top title background image
flash

Quote No 2118013.doc

Status: finished
Submission Time: 2023-02-01 22:19:14 +01:00
Malicious
Trojan
Exploiter
Evader
Nanocore

Comments

Tags

  • CVE-2017-11882
  • doc
  • NanoCore

Details

  • Analysis ID:
    796483
  • API (Web) ID:
    1163706
  • Analysis Started:
    2023-02-01 22:32:21 +01:00
  • Analysis Finished:
    2023-02-01 22:45:48 +01:00
  • MD5:
    342550e9ccd167df75606545a53e9b0a
  • SHA1:
    30f28411b298aeda401364af8f27f164d634a567
  • SHA256:
    9ab75f3c60adc58693a916cac8ec6dbe53f32d5355ab5db8587693c0426be40b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 30/60
malicious
Score: 17/26
malicious

IPs

IP Country Detection
115.186.131.16
Pakistan
45.137.65.132
Netherlands

Domains

Name IP Detection
boele.duckdns.org
45.137.65.132
ask6.awt.com.pk
115.186.131.16

URLs

Name Detection
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exeC
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exeS
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exeooC:
Click to see the 6 hidden entries
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exe
boele.duckdns.org
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exedoC:
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exej
http://nsis.sf.net/NSIS_ErrorError
http://google.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\stanmac2.1[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\AppData\Roaming\word.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\AppData\Roaming\ilkqegcy\jfcarlsrvb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\Temp\rnixgfly.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
data
#
C:\Users\user\Desktop\~$ote No 2118013.doc
data
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [doc]
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Quote No 2118013.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:59 2022, mtime=Tue Mar 8 15:45:59 2022, atime=Thu Feb 2 05:33:18 2023, length=715212, window=hide
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\storage.dat
data
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\settings.bin
data
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat
data
#
C:\Users\user\AppData\Local\Temp\vvnwaf.f
data
#
C:\Users\user\AppData\Local\Temp\somvwkehjlp.rt
data
#
C:\Users\user\AppData\Local\Temp\nsl3E1A.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E00A286F-D9E2-457B-B119-BAD556F2C91B}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D6D5F209-138C-443D-8A21-E23B722EB3AB}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0A4B3911-FEFD-4AA5-A41A-6550C2F96D9E}.tmp
data
#