top title background image
flash

MG72133243812OR.xls

Status: finished
Submission Time: 2022-07-29 07:06:25 +02:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0, Emotet

Comments

Tags

Details

  • Analysis ID:
    675367
  • API (Web) ID:
    1042873
  • Analysis Started:
    2022-07-29 07:06:26 +02:00
  • Analysis Finished:
    2022-07-29 07:21:13 +02:00
  • MD5:
    fd2b6ece7fc7767c60008e93f179814c
  • SHA1:
    13f374087e349c54658655e65d3672c65b10c461
  • SHA256:
    f4a2380c06dcf5430f2b0ac2c321710223245b629698fb8eeda3407dca24af4f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 37/58
malicious
Score: 15/35
malicious
Score: 24/26
malicious
malicious

IPs

IP Country Detection
5.9.116.246
Germany
82.165.152.127
Germany
51.161.73.194
Canada
Click to see the 64 hidden entries
217.76.130.178
Spain
72.15.201.15
United States
153.126.146.25
Japan
135.148.6.80
United States
45.235.8.30
Brazil
188.44.20.25
Macedonia
134.122.66.193
United States
103.43.75.120
Japan
144.91.78.55
Germany
91.207.28.33
Kyrgyzstan
103.75.201.2
Thailand
160.16.142.56
Japan
201.94.166.162
Brazil
159.89.202.34
United States
186.194.240.217
Brazil
150.95.66.124
Singapore
46.55.222.11
Bulgaria
82.223.21.224
Spain
173.212.193.249
Germany
103.70.28.102
Viet Nam
149.56.131.28
Canada
139.162.113.169
Netherlands
209.97.163.214
United States
45.186.16.18
unknown
1.234.2.232
Korea Republic of
119.193.124.41
Korea Republic of
129.232.188.93
South Africa
64.227.100.222
United States
94.23.45.86
France
213.241.20.155
Poland
115.68.227.76
Korea Republic of
151.106.112.196
Germany
185.4.135.165
Greece
107.170.39.149
United States
206.189.28.199
United States
37.187.115.122
France
138.197.68.35
United States
163.44.196.120
Singapore
209.126.98.206
United States
197.242.150.244
South Africa
172.104.251.154
United States
45.118.115.99
Indonesia
207.148.79.14
United States
79.137.35.198
France
103.132.242.26
India
51.254.140.238
France
110.232.117.186
Australia
41.73.252.195
Nigeria
212.24.98.99
Lithuania
101.50.0.91
Indonesia
159.65.88.10
United States
172.105.226.75
United States
159.65.140.115
United States
158.69.222.101
Canada
196.218.30.83
Egypt
146.59.226.45
Norway
51.91.76.89
France
167.172.253.162
United States
164.68.99.3
Germany
45.176.232.124
Colombia
183.111.227.137
Korea Republic of
175.98.167.163
Taiwan; Republic of China (ROC)
118.98.72.14
Indonesia
216.219.81.50
United States

Domains

Name IP Detection
cedeco.es
217.76.130.178
komunitas.blog.gunadarma.ac.id
118.98.72.14
balticcontrolbd.com
216.219.81.50
Click to see the 4 hidden entries
careofu.com
175.98.167.163
windowsupdatebg.s.llnwi.net
178.79.225.0
www.careofu.com
0.0.0.0
fikti.bem.gunadarma.ac.id
0.0.0.0

URLs

Name Detection
https://172.105.226.75/=
https://139.162.113.169:8080/R
https://144.91.78.55/o
Click to see the 26 hidden entries
https://139.162.113.169/f
https://139.162.113.169:8080/U
http://balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/
https://172.105.226.75/A
https://135.148.6.80/
https://172.105.226.75:8080/Z
https://172.105.226.75:8080/
https://fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/
https://172.105.226.75/
https://135.148.6.80/_:
https://www.careofu.com/PHPExcel/sQ78BedribNJZbGYj/
https://139.162.113.169/ctiv
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
https://139.162.113.169/
https://138.197.68.35:8080/
https://138.197.68.35/viderU
http://crl.entrust.net/2048ca.crl0
https://139.162.113.169:8080/
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://138.197.68.35/080/Y
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://144.91.78.55/
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\BYH56Vb[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nQd2n6798wQuOjZR7TtNgQ[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\Desktop\MG72133243812OR.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: RHRSDJTJDGHT, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date (…)
#
Click to see the 12 hidden entries
C:\Users\user\hhwe3.ocx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\hhwe4.ocx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\HUWZaq\zHqsrrqpZcTdGFR.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\OajQanYCSHcPg\quNy.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61712 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Temp\AA40.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\C984.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Cab22B9.tmp
Microsoft Cabinet archive data, 61712 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\D096.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Tar22BA.tmp
data
#
C:\Users\user\AppData\Local\Temp\~DF85E1850D91DB532C.TMP
data
#