Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

PO0000001552.xls

Status: finished
Submission Time: 2022-11-13 19:26:12 +01:00
Malicious
Trojan
Exploiter
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    745091
  • API (Web) ID:
    1112395
  • Analysis Started:
    2022-11-13 19:26:12 +01:00
  • Analysis Finished:
    2022-11-13 19:32:27 +01:00
  • MD5:
    ecdc3f1e9afd2ce212a12ba3a844f521
  • SHA1:
    0121ba555dfe0b42834759d201cce505bd619f86
  • SHA256:
    1e494fd9ec670e351dd80258489770ffa43ee6f4be3e14c797f7ce64ae8e9d43
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 41/62
malicious

IPs

IP Country Detection
103.43.75.120
 Japan
110.232.117.186
 Australia
213.239.212.5
 Germany
Click to see the 55 hidden entries
5.135.159.50
 France
173.255.211.88
 United States
212.24.98.99
 Lithuania
186.194.240.217
 Brazil
91.187.140.35
 Serbia
119.59.103.152
 Thailand
159.89.202.34
 United States
201.94.166.162
 Brazil
160.16.142.56
 Japan
103.75.201.2
 Thailand
91.207.28.33
 Kyrgyzstan
164.90.222.65
 United States
188.44.20.25
 Macedonia
45.235.8.30
 Brazil
153.126.146.25
 Japan
72.15.201.15
 United States
82.223.21.224
 Spain
173.212.193.249
 Germany
95.217.221.146
 Germany
149.56.131.28
 Canada
209.97.163.214
 United States
182.162.143.56
 Korea Republic of
1.234.2.232
 Korea Republic of
129.232.188.93
 South Africa
94.23.45.86
 France
185.4.135.165
 Greece
103.132.242.26
 India
104.168.155.143
 United States
79.137.35.198
 France
45.118.115.99
 Indonesia
172.104.251.154
 United States
115.68.227.76
 Korea Republic of
163.44.196.120
 Singapore
206.189.28.199
 United States
45.63.99.23
 United States
107.170.39.149
 United States
197.242.150.244
 South Africa
172.105.226.75
 United States
183.111.227.137
 Korea Republic of
45.176.232.124
 Colombia
139.59.56.73
 Singapore
169.57.156.166
 United States
164.68.99.3
 Germany
139.59.126.41
 Singapore
167.172.253.162
 United States
147.139.166.154
 United States
202.129.205.3
 Thailand
167.172.199.165
 United States
153.92.5.27
 Germany
159.65.140.115
 United States
159.65.88.10
 United States
175.98.167.165
 Taiwan; Republic of China (ROC)
47.92.35.35
 China
81.68.152.197
 China
41.63.0.22
 Zambia

Domains

Name IP Detection
sbm.xinmoshiwang.com
 47.92.35.35
datie-tw.com
 175.98.167.165
copunupo.ac.zm
 41.63.0.22
Click to see the 1 hidden entries
ly.yjlianyi.top
 81.68.152.197

URLs

Name Detection
https://182.162.143.56/qqvehgyxm/bitss/ktcpnaio/
https://182.162.143.56/tkafmhcgcid/
http://sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/
Click to see the 97 hidden entries
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
https://apis.live.net/v5.0/
http://weather.service.msn.com/data.aspx
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
https://45.63.99.23:7080/tkafmhcgcid/8eM
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
https://ncus.contentsync.
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://consent.config.office.com/consentcheckin/v1.0/consents
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://outlook.office365.com/autodiscover/autodiscover.json
https://prod-global-autodetect.acompli.net/autodetect
https://analysis.windows.net/powerbi/api
https://officesetup.getmicrosoftkey.com
https://dataservice.o365filtering.com/
https://graph.windows.net
https://45.63.99.23:7080/b
https://api.addins.store.officeppe.com/addinstemplate
https://web.microsoftstream.com/video/
https://api.powerbi.com/v1.0/myorg/groups
https://outlook.office365.com/api/v1.0/me/Activities
https://webshell.suite.office.com
https://outlook.office365.com/
https://storage.live.com/clientlogs/uploadlocation
https://outlook.office.com/
https://substrate.office.com/search/api/v2/init
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
https://entitlement.diagnostics.office.com
https://45.63.99.23:7080/qqvehgyxm/bitss/ktcpnaio/%
https://clients.config.office.net/user/v1.0/android/policies
https://asgsmsproxyapi.azurewebsites.net/
https://incidents.diagnosticssdf.office.com
https://api.office.net
https://www.odwebp.svc.ms
https://o365auditrealtimeingestion.manage.office.com
https://insertmedia.bing.office.net/odc/insertmedia
https://45.63.99.23:7080/2
https://182.162.143.56/
https://clients.config.office.net/user/v1.0/ios
https://incidents.diagnostics.office.com
https://wus2.contentsync.
https://outlook.office365.com
https://management.azure.com
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
https://messaging.lifecycle.office.com/
https://powerlift.acompli.net
https://ofcrecsvcapi-int.azurewebsites.net/
https://api.aadrm.com/
https://182.162.143.56/qqvehgyxm/bitss/ktcpnaio/F
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://entitlement.diagnosticssdf.office.com
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
https://cloudfiles.onenote.com/upload.aspx
https://api.powerbi.com/v1.0/myorg/imports
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://cortana.ai
https://lookup.onenote.com/lookup/geolocation/v1
https://rpsticket.partnerservices.getmicrosoftkey.com
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
https://clients.config.office.net/user/v1.0/tenantassociationkey
https://api.addins.omex.office.net/appinfo/query
https://cdn.entity.
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://roaming.edog.
https://autodiscover-s.outlook.com/
http://ly.yjlianyi.top/wp-admin/4cChao/
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
https://shell.suite.office.com:1443
https://login.microsoftonline.com/
https://45.63.99.23:7080/tkafmhcgcid/
https://api.diagnosticssdf.office.com
https://dev0-api.acompli.net/autodetect
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://messaging.engagement.office.com/
https://globaldisco.crm.dynamics.com
https://outlook.office.com/autosuggest/api/v1/init?cvid=
https://api.aadrm.com
https://store.office.cn/addinstemplate
https://my.microsoftpersonalcontent.com
https://api.scheduler.
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
https://api.diagnosticssdf.office.com/v2/feedback
https://officeci.azurewebsites.net/api/
https://tasks.office.com
https://powerlift-frontdesk.acompli.net
https://res.getmicrosoftkey.com/api/redemptionevents
https://graph.ppe.windows.net
https://45.63.99.23:7080/qqvehgyxm/bitss/ktcpnaio/
https://portal.office.com/account/?ref=ClientMeControl
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
https://cr.office.com
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
https://api.microsoftstream.com/api/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\98S549LJ\o0oHPECmC0WPIXcvQPJOXzFOO7w00z7mkDO[1].dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CE8D676K\EvvmhfKiKFhKrSuHfBq[1].dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Users\user\elv2.ooocccxxx
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
Click to see the 12 hidden entries
C:\Users\user\elv3.ooocccxxx
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
 JSON data
 #
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview.ttf
 TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_17RegularVersion 4.17;O365
 #
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E9097BEB-F41B-41FA-A529-2854DCDBD67E
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
 XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
 data
 #
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
 data
 #
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\9aad439831564ef9f88438a70a63c87e26ef3852.tbres
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PO0000001552.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 30 12:46:13 2022, mtime=Sun Nov 13 17:26:48 2022, atime=Sun Nov 13 17:26:48 2022, length=93184, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 Generic INItialization configuration [xls]
 #
C:\Windows\System32\GanZhs\FrugrCuQjdEr.dll (copy)
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Windows\System32\XEzXl\JZazaZgAOY.dll (copy)
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #