Register Login

sloganpng

top title background image

template[1].doc

Status: finished

Submission Time: 2022-08-14 08:34:15 +02:00

Malicious

Exploiter

Evader

Comments

Tags

Details

Analysis ID:
683638
API (Web) ID:
1051127
Analysis Started:

2022-08-14 08:38:11 +02:00
Analysis Finished:

2022-08-14 08:45:00 +02:00
MD5:
8f21756219d4e736219011174eb0534b
SHA1:
4429c35b62d55abe159e130c095fc988e640f3fd
SHA256:
394c97cc9d567e556a357f129aea03f737cbd2a1761df32146ef69d93afc73dc
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 8/64

malicious

IPs

IP	Country	Detection
64.52.80.180	United States
142.250.185.228	United States
64.52.80.45	United States

Domains

Name	IP	Detection
com.lightbuzear.buzz	64.52.80.180
www.google.com	142.250.185.228
worldoptions.buzz	64.52.80.45

URLs

Name	Detection
http://worldoptions.buzz/agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.mp4
http://worldoptions.buzz/agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.png
https://com.lightbuzear.buzz/Kolpt523ytcserstrew/torel
Click to see the 13 hidden entries
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net03
https://com.lightbuzear.buzz/
https://www.Google.com/
https://com.lightbuzear.buzz/Kolpt523ytcserstrew/torelEu
https://com.lightbuzear.buzz/Kolpt523ytcserstrew/torel1ci
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
https://www.google.com/
http://crl.entrust.net/2048ca.crl0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\wnitmpo.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\~DF3EAF6279D3B942E8.TMP	Composite Document File V2 Document, Cannot read section info	#
Click to see the 10 hidden entries
C:\ProgramData\Windose.txt	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu[1].mp4	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu[1].png	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{78D6FE31-C42D-4CC6-B0D1-824575AF05A9}.tmp	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2837334C-3C28-47DF-B8E9-7A311DBFF213}.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D74B366-D4C8-464E-A7CA-80C94D1A45EA}.tmp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\template[1].LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:55 2022, mtime=Tue Mar 8 15:45:55 2022, atime=Sun Aug 14 14:38:14 2022, length=51033, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	#
C:\Users\user\Desktop\~$mplate[1].doc	data	#