top title background image
flash

cbH3TvDB3v.doc

Status: finished
Submission Time: 2022-06-17 08:21:12 +02:00
Malicious

Comments

Tags

  • matanbuchus
  • msi
  • signed
  • WesteastTechConsultingCorp

Details

  • Analysis ID:
    647425
  • API (Web) ID:
    1014929
  • Analysis Started:
    2022-06-17 08:37:25 +02:00
  • Analysis Finished:
    2022-06-17 08:48:21 +02:00
  • MD5:
    4d5da2273e2d7cce6ac37027afd286af
  • SHA1:
    85a659971ad5aea58ff20a078532e688f7e1659b
  • SHA256:
    5dcbffef867b44bbb828cfb4a21c9fb1fa3404b4d8b6f4e8118c62addbf859da
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 52
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
malicious
Score: 52
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

malicious
Score: 7/58

Domains

Name IP Detection
windowsupdatebg.s.llnwi.net
95.140.236.128

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\~DF9B4A5A35E9DCFF4E.TMP
data
#
C:\Users\user\Desktop\~$H3TvDB3v.doc
data
#
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
Little-endian UTF-16 Unicode text, with no line terminators
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\cbH3TvDB3v.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Jun 17 14:37:59 2022, mtime=Fri Jun 17 14:37:59 2022, atime=Fri Jun 17 14:38:10 2022, length=229376, window=hide
#
C:\Users\user\AppData\Local\Temp\~DFD769752DB3460C4F.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFCFAC4359F737332B.TMP
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template (…)
#
C:\Users\user\AppData\Local\Temp\~DFA9B3A0F712249C78.TMP
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0000.doc
data
#
C:\Users\user\AppData\Local\Temp\~DF4D47212460854302.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF2FA714AB39BD624A.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF2DA25969847DD094.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF284A8B9707C89825.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF1CADFA05493ACF52.TMP
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{86E0087D-F291-472A-A1A1-6F1E38491318}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0A41982D-0DE7-49E2-91D7-2CAB52C73798}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{EF825FBA-D225-41ED-8810-8C00E821558A}.tmp
Composite Document File V2 Document, Cannot read section info
#