top title background image
flash

12-09-2022 SİPARİŞ.docx.doc

Status: finished
Submission Time: 2022-09-12 13:44:09 +02:00
Malicious
Trojan
Exploiter
Evader
AdWind

Comments

Tags

  • doc

Details

  • Analysis ID:
    701320
  • API (Web) ID:
    1068788
  • Analysis Started:
    2022-09-12 13:44:10 +02:00
  • Analysis Finished:
    2022-09-12 14:00:44 +02:00
  • MD5:
    7e8133cf5f56adcfafb9bc91390c9fe7
  • SHA1:
    2cc6471245901e51565ad69df6b8586629965cf1
  • SHA256:
    7859fd95c60a0d76fa99eb42277501b20f76a377c1395b504acff5dd22533027
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 80
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

malicious
Score: 11/63
malicious
Score: 11/41

URLs

Name Detection
http://xml.org/sax/features/use-entity-resolver2
http://apache.org/xml/features/include-comments0
http://java.sun.com/xml/stream/properties/ignore-external-dtdV
Click to see the 97 hidden entries
http://apache.org/xml/features/validation/balance-syntax-trees
http://xml.org/sax/features/allow-dtd-events-after-endDTD
http://java.sun.com/dtd/properties.dtd
http://apache.org/xml/features/standard-uri-conformanter2
http://apache.org/xml/features/generate-synthetic-annotations
http://apache.org/xml/features/
http://xml.org/sax/properties/C
http://java.oracle.com/
http://apache.org/xml/properties/internal/entity-resolver
http://bugreport.sun.com/bugreport/
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
http://apache.org/xml/properties/internal/validation/schema/dv-factory7
http://apache.org/xml/properties/internal/document-scanner
http://apache.org/xml/features/standard-uri-conformant
http://apache.org/xml/features/continue-after-fatal-error
http://apache.org/xml/features/validation/schema/normalized-valueB
http://apache.org/xml/features/nonvalidating/load-external-dtd:
http://java.sun.com/xml/stream/properties/report-cdata-event
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
http://apache.org/xml/properties/dom/current-element-node9
http://apache.org/xml/features/internal/tolerate-duplicatesY
http://apache.org/xml/features/scanner/notify-char-refs
http://apache.org/xml/properties/security-manager
http://apache.org/xml/features/validation/schema-full-checkingP
http://apache.org/xml/properties/internal/error-handler
http://xml.org/sax/features/
http://apache.org/xml/properties/schema/external-schemaLocation
http://apache.org/xml/features/validation/warn-on-undeclared-elemdefs
http://apache.org/xml/properties/internal/dtd-scanner
http://apache.org/xml/features/validation/schema
http://www.oracle.com/feature/use-service-mechanismjectI
http://java.sun.com/xml/stream/properties/
http://apache.org/xml/features/namespace-growthK
http://java.sun.com/xml/dom/properties/ancestor-check
http://apache.org/xml/features/validation/schema/augment-psvic
http://apache.org/xml/features/include-comments
http://apache.org/xml/properties/internal/xinclude-handler
http://apache.org/xml/properties/internal/namespace-context:
http://apache.org/xml/features/scanner/notify-builtin-refs7
http://xml.org/sax/features/validation
http://apache.org/xml/properties/internal/namespace-contextk5p
http://apache.org/xml/features/validation/schema/augment-psviK
http://ipinfo.io/ipX
http://javax.xml.XMLConstants/property/accessExternalDTD;
http://apache.org/xml/properties/internal/namespace-binder
http://apache.org/xml/features/validation/balance-syntax-treesK
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation;
http://apache.org/xml/features/internal/tolerate-duplicatesO
http://apache.org/xml/features/internal/parser-settings
http://apache.org/xml/properties/internal/symbol-tableQ
http://apache.org/xml/properties/dom/document-class-name$
http://apache.org/xml/features/namespace-growth
http://apache.org/xml/properties/internal/dtd-processor
http://apache.org/xml/features/dom/create-entity-ref-nodes?
http://apache.org/xml/properties/internal/entity-manager
http://apache.org/xml/properties/internal/namespace-contextV
http://java.oracle.com/sha
http://apache.org/xml/properties/schema/external-schemaLocation(
http://apache.org/xml/features/standard-uri-conformantK
http://apache.org/xml/features/validate-annotations
http://apache.org/xml/features/dom/include-ignorable-whitespace
http://apache.org/xml/features/internal/parser-settingss8q
http://apache.org/xml/properties/internal/validator/schema
http://apache.org/xml/properties/internal/datatype-validator-factory
http://apache.org/xml/properties/input-buffer-size
http://apache.org/xml/properties/internal/validator/dtd
http://xml.org/sax/features/tream$PutFie
http://java.sun.com/xml/schema/features/
http://apache.org/xml/features/validation/schema/augment-psvi
http://apache.org/xml/features/validation/dynamic
http://java.sun.com/xml/dom/properties/(
http://apache.org/xml/features/dom/create-entity-ref-nodes
http://apache.org/xml/features/xinclude/fixup-base-uris
http://xml.org/sax/properties/(
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace;
http://javax.xml.XMLConstants/property/accessExternalSchema
http://apache.org/xml/features/scanner/notify-char-refsC
http://java.sun.com/dtd/properties.dtd3
http://ipinfo.io/
http://apache.org/xml/features/;
http://apache.org/xml/features/warn-on-duplicate-entitydef
http://apache.org/xml/properties/internal/namespace-context
http://apache.org/xml/properties/internal/error-reporter
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
http://apache.org/xml/properties/internal/grammar-pool6
http://javax.xml.XMLConstants/property/accessExternalSchemas3p
http://javax.xml.XMLConstants/feature/secure-processing
http://apache.org/xml/features/xinclude/fixup-base-uris6
http://apache.org/xml/features/3
http://apache.org/xml/features/scanner/notify-char-refs3
http://apache.org/xml/properties/internal/stax-entity-resolver
http://javax.xml.XMLConstants/property/accessExternalDTDs
http://apache.org/xml/properties/internal/document-scannerk
http://java.sun.com/xml/dom/properties/
http://apache.org/xml/features/create-cdata-nodes
http://xml.org/sax/features/allow-dtd-events-after-endDTD=
http://apache.org/xml/properties/internal/document-scanner7

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\a0v2H8.jar
Zip archive data, at least v2.0 to extract
#
C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7c05.timestamp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\37821B9D.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5AF0F4FA.png
PNG image data, 706 x 366, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C420CB3.PNG
PNG image data, 1037 x 72, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D598F5A9-41E1-44C7-8D38-8B82E1D2FAA1}.tmp
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FFCC0C1-FAE9-48A2-A197-5DE81C053074}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D9320A51-5E17-41AC-AA14-257027C1CCDA}.tmp
data
#
C:\Users\user\AppData\Local\Temp\a0v2H8.jar:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\12-09-2022 S#U0130PAR#U0130#U015e.docx.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:52 2022, mtime=Tue Mar 8 15:45:52 2022, atime=Mon Sep 12 19:45:10 2022, length=258604, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\Desktop\~$-09-2022 S#U0130PAR#U0130#U015e.docx.doc
data
#