Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

t8qMNrxKz5.pptx

Status: finished
Submission Time: 2019-10-10 20:51:56 +02:00
Clean

Comments

Tags

Details

  • Analysis ID:
    182066
  • API (Web) ID:
    262831
  • Analysis Started:
    2019-10-10 20:51:57 +02:00
  • Analysis Finished:
    2019-10-10 21:03:05 +02:00
  • MD5:
    808740712f03564e23b17c6a95135d27
  • SHA1:
    23f4598df0e3ebfb47edf8961065b15589b323d8
  • SHA256:
    54d7eab128518a1c88549e374d7acedfd789a0d2d926563c32956c34a633d11a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
clean
Score: 0
System: unknown
Full Report Management Report IOC Report
clean
Score: 1
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

URLs

Name Detection
https://login.windows.net/common/oauth2/authorizeS
https://contentstorage.osi.office.net/dynamiccanvas/progressui/index.html
https://api.diagnosticssdf.office.comO
Click to see the 97 hidden entries
http://www.jiyu-kobo.co.jp/TC
https://login.windows.net/common/oauth2/authorizeB
https://login.windows.net/common/oauth2/authorizeA
https://contentstorage.Jv
https://login.windows.net/common/oauth2/authorizeO
https://storage.live.com/clientlogs/uploadlocation
https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13xv
https://hubblecontent.osi.office.net/contentsvc/api/telemetry
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
https://entitlement.diagnostics.office.com
https://login.windows.net/common/oauth2/authorize=
https://www.odwebp.svc.msom
https://login.windows.net/common/oauth2/authorizeQ
https://login.windows.net/common/oauth2/authorizerizeV
https://login.windows.net/common/oauth2/authorize_
https://shell.suite.office.com:1443n
https://outlook.office365.com/api/v1.0/me/Activities
https://clients.config.office.net/user/v1.0/ios
https://login.windows.net/common/oauth2/authorizeb
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile$
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
https://osi.office.netst
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
https://login.windows.net/common/oauth2/authorizey
https://login.windows.net/common/oauth2/authorizex
https://store.office.de/addinstemplate
https://api.diagnostics.office.com
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp0;
https://substrate.office.comrl
http://www.jiyu-kobo.co.jp/jp/
https://powerlift-frontdesk.acompli.netPowerL
https://augloop.office.com
https://onedrive.live.com/embed?
https://visio.uservoice.com/forums/368202-visio-on-devices
https://skyapi.live.net/Activity/
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://contentstorage.osi.office.net/dynamiccanvas/documentvirality/prod/index.htmlTellMeSu
https://login.windows.net/common/oauth2/authorize)
https://store.officeppe.com/addinstemplateB
https://messaging.office.com/
https://devnull.onenote.com
https://graph.windows.net/
http://www.sandoll.co.kr
https://login.windows.net/common/oauth2/authorize3
https://login.windows.net/common/oauth2/authorize1
https://login.windows.net/common/oauth2/authorize0
https://globaldisco.crm.dynamics.comi
https://login.windows-ppe.net/common/oauth2/authorizedN
https://outlook.office365.com/ourshod
http://www.jiyu-kobo.co.jp/)
https://cr.office.com
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
https://api.microsoftstream.com/api/
https://cr.office.comsR
http://www.founder.com.cn/cnht
https://api.aadrm.com/
https://devnull.onenote.comId
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
http://schemas.open
https://settings.outlook.comq
https://lookup.onenote.com/lookup/geolocation/v1
http://www.sandoll.co.kr)
https://rpsticket.partnerservices.getmicrosoftkey.com
https://incidents.diagnostics.office.com)
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
https://cdn.entity.
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://entity.osi.office.net/t
http://www.goodfont.co.krmTF?
https://login.windows-ppe.net/common/oauth2/authorizeuN
https://hubblecontent.osi.office.net/contentsvc/microsofticon?
https://web.microsoftstream.com/video/
http://weather.service.msn.com/data.aspx
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
https://powerlift.acompli.nety
http://www.jiyu-kobo.co.jp/iv
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
http://www.jiyu-kobo.co.jp/x
https://substrate.office.comz
https://substrate.office.coms
https://onedrive.live.com/embed?s
https://graph.windows.net
https://management.azure.comW
http://www.jiyu-kobo.co.jp/kCS
https://shell.suite.office.com:1443
https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3dw
https://api.powerbi.com/v1.0/myorg/groups
https://www.odwebp.svc.ms
https://hubblecontent.osi.office.net/contentsvc/browse?
https://wus2-000.pagecontentsync.
https://login.windows.net/common/oauth2/authorize&
https://store.office.cn/addinstemplate
https://ogma.osi.office.net/TradukoApi/api/v1.0/
https://officeci.azurewebsites.net/api/
https://tasks.office.com
https://res.getmicrosoftkey.com/api/redemptionevents

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5C7C860B-3C29-4594-A69A-9D254ADEAC32
 XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml
 XML 1.0 document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db
 SQLite 3.x database, last written using SQLite version 3019003
 #
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal
 data
 #
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-wal
 SQLite Write-Ahead Log, version 3007000
 #
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db.session
 SQLite 3.x database, last written using SQLite version 3019003
 #
C:\Users\user\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db.session-journal
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2CF84973.bin
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D8181D6D.wmf
 Targa image data - Map - RLE 28 x 65536 x 0 +3 "\005"
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\t8qMNrxKz5.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu May 23 20:37:23 2019, mtime=Fri Oct 11 02:57:55 2019, atime=Fri Oct 11 02:57:43 2019, length=481572, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
 Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Users\user\Desktop\ppt4A51.tmp
 data
 #
C:\Users\user\Desktop\ppt4A51.tmp:Zone.Identifier
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\~$t8qMNrxKz5.pptx
 data
 #