Order Inquiry.vbs

Status: finished

Submission Time: 2024-06-14 15:02:09 +02:00

Malicious

Spreader

Trojan

Spyware

Exploiter

Evader

PXRECVOWEIWOEI Stealer

Comments

Details

Analysis ID:
1457271
API (Web) ID:
1457271
Analysis Started:

2024-06-14 15:14:01 +02:00
Analysis Finished:

2024-06-14 15:22:14 +02:00
MD5:
443f85c9a27129786164968923b47193
SHA1:
a45f63374b28561a0152e261bd57e5a2bb9c54f9
SHA256:
f3ff35c81d1f64fe7a0f1fb55e1c732d091b8faedc4fcd35eef9d0afe5455a63
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/95

malicious

IPs

IP	Country	Detection
208.95.112.1	United States
188.114.97.3	European Union
188.114.96.3	European Union
Click to see the 2 hidden entries
104.16.185.241	United States
93.123.39.71	Bulgaria

Domains

Name	IP	Detection
paste.ee	188.114.97.3
ip-api.com	208.95.112.1
uploaddeimagens.com.br	188.114.97.3
Click to see the 3 hidden entries
75.103.13.0.in-addr.arpa	0.0.0.0
whatismyipaddressnow.co	188.114.96.3
icanhazip.com	104.16.185.241

URLs

Name	Detection
https://whatismyipaddressnow.co
https://uploaddeimagens.com.br
https://whatismyipaddressnow.co/API/FETCH/getcountry.php
Click to see the 54 hidden entries
https://uploaddeimagens.com.br/images/004/798/013/original/new_image.jpg?1718284138
https://whatismyipaddressnow.co/API/FETCH/filter.php?countryid=14&token=vKEV5IjRm7wh
https://paste.ee/d/3dasY
http://whatismyipaddressnow.co
https://ac.ecosia.org/autocomplete?q=
https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
https://www.google.com;
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://www.office.com/Office
http://crl.rootca1.amazontrust.com/rootca1.crl0
https://chrome.google.com/webstore?hT
http://ocsp.rootca1.amazontrust.com0:
https://www.ecosia.org/newtab/
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
https://github.com/Pester/Pester
https://www.office.com/LR
https://paste.ee/_
https://paste.ee/d/3dasY$
http://ip-api.com/line/?fields=hosting
https://themes.googleusercontent.com
https://paste.ee/d/3dasYz
https://paste.ee/H
http://crt.rootca1.amazontrust.com/rootca1.cer0?
https://analytics.paste.ee;
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://aka.ms/pscore68
https://support.mozilla.org
http://93.123.39.71/sword.txt
https://duckduckgo.com/ac/?q=
https://go.microsoft.co
https://analytics.paste.ee
https://aka.ms/pscore6
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://icanhazip.com/
https://chrome.google.com/webstore?hl=en
https://chrome.google.com/webstore?hl=enWeb
https://www.google.com
https://www.oracle.com/technetwork/java/javase/downloads
http://x1.c.lencr.org/0
http://x1.i.lencr.org/0
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
http://www.apache.org/licenses/LICENSE-2.0.html
http://ip-api.com
https://paste.ee/d/3dasY0
https://cdnjs.cloudflare.com
http://icanhazip.com
https://cdnjs.cloudflare.com;
https://paste.ee/d/3dasY4
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://secure.gravatar.com
https://www.office.com/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://pesterbdd.com/images/Pester.png
https://duckduckgo.com/chrome_newtab

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\tmp448A.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmpF3A4.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Local\Temp\tmpE8C2.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1	#
Click to see the 22 hidden entries
C:\Users\user\AppData\Local\Temp\tmpDB30.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\tmpCE79.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\tmpC173.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Local\Temp\tmpC105.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Local\Temp\tmpB97.tmp.dat	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\tmpA565.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\tmp77A1.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\tmp7752.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\tmp6720.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\tmp5604.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AddInProcess32.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp31D7.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4	#
C:\Users\user\AppData\Local\Temp\tmp3198.tmp.dat	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\Users\user\AppData\Local\Temp\tmp1F34.tmp.dat	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uu4ycpno.as2.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_syl04dt5.dtd.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_naao5b22.0uk.psm1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2h5ze3qi.xk1.ps1	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Temp\24a4ohrz.default-release\key4.db	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2	#
C:\Users\user\AppData\Local\Temp\24a4ohrz.default-release\cert9.db	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7	#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\3dasY[1].txt	ASCII text, with very long lines (11457), with CRLF line terminators	#

Order Inquiry.vbs

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Order Inquiry.vbs Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Order Inquiry.vbs