Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

vbc.exe

Status: finished
Submission Time: 2021-11-09 12:54:13 +01:00
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • Xloader

Details

  • Analysis ID:
    518412
  • API (Web) ID:
    885941
  • Analysis Started:
    2021-11-09 12:55:04 +01:00
  • Analysis Finished:
    2021-11-09 13:06:50 +01:00
  • MD5:
    c4a1bdd685e346b7604f93357a922875
  • SHA1:
    6b8fccadcf1977f5850faa1c47617343fafc0ff4
  • SHA256:
    728b23f75c1140a1763dd7c75083f2ae57afeb6ffa3d7b33a9ba1b4904c4566d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
clean
0/100

Third Party Analysis Engines

malicious

IPs

IP Country Detection
104.21.4.114
 United States
118.27.122.222
 Japan
172.67.188.247
 United States
Click to see the 3 hidden entries
101.132.116.91
 China
44.227.65.245
 United States
34.102.136.180
 United States

Domains

Name IP Detection
www.mmj0115.xyz
 101.132.116.91
www.mattlambert.xyz
 0.0.0.0
www.annikadaniel.love
 0.0.0.0
Click to see the 14 hidden entries
www.joy1263.com
 0.0.0.0
www.leewaysvcs.com
 0.0.0.0
www.yungbredda.com
 0.0.0.0
www.joye.club
 0.0.0.0
www.watermountsteam.top
 0.0.0.0
www.septemberstockevent200.com
 172.67.188.247
www.sharpstead.com
 44.227.65.245
www.maikoufarm.com
 118.27.122.222
www.miabellavita.com
 104.21.4.114
ghs.googlehosted.com
 142.250.203.115
yungbredda.com
 34.102.136.180
joye.club
 34.102.136.180
z010-gp-hk-06-75-adfh31.greycdn.net
 103.118.81.108
mattlambert.xyz
 34.102.136.180

URLs

Name Detection
www.septemberstockevent200.com/ht08/
http://www.septemberstockevent200.com/ht08/?iJB=YVcVQnADBOxtkizi8PwpXZC8MGRy3pUK9Tt3i8wwHZUtpCp/3ZP4J1retOso95pi3Qz1GtS4tg==&IfNL=N8ph5BwH
http://www.maikoufarm.com/ht08/?iJB=Nn3GQotxroHeSkioJYlyOg7hZYbVcqG0YP1z9npFKY7KnSOBRhEQe9R9FJ0MVZ+9dT/G4+QqxQ==&IfNL=N8ph5BwH
Click to see the 7 hidden entries
http://www.miabellavita.com/ht08/?iJB=7p5yDMcVtDK+2VMLZex1Kw5DaL8n+amtJoDm972Jkr9Bm6oPOM+PHzWXusl+HrepqAW+ZRiK3Q==&IfNL=N8ph5BwH
http://www.sharpstead.com/ht08/?iJB=mF30mN7A1kBKKp3mrHfcBE8aj8d3j5TIPkteVwKSLkWL0x2hCorpOf84nkcbs5VIH8t4m4OlHQ==&IfNL=N8ph5BwH
http://www.mmj0115.xyz/ht08/?iJB=wOE3x7GIWdnAHRhnI1Z2es1853h2m7xTnUUyaHf9EMpp2ij5NZFAPBiYMZ80Da0iVaPeuYXsZg==&IfNL=N8ph5BwH
http://www.autoitscript.com/autoit3/J
http://www.joye.club/ht08/?iJB=fVUe8feYpN4PFMr+KvtZZrG4xoghHK64bhP/N9fXdzCzpP/t7mUgEUqRnlKHZLETABk8BcDy+g==&IfNL=N8ph5BwH
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.mattlambert.xyz/ht08/?iJB=tWyE4dKPScuS56voJaD4LHzf4KVLRr2HjGj+V9mFA/0BkTQ5rlgiVQpU1IInoYX1Wdu+PEboiA==&IfNL=N8ph5BwH

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\tmpAA68.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\uZlkYhlkeLeaKC.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #