Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

test_exploit.docx.docx

Status: finished
Submission Time: 2022-06-18 16:59:05 +02:00
Malicious
Exploiter
Evader
Follina CVE-2022-30190

Comments

Tags

  • doc

Details

  • Analysis ID:
    648185
  • API (Web) ID:
    1015689
  • Analysis Started:
    2022-06-18 16:59:06 +02:00
  • Analysis Finished:
    2022-06-18 17:12:18 +02:00
  • MD5:
    fcb4a6f299be7168bea772af871e203e
  • SHA1:
    26428cb21220443643e53c619a98dac6d35acae6
  • SHA256:
    e907ec4b1da6b2fa4e2fcff5b80d8c004f3b8922fcf62a76988a5a16036dcf8f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 60
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Full Report Management Report IOC Report
malicious
Score: 60
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

IPs

IP Country Detection
145.14.144.66
 Netherlands
145.14.144.188
 Netherlands

Domains

Name IP Detection
us-east-1.route-1.000webhost.awex.io
 145.14.144.188
samisoooo.000webhostapp.com
 0.0.0.0

URLs

Name Detection
https://samisoooo.000webhostapp.com/e
https://www.bbc.com/news/live/world-europe-60517447

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\exp[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1B18D662.htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\83FA24C0.htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B6A2553F.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\Desktop\~$st_exploit.docx.docx
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
 Little-endian UTF-16 Unicode text, with no line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\test_exploit.docx.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Jun 18 23:00:01 2022, mtime=Sat Jun 18 23:00:01 2022, atime=Sat Jun 18 23:00:13 2022, length=13714, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\{D7DEA83B-46CD-4801-9593-7D8BD5CE2A97}
 data
 #
C:\Users\user\AppData\Local\Temp\{87A0ADDF-EA5F-47F4-8528-A6B8AB0136F3}
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3155A32-4109-4836-B85D-FBC05DE1F998}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4E26B072-EAB3-41AA-AF89-735B4390C5D9}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{71B1CDC1-773F-473E-BD67-B44520A9E1A7}.tmp
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\475C6E34.dat
 Targa image data - Map - RLE 5 x 65536 x 0 "\004"
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\exp[1].htm
 HTML document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{57B17972-0969-4493-B3CE-7A59E2F01440}.FSD
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{114CD8F4-726A-47E5-81BB-88D492C7D89F}.FSD
 data
 #