Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

courtesyautomotivedoc08.11.doc

Status: finished
Submission Time: 2022-08-11 17:21:13 +02:00
Malicious
Trojan
Exploiter
Evader
IcedID

Comments

Tags

  • doc
  • IcedID

Details

  • Analysis ID:
    682567
  • API (Web) ID:
    1050042
  • Analysis Started:
    2022-08-11 17:37:25 +02:00
  • Analysis Finished:
    2022-08-11 17:44:08 +02:00
  • MD5:
    00e8f42e0462d4abf8a6bb6960abe5b5
  • SHA1:
    0235d1eb73c161a7fcc944d99730d8ed0200fb8e
  • SHA256:
    3af042bd0b5a186b98920cf0b7066344609d6d6deb163ffb0b60325dcca66e44
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 17/64
malicious
Score: 7/39
malicious

IPs

IP Country Detection
64.227.108.27
 United States
45.8.146.139
 Russian Federation

Domains

Name IP Detection
alexbionka.com
 64.227.108.27

URLs

Name Detection
alexbionka.com
http://alexbionka.com/
http://45.8.146.139/fhfty/A2-7QTSJAH4Z96EKN5E88X3UNK3NGY5I/loader_p3_dll_64_n5_c
Click to see the 4 hidden entries
http://45.8.146
http://45.8.146.139/fhfty/A2-7QTSJAH4Z96EKN5E88X3UNK3NGY5I/loader_p3_dll_64_n5_crypt_x64_asm_clone_n13.dll
http://45.8.146.139/fhfty/A2-7QTSJAH4Zf
http://45.8.146.139/fhfty/A2-7QTSJAH4Z96EKN5E88X3UNK3NGY5I/loader_p3_dll_64_n5_crypt_x64_asm_clone_n

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\loader_p3_dll_64_n3_crypt_x64_asm_clone_n14[1].dll
 PE32+ executable (DLL) (console) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\r9093.tmp.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\y875E.tmp.dll
 PE32+ executable (DLL) (console) x86-64, for MS Windows
 #
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Temp\~DF612CB1A14F491B4E.TMP
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\11977CC7.png
 PNG image data, 636 x 613, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3DB7145E.png
 PNG image data, 440 x 440, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{27A0920F-83BA-451C-A370-247C29EA575C}.tmp
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5E7AB36F-70CF-4FF1-BE43-961032978C36}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7180F76F-1528-4360-9534-25B0235971A3}.tmp
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\courtesyautomotivedoc08.11.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:56 2022, mtime=Tue Mar 8 15:45:56 2022, atime=Thu Aug 11 23:38:17 2022, length=2256492, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
 Little-endian UTF-16 Unicode text, with no line terminators
 #
C:\Users\user\Desktop\~$urtesyautomotivedoc08.11.doc
 data
 #