Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

RechnungsDetails 2022.20.05_1044.lnk

Status: finished
Submission Time: 2022-05-23 08:47:09 +02:00
Malicious
Trojan
Evader
Emotet

Comments

Tags

  • lnk

Details

  • Analysis ID:
    632057
  • API (Web) ID:
    999560
  • Analysis Started:
    2022-05-23 08:52:49 +02:00
  • Analysis Finished:
    2022-05-23 09:02:00 +02:00
  • MD5:
    235332fd9cf506fd4508ac0fb8d1b64a
  • SHA1:
    514f37f2b32eb85d18588f44670830e355c69749
  • SHA256:
    6a6547bc259080ecf6b26354da81caaa639216191f5a59d9cc088a2e9597e9c9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 5/92
Open Full Report
malicious
Score: 11/35
malicious
Score: 17/41
malicious

IPs

IP Country Detection
173.82.82.196
 United States
98.142.105.106
 United States

Domains

Name IP Detection
jsonsintl.com
 98.142.105.106
www.jsonsintl.com
 0.0.0.0

URLs

Name Detection
http://www.jsonsintl.comx
https://nakharinitwebhosting.com/HSDYKN1X5GLF/
https://173.82.82.196:8080/tem
Click to see the 34 hidden entries
http://piffl.com/piffl.com/a/
http://www.jsonsintl.com
https://173.82.82.196:8080/
http://jsonsintl.com
http://www.jsonsintl.com/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/
http://piffl.com/piffl.com/a/ity.
https://173.82.82.196:8080/s64
http://ncia.dothome.co.kr/wp-includes/lu7JbjX8XL1KaD/
https://173.82.82.196/
https://173.82.82.196/hU
http://digitalkitchen.jp/images/PVn/
http://www.jsonsintl.com/
https://www.pango.co/privacy
https://disneyplus.com/legal.
https://www.hotspotshield.com/terms/
https://www.tiktok.com/legal/report
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://nuget.org/nuget.exe
https://contoso.com/
http://cmentarz.5v.pl/themes/zalMkTb/
http://help.disneyplus.com.
https://github.com/Pester/Pester
http://crl.microsof
https://www.disneyplus.com/legal/privacy-policy
https://support.hotspotshield.com/
https://www.disneyplus.com/legal/your-california-privacy-rights
https://www.tiktok.com/legal/report/feedback
http://crl.ver)
https://contoso.com/Icon
https://contoso.com/License
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
http://pesterbdd.com/images/Pester.png
http://nuget.org/NuGet.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\ZtMIjYx\IKdzfJtQpj.BCP
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
 Extensible storage engine DataBase, version 0x620, checksum 0xcd192033, page size 16384, DirtyShutdown, Windows version 10.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wtms2noi.pps.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvcdsjdc.j3a.ps1
 very short file (no magic)
 #
C:\Users\user\Documents\20220523\PowerShell_transcript.580913.ffZmUZc7.20220523085407.txt
 UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
 #
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
 ASCII text, with no line terminators
 #
C:\Windows\System32\ZrCipB\RLcE.dll (copy)
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #