Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

DHL_AWB.docx

Status: finished
Submission Time: 2022-08-05 16:35:04 +02:00
Malicious
Trojan
Exploiter
Evader
AgentTesla

Comments

Tags

  • doc

Details

  • Analysis ID:
    679368
  • API (Web) ID:
    1046874
  • Analysis Started:
    2022-08-05 16:35:06 +02:00
  • Analysis Finished:
    2022-08-05 16:42:26 +02:00
  • MD5:
    aaea73067b34013e5c1c9715dcf715a4
  • SHA1:
    a1cf21c352a13b91a2b0ab22c4367e07151c4292
  • SHA256:
    c7351eddf1e255e0b5d5d6c7dbd054427f5fef62b7cd9d25b67166e57df21d9b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 14/62
Open Full Report
malicious
Score: 11/35
malicious
Score: 24/26
malicious

IPs

IP Country Detection
198.23.207.54
 United States

URLs

Name Detection
http://198.23.207.54/shp/doc_200.doc
http://198.23.207.54/200/vbc.exe
http://198.23.207.54/shp/
Click to see the 4 hidden entries
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://198.23.207.54/200/vbc.exehhC:
http://198.23.207.54/200/vbc.exej
https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{61C0FE69-632E-42B0-9EAB-CB8720AB2605}.tmp
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\694BA9C1.doc
 data
 #
Click to see the 22 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\doc_200[1].doc
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\vbc[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ADD09414-4C0B-48D8-B1C9-FBE697880796}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{32AF6775-ED8D-404B-A66E-CD25BD6BBD8D}.FSD
 data
 #
C:\Users\user\Desktop\~$HL_AWB.docx
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\shp on 198.23.207.54.url
 MS Windows 95 Internet shortcut text (URL=<http://198.23.207.54/shp/>), ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\doc_200.doc.url
 MS Windows 95 Internet shortcut text (URL=<http://198.23.207.54/shp/doc_200.doc>), ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\DHL_AWB.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:53 2022, mtime=Tue Mar 8 15:45:53 2022, atime=Fri Aug 5 22:36:11 2022, length=73762, window=hide
 #
C:\Users\user\AppData\Local\Temp\{4820A152-87F7-4CDD-BC04-BD9F9E14497A}
 data
 #
C:\Users\user\AppData\Local\Temp\{3AB18AF9-D831-436F-81B4-5DCFDD3A591A}
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8E9606C5-2F7B-41CF-A346-056DD4AB9308}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{88266991-B66B-4B67-A090-087BD104DE9E}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67C004A6.png
 PNG image data, 731 x 704, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4C4AC313.png
 PNG image data, 731 x 704, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\125384CE.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{F4637C4C-84C5-48D5-B5F6-DBF781800F91}.FSD
 data
 #