT NOTIFICATION 1146789443.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

DHL SHIPMENT NOTIFICATION 1146789443.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

DHL SHIPMENT NOTIFICATION 1146789443.exe