top title background image
flash

Details.lnk

Status: finished
Submission Time: 2022-05-23 09:53:07 +02:00
Malicious
Trojan
Evader
Emotet

Comments

Tags

  • lnk

Details

  • Analysis ID:
    632105
  • API (Web) ID:
    999609
  • Analysis Started:
    2022-05-23 09:53:08 +02:00
  • Analysis Finished:
    2022-05-23 10:02:51 +02:00
  • MD5:
    4915772035b89b1e023e94626dbd8da9
  • SHA1:
    8cf2652d3a1c37c488ced4f16a01a26f1e407087
  • SHA256:
    4aaa9741e3fb2a63803214bfacd8a5f6e61de3c78612666124f746cf13957912
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 11/35
malicious
Score: 17/41
malicious

IPs

IP Country Detection
173.82.82.196
United States
98.142.105.106
United States

Domains

Name IP Detection
www.jsonsintl.com
0.0.0.0
jsonsintl.com
98.142.105.106

URLs

Name Detection
https://173.82.82.196:8080/
http://piffl.com/piffl.com/a/
https://173.82.82.196/6
Click to see the 34 hidden entries
https://nakharinitwebhosting.com/HSDYKN1X5GLF/
http://www.jsonsintl.com/RxsGgoVWz9/4HFi3ZZYtnYgtELgCHnZ/
http://piffl.com/piffl.com/a/ity.
http://digitalkitchen.jp/images/PVn/
https://173.82.82.196/~
http://ncia.dothome.co.kr/wp-includes/lu7JbjX8XL1KaD/
https://contoso.com/
http://schemas.xmlsoap.org/ws/2004/09/enumeration
http://www.jsonsintl.com
https://github.com/Pester/Pester
https://nuget.org/nuget.exe
https://www.hotspotshield.com/terms/
https://www.pango.co/privacy
https://disneyplus.com/legal.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://cmentarz.5v.pl/themes/zalMkTb/
http://help.disneyplus.com.
http://www.jsonsintl.comx
https://www.disneyplus.com/legal/privacy-policy
https://support.hotspotshield.com/
https://www.disneyplus.com/legal/your-california-privacy-rights
http://jsonsintl.com
https://www.tiktok.com/legal/report/feedback
http://crl.ver)
https://contoso.com/Icon
https://contoso.com/License
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
https://go.microsoft.co
http://pesterbdd.com/images/Pester.png
http://www.jsonsintl.com/
http://schemas.mic
http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enu
http://nuget.org/NuGet.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\ZtMIjYx\IKdzfJtQpj.BCP
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\PZgVlkJBEGfsjmei\fJMgQrGs.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x44de5033, page size 16384, DirtyShutdown, Windows version 10.0
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ee31ggyj.rpi.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txiyar5n.dg2.ps1
very short file (no magic)
#
C:\Users\user\Documents\20220523\PowerShell_transcript.715575.UCoOWmwG.20220523095425.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
#