CSRF protection violation occurred, your changes were not processed!

hJABTqngKoJnTgLh.ps1

Status: finished

Submission Time: 2024-10-04 13:19:10 +02:00

Malicious

Evader

Comments

Details

Analysis ID:
1525631
API (Web) ID:
1525631
Analysis Started:

2024-10-04 13:22:37 +02:00
Analysis Finished:

2024-10-04 13:31:21 +02:00
MD5:
e22ccd02b3d79d93bf565bb497c38af7
SHA1:
d9b89235f5fc8c55a632ffe816e32da327f6b89c
SHA256:
41be156c27dad780dd96493319dbd89228616573ec7d731ca2e642ee0e554af3
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 10/38

IPs

IP	Country	Detection
13.224.189.52	United States
172.64.151.101	United States
185.64.191.210	United Kingdom
Click to see the 81 hidden entries
18.172.103.101	United States
35.171.197.82	United States
142.250.186.102	United States
52.223.40.198	United States
157.240.253.35	United States
54.76.166.236	United States
99.81.250.169	United States
3.121.27.153	United States
52.3.55.35	United States
104.18.36.155	United States
34.246.204.82	United States
138.124.184.250	Norway
185.89.210.244	Germany
34.96.71.22	United States
3.209.57.129	United States
162.159.140.229	United States
142.250.184.196	United States
35.171.198.4	United States
18.245.46.22	United States
35.244.142.80	United States
34.98.64.218	United States
142.250.185.130	United States
13.33.187.32	United States
157.240.251.9	United States
142.250.185.132	United States
34.193.113.164	United States
104.244.42.67	United States
18.245.86.73	United States
107.178.240.89	United States
34.117.77.79	United States
142.250.74.198	United States
18.245.46.25	United States
150.171.28.10	United States
172.217.23.98	United States
54.209.96.79	United States
35.244.159.8	United States
34.249.54.121	United States
63.140.62.27	United States
13.107.246.60	United States
52.87.58.183	United States
54.72.22.163	United States
18.245.86.14	United States
216.58.212.162	United States
35.244.174.68	United States
67.202.105.22	United States
142.250.185.194	United States
13.224.189.92	United States
239.255.255.250	Reserved
13.35.58.58	United States
172.217.18.6	United States
142.250.186.130	United States
157.240.0.35	United States
99.80.175.1	United States
35.71.131.137	United States
157.240.252.13	United States
198.47.127.205	United States
66.235.152.225	United States
50.16.7.188	United States
13.107.246.45	United States
192.28.144.124	United States
172.66.0.227	United States
18.66.122.57	United States
18.173.205.127	United States
63.140.62.222	United States
13.32.121.44	United States
18.172.112.11	United States
54.147.21.139	United States
13.33.187.58	United States
18.66.102.127	United States
146.75.52.157	Sweden
52.58.104.46	United States
18.66.102.98	United States
3.94.218.138	United States
142.250.181.226	United States
150.171.27.10	United States
35.186.224.24	United States
104.244.42.195	United States
185.89.210.46	Germany
18.66.122.74	United States
18.173.205.104	United States
142.250.185.164	United States

Domains

Name	IP	Detection
script.crazyegg.com	0.0.0.0
www.concur.ca	0.0.0.0
munchkin.marketo.net	0.0.0.0
Click to see the 97 hidden entries
px.ads.linkedin.com	0.0.0.0
connect.facebook.net	0.0.0.0
pixel.rubiconproject.com	0.0.0.0
s.company-target.com	0.0.0.0
js.adsrvr.org	0.0.0.0
conversation.api.drift.com	0.0.0.0
c.clarity.ms	0.0.0.0
pixels.spotify.com	0.0.0.0
bootstrap.driftapi.com	0.0.0.0
js.driftt.com	0.0.0.0
concur.demdex.net	0.0.0.0
pixel.everesttech.net	0.0.0.0
cm.everesttech.net	0.0.0.0
siteintercept.qualtrics.com	0.0.0.0
t.clarity.ms	0.0.0.0
metrics.api.drift.com	0.0.0.0
9504840.fls.doubleclick.net	0.0.0.0
static.ads-twitter.com	0.0.0.0
aorta.clickagy.com	52.3.55.35
scripts.demandbase.com	18.245.46.22
ib.anycast.adnxs.com	185.89.210.244
api.company-target.com	18.66.102.98
aa.agkn.com	0.0.0.0
c.go-mpulse.net	0.0.0.0
1524058-8.chat.api.drift.com	0.0.0.0
sync.search.spotxchange.com	0.0.0.0
ib.adnxs.com	0.0.0.0
snap.licdn.com	0.0.0.0
analytics.twitter.com	0.0.0.0
targeting.api.drift.com	0.0.0.0
www.linkedin.com	0.0.0.0
www.clarity.ms	0.0.0.0
log.api.drift.com	0.0.0.0
www.facebook.com	0.0.0.0
zn4jwrp4ueb3vn6f8-sapinsights.siteintercept.qualtrics.com	0.0.0.0
pug-ams-bc.pubmnet.com	198.47.127.205
dpm.demdex.net	0.0.0.0
customer.api.drift.com	0.0.0.0
zn5i4efhc5klaftno-sapinsights.siteintercept.qualtrics.com	0.0.0.0
image2.pubmatic.com	0.0.0.0
assets.concur.com	0.0.0.0
s.go-mpulse.net	0.0.0.0
www.concur.com	0.0.0.0
sync-tm.everesttech.net	0.0.0.0
cdn.schemaapp.com	0.0.0.0
tags.tiqcdn.com	0.0.0.0
partners.tremorhub.com	0.0.0.0
us-u.openx.net	34.98.64.218
tracking.crazyegg.com	34.249.54.121
dzfq4ouujrxm8.cloudfront.net	13.33.187.58
partners-alb-1113315349.us-east-1.elb.amazonaws.com	3.209.57.129
ml314.com	34.117.77.79
td.doubleclick.net	142.250.186.130
assets-tracking.crazyegg.com	18.66.122.57
googleads.g.doubleclick.net	142.250.185.130
consent.trustarc.com	13.224.189.52
cdn1701.com	138.124.184.250
pug-lhr-bc.pubmnet.com	185.64.191.210
ActivationEdge-activation-1631408035.eu-central-1.elb.amazonaws.com	52.58.104.46
s.twitter.com	104.244.42.67
s-part-0032.t-0009.t-msedge.net	13.107.246.60
star-mini.c10r.facebook.com	157.240.253.35
match.adsrvr.org	35.71.131.137
concurtechnologies.sc.omtrdc.net	63.140.62.27
id.rlcdn.com	35.244.174.68
www.google.com	142.250.185.132
cm.g.doubleclick.net	216.58.212.162
sync.crwdcntrl.net	54.76.166.236
t.co	162.159.140.229
platform.twitter.map.fastly.net	146.75.52.157
s.dsp-prod.demandbase.com	34.96.71.22
ee15ba61-wschat-wschatalb-6fcf-2062696737.us-east-1.elb.amazonaws.com	35.171.197.82
cdn.pdst.fm	35.244.142.80
d1nie5ipy0d64w.cloudfront.net	18.172.112.11
dsum-sec.casalemedia.com	104.18.36.155
d3nidttaq34fka.cloudfront.net	13.32.121.44
ax-0001.ax-msedge.net	150.171.28.10
dp2.33across.com	67.202.105.22
pubads.g.doubleclick.net	172.217.23.98
s-part-0017.t-0009.t-msedge.net	13.107.246.45
fei.pro-market.net	107.178.240.89
ad.doubleclick.net	142.250.74.198
tag-logger.demandbase.com	18.173.205.127
edge-web.dual-gslb.spotify.com	35.186.224.24
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	54.72.22.163
013-gax-394.mktoresp.com	192.28.144.124
scontent.xx.fbcdn.net	157.240.251.9
idsync.rlcdn.com	35.244.174.68
insight.adsrvr.org	52.223.40.198
pagestates-tracking.crazyegg.com	13.35.58.58
ps.eyeota.net	3.121.27.153
adobetarget.data.adobedc.net	66.235.152.225
dl7g9llrghqi1.cloudfront.net	18.245.86.14
dg2iu7dxxehbo.cloudfront.net	18.172.103.101
adservice.google.com	142.250.185.66
afe79c04fd8464db69f453355c110684-6aa967fe209738b1.elb.us-east-1.amazonaws.com	50.16.7.188
dart.l.doubleclick.net	172.217.18.6

URLs

Name	Detection
https://www.concur.nl
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=00e808f2-fa03-4d6d-a285-8adcbf3790ce&gd
Click to see the 97 hidden entries
https://developers.marketo.com/MunchkinLicense.pdf
https://jquery.com/
https://html.spec.whatwg.org/multipage/syntax.html#elements-2
https://js.driftt.com/include/
https://www.concur.com/sites/default/files/homepage-stairstep.png);
https://connect.facebook.net/
https://www.concur.no
https://scripts.demandbase.com/4d7mpJHG.min.js
https://www.concursolutions.com/
https://js.driftt.com/core?d=1&embedId=7xzz4mtpike9&eId=7xzz4mtpike9&region=US&forceShow=false&skipCampaigns=false&sessionId=2a914e73-b632-4fe7-ab45-bc30597104e2&sessionStarted=1728041052.906&campaignRefreshToken=dbcaf836-216c-40c3-86ef-7955a54a001c&hideController=false&pageLoadStartTime=1728041021206&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.concur.com%2F
https://www.google.com/pagead/1p-user-list/1012864666?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.02206810470262366&is_vtc=1&cid=CAQSKQDpaXnfktiKgKoP0tbLmCmRbCwyPJGPsfPCsfVrnX3Oh0xKpKFXX41s&random=1881997104
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=Zv_QTsiE-JS4QP2xxsNoHzCt
https://github.com/Pester/Pester
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.1036.js?utv=ut4.39.202007161705
https://www.google.com/pagead/1p-user-list/1037794718?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.33653025735671305&is_vtc=1&cid=CAQSKQDpaXnf9JvtNTx4TiLf1pwg87geDzseERENiXax8jq3vsQD8p3Cwa1a&random=2173856161
https://consent.trustarc.com/get?name=Proxima_Nova_Semibold.otf)
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/709441075?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.7024713076607316
http://crl.ver)
https://ib.adnxs.com/setuid?entity=158&code=Zv-QSwAAAEm88gOV
https://www.youtube.com/user/ConcurTechnologies
https://github.com/jquery/jquery/blob/1.5/jquery.js#L4957
https://github.com/jquery/jquery/blob/1.5/jquery.js#L4958
https://www.concur.com/china-business-travel
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1012864666?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.02206810470262366
https://log.api.drift.com/log
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/711052864?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.06279133808885229
https://www.concur.dk
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=45f5382f9eb49c6d9d448657b80b5186
https://consent-pref.trustarc.com?type=concur_v2
https://unifiedid.com/docs/sdks/client-side-identity#event-types-and-payload-details
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=00e808f2-fa03-4d6d-a285-8adcbf3790ce&google_gid=CAESEE4wMVpA5mRvqyzcgR4FZvY&google_cver=1
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.1288.js?utv=ut4.39.202401172153
https://github.com/jquery/jquery/blob/3.0.0/dist/jquery.js#L4584
https://9504840.fls.doubleclick.net/activityi;dc_pre=CJL_7cPO9IgDFUyggwcd_C804g;src=9504840;type=pagev0;cat=homep0;ord=1983476916006.7078?
https://www.concur.com/sites/default/files/invoice-pictogram.png
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Zv-QSwAAAEm88gOV
https://www.google.com/pagead/1p-user-list/709440772?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.3971641585700403&is_vtc=1&cid=CAQSKQDpaXnfyUmX2YPQwdQtJCAajnIYjJI8JO2U04Iy4oAJxYqNdEARJJQG&random=2393215616
https://www.concur.com/sites/default/files/salesforce_logo.png
https://sizzlejs.com/
https://consent.trustarc.com/log
https://www.clarity.ms/s/0.7.47/clarity.js
https://www.concur.com
https://community.concur.com
https://www.concur.com/sites/default/files/js/js_r9-AARDvulegGsTKa_GTOZ6teZkjKuA6pg6Ni9JlokI.js
https://js.driftt.com/core/assets/css/1.fdc718c4.chunk.css
https://customer.api.drift.com
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://pagestates-tracking.crazyegg.com/healthcheck
https://www.concur.pe
https://www.concur.com/
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=www.concur.com&ttd_tpi=1
https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/938446152?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.5518949398333479
https://metrics.api.drift.com
http://www.opensource.org/licenses/mit-license.php
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=08027993158075874523067905639209986851?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://www.concur.com.hk
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.1239.js?utv=ut4.39.202209271833
https://github.com/jquery/jquery/blob/1.5/jquery.js#L5147
https://cdn1701.com/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4
https://www.linkedin.com/company/sapconcur/
https://open.concur.com
https://www.concur.com/en-us/travel-booking
http://prismstandard.org/namespaces/prismusagerights/2.1/
https://js.driftt.com/core/assets/css/28.812d5a7c.chunk.css
https://dp2.33across.com/ps/?pid=897&random=1947918317
https://www.youtube.com/embed/
https://s2.go-mpulse.net/boomerang/
https://www.google.com/pagead/1p-user-list/709441075?userId=8e8829e3496150f11a0878c4bc2317a8a094afc08d973c16d39f7984003adb07&guid=ON&script=0&rand=0.7024713076607316&is_vtc=1&cid=CAQSKQDpaXnf7Rj4PjxxMFkr-Qxtfc1qUheXsuHIzyRq4CLYRZp7ukDepuYG&random=1335281055
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.210.js?utv=ut4.39.201805151414
https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=08027993158075874523067905639209986851
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.1007.js?utv=ut4.39.202405201524
https://js.driftt.com/core/assets/js/1.50f0b6c5.chunk.js
https://siteintercept.qualtrics.com
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid
https://contoso.com/Icon
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Zv-QSwAAAEm88gOV&t=2592000&o=0
https://consent.trustarc.com/bannermsg?action=views&domain=concur.com&behavior=implied&country=us&language=en&rand=0.19163209656127367&session=beb0c983-6327-4187-b6ba-a4111b43798c&userType=NEW&referer=https://www.concur.com
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.303.js?utv=ut4.39.202103101828
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/jquery/jquery/blob/1.5/jquery.js#L5493
http://pesterbdd.com/images/Pester.png
https://js.driftt.com/core/assets/js/25.e0454b9f.chunk.js
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDgwMjc5OTMxNTgwNzU4NzQ1MjMwNjc5MDU2MzkyMDk5ODY4NTE=
https://bootstrap.driftapi.com/widget_bootstrap
https://github.com/cure53/DOMPurify/blob/2.0.11/dist/purify.js#L128
https://pixel.rubiconproject.com/tap.php?nid=5578&put=921d8c3a-17bf-4767-a3c8-4224c77caf24&v
https://github.com/microsoft/clarity
https://js.driftt.com/core/assets/css/39.eeb001f3.chunk.css
https://github.com/jquery/jquery/blob/1.5/jquery.js#L4960
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://js.driftt.com/core/assets/css/27.b5e8f5e1.chunk.css
https://tags.tiqcdn.com/utag/concur/concur/prod/utag.1143.js?utv=ut4.39.202104161600
https://js.adsrvr.org/up_loader.1.1.0.js
https://www.concur.com/index.html
https://www.concur.com/en-us/invoice-integration
https://nuget.org/nuget.exe

Dropped files

No malicious files found. See full and IOC report for all dropped files.

Deep Malware Analysis

hJABTqngKoJnTgLh.ps1

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

hJABTqngKoJnTgLh.ps1 Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

hJABTqngKoJnTgLh.ps1