sjjh.hta

Status: finished

Submission Time: 2025-03-20 11:03:26 +01:00

Malicious

Trojan

Spyware

Exploiter

Evader

Cobalt Strike, FormBook

Comments

Details

Analysis ID:
1644079
API (Web) ID:
1644079
Analysis Started:

2025-03-20 11:03:27 +01:00
Analysis Finished:

2025-03-20 11:15:54 +01:00
MD5:
24b52ced64b9b18ebdefbb451500d64c
SHA1:
abf793679b4469a0e7c5e41327ed315302478b97
SHA256:
02a477ca33834ffa2d6e53066b98ac6f16f869c501eb8add6c51808ccf5d815b
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 11/24

malicious

IPs

IP	Country	Detection
13.248.243.5	United States
172.245.123.24	United States
162.255.118.67	United States
Click to see the 7 hidden entries
37.27.60.109	Iran (ISLAMIC Republic Of)
13.248.169.48	United States
92.204.40.98	Germany
209.74.77.230	United States
47.83.1.90	United States
208.91.197.27	Virgin Islands (BRITISH)
3.33.130.190	United States

Domains

Name	IP	Detection
shedsworld.shop	162.255.118.67
pond-magic.shop	3.33.130.190
statusq.studio	13.248.243.5
Click to see the 17 hidden entries
www.pond-magic.shop	0.0.0.0
www.agistaking.xyz	13.248.169.48
www.shedsworld.shop	0.0.0.0
www.temecula.deals	0.0.0.0
www.statusq.studio	0.0.0.0
www.leadmagnetkpis.shop	0.0.0.0
www.teschi.xyz	13.248.169.48
leadmagnetkpis.shop	37.27.60.109
www.hypereth.xyz	13.248.169.48
www.zeniow.xyz	209.74.77.230
www.needethereum.xyz	13.248.169.48
www.anartisthuman.info	208.91.197.27
www.minimalbtc.xyz	13.248.169.48
www.jplttj.info	47.83.1.90
temecula.deals	3.33.130.190
www.vaishnavi.xyz	92.204.40.98
www.multo.xyz	13.248.169.48

URLs

Name	Detection
http://www.teschi.xyz/61ci/
http://www.multo.xyz/dlol/
http://www.temecula.deals/xwqx/?sht=otmcxnJvFIgVfYDaExj72fsgzBxvuCBK0YH/99vZ/T7EZjaL7WFZt05WCoTvh/+8v51SLvod9F2a5wifQuDxDXmPBx1cjHjnyHdw4HBsLITwgHvQkMnJDORLb+iKWMSwoeaqMSs=&DH=GXELmLD830
Click to see the 57 hidden entries
http://www.minimalbtc.xyz/mtvj/
http://www.hypereth.xyz/6xo5/
http://www.shedsworld.shop/n4wf/?sht=rVCo5fXTYf5XtykzjIwaPXHBTJgcIT4zvtD+QqvRz6GEPZVd3pXymvzcnaunGoGBfELUwvvDGnhmjqKacrEZGbpgeWHAxELrtpRMOSuJE/BcwxJk2Wqik34dxzJpD4SJU0mlb64=&DH=GXELmLD830
http://172.245.123.24/90/vsse.exee
http://www.statusq.studio/tjfr/?sht=oeA4QLnOH/3WbFs+As0lLrHfo0QAD1+qvIOaenlxWlzTKKLdy4N9FqO9ICkLpn8uqiStNuNSb3U7oeFyCJ1fGYYReBi22lS8VwxqRC4D5C+G5gBBcw8auhPJQ6Lx/4zoXb2NkXw=&DH=GXELmLD830
http://www.leadmagnetkpis.shop/osf3/
http://www.hypereth.xyz/6xo5/?sht=i9xdm+ALzRl7f5f0DVMmuZlYtUvu1nrJI9ZdcFfBGFNnzYFCdNUFlM+uOZyz474awBsJacKcKaOyZI4sgzqWstdFQbxLstLgfAjZEmIMK2asbc1T11kv5ECU1wxubk95gUT6+fQ=&DH=GXELmLD830
http://www.agistaking.xyz/c8u0/
http://www.multo.xyz/dlol/?DH=GXELmLD830&sht=Vdu1QfmsuFO68GL9XI0ADH8YQzb4ru9/HVgaJhop4EyQK8uQubyUW4cBOiiKJiObJ4wKBbVY5G9jJ/R2VpbOvjj8OLgiLtN/tspKmCcPoyoCUQCCMZ6ppQUZi1BMDS7G6d+V+yQ=
http://www.leadmagnetkpis.shop/osf3/?sht=qdQBppsERjq7BhOMv9ZeI+wwS13u4NbXC4cQUFozvYIOjfFpJKWSpe0DgZI9+reaG0YY1Kc/55fF3gopW6qy3fo6RJk8cj+BOGKZH2ZWedKQWDhNF/H+z0pbK+TxAdL68HUUHuU=&DH=GXELmLD830
http://www.anartisthuman.info/q5nb/?DH=GXELmLD830&sht=cbGNT1GwMlz4ZJSwsqDu/1ORw1S0MlT/otaQaC2lDUNXgkD5XcZBKJp94L4r/sunAAfx3aeZsm6/D88jzdrZVMDyyC7RomaM2qtQ9qfcnHohjHnl6IT3GtVRSwMFLsJJSeka0PE=
http://www.pond-magic.shop/vhzb/
http://www.jplttj.info/qk2k/?DH=GXELmLD830&sht=zY4n8QAiFtM8TD8bfUkipNK/VFS3sjgA24wL1FxNqii4aPOxIUlgh0bkY4109PjUwHAiRcSBahvbei9zCgo+Hdn1PRWFIWj2OSQuQfG+549xa91T8hEhWmJ7KwIWHMNziGcxhEQ=
http://www.agistaking.xyz/c8u0/?sht=FMJVgFO6r2fqsFEm0j1rtldefhT15/tuwnCszuFGPNY4Pf96ze7C0LpVaGXgsqc5GUWtyfXO8eoeNGfDqQZmx3UM0OkPjNim8a1VYAek3DMs5Ubl7Xf8pphM1ER8xIMu+KQtDec=&DH=GXELmLD830
http://www.minimalbtc.xyz/mtvj/?sht=tu3KCU12euk3jntJkeXi9h/nPksXdtf9dMqnbhdhpzwTmQJtahFuTjZWW0ZiDwPS2UOKmgPWbSHzrHdc9Mrf7aJG3vyNBVAM+hE7Iz5ZKYXVRK3r1+HOotmUcXJTtU2yXW9nYXw=&DH=GXELmLD830
http://www.shedsworld.shop/n4wf/
http://www.needethereum.xyz/7t1k/
http://www.zeniow.xyz/ia4f/
http://www.vaishnavi.xyz/fepe/
http://www.needethereum.xyz/7t1k/?DH=GXELmLD830&sht=FU89ini0gnpj8wdqAhM8o3gy9BaGc+QnDWusiqXcZKGzkaK/1F4vvL3EfhyLSPgSo+LbaTvmAGQC6/BbkgpRbYpFwhz+2toVx9Yhp76LgY/urD/deRpviW4AHEASd238Vjbfb/0=
http://www.vaishnavi.xyz/fepe/?sht=jiDu0CXVCwpoArsbnTBiSc5Vp6dC42VrzDT1KVnw4j8dDuCAxj6eals1FrYUwp3xSMa6xfrVZjPXN8LVbxOcBzQmdMk1qEEv1A1nl3t7/rq4ApxaObxjuF0m2w9pWr91Gdw2Y84=&DH=GXELmLD830
http://www.jplttj.info/qk2k/
http://www.anartisthuman.info/q5nb/
http://172.245.123.24/90/vsse.exe
http://www.statusq.studio/tjfr/
http://www.pond-magic.shop/vhzb/?sht=utPv65Al4AswLtqjZxeNf4qM07v8dOVJesMXOpbeQKe44HKKs52W877CGyD4DHSN7+a2Yf/CJoqiZidKfHg2hiYpF+Jd6O8igaguC+SrQcHZD1C8iTTJhbN3HtFN8P3EorXmAwk=&DH=GXELmLD830
https://duckduckgo.com/ac/?q=
http://172.245.123.24/90/vsse.ex
http://schemas.xmlsoap.org/wsdl/
https://dts.gnpge.com
https://customerservice.web.com/prweb/PRAuth/app/WebKM_/JfLhd8LVz0a16-h3GqsHOCqqFky5N_vd
https://contoso.com/License
http://wwcrosoft.com/pkiops/certs/Mic
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
https://www.ecosia.org/newtab/v20
https://gemini.google.com/app?q=
https://assets.web.com/legal/English/MSA/v1.0.0.3/ServicesAgreement.pdf
https://www.networksolutions.com/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://nuget.org/nuget.exe
http://nuget.org/NuGet.exe
https://aka.ms/winsvr-2022-pshelp
https://contoso.com/
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/soap/encoding/
http://www.apache.org/licenses/LICENSE-2.0.html
http://www.leadmagnetkpis.shop
https://browsehappy.com/
https://duckduckgo.com/chrome_newtabv20-
https://contoso.com/Icon
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://ac.ecosia.org?q=
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://aka.ms/pscore6lB
https://github.com/Pester/Pester

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vsse[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\bp0cs3mn\bp0cs3mn.cmdline	Unicode text, UTF-8 (with BOM) text, with very long lines (372), with no line terminators	#
C:\Users\user\AppData\Local\Temp\bp0cs3mn\bp0cs3mn.dll	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\vsse.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#

Deep Malware Analysis

sjjh.hta

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Deep Malware Analysis

sjjh.hta Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

sjjh.hta