DHL-DeliveryReport (ORDER# LD-1586140381).pdf

Status: finished

Submission Time: 2019-11-18 19:10:10 +01:00

Malicious

Comments

Details

Analysis ID:
190461
API (Web) ID:
279134
Analysis Started:

2019-11-18 19:10:11 +01:00
Analysis Finished:

2019-11-18 19:18:24 +01:00
MD5:
5d55efcc64d5ca70a9bcd7c869571d64
SHA1:
71a755ea367440f04ce14461da5623f1c512b14a
SHA256:
f8a41ab2b4e6b9d37bb674d1f44fe6ea4a85d4242e3365cda466092526cce97c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 56	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
198.23.189.47	United States
52.208.212.211	United States
54.154.151.160	United States
Click to see the 2 hidden entries
67.199.248.11	United States
3.3.0.2	United States

Domains

Name	IP	Detection
losscontrol360.ru	198.23.189.47
bit.ly	67.199.248.10
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com	54.154.151.160
Click to see the 4 hidden entries
p.typekit.net	0.0.0.0
assets.adobedtm.com	0.0.0.0
dpm.demdex.net	0.0.0.0
adobe.demdex.net	0.0.0.0

URLs

Name	Detection
https://losscontrol360.ru/favicon.icoLMEM
https://losscontrol360.ru/erfd/a0lfbkq4v93c78ndmjxhwy6z52uor1tgiesp4
https://losscontrol360.ru/erfd/a0lfbkq4v93c78ndmjxhwy6z52uor1tgiesp/images/bg_form.png
Click to see the 97 hidden entries
https://losscontrol360.ru/erfd/?Orderid=74784ru/erfd/?Orderid=74784wEx0
https://losscontrol360.ru/erfd/a0lfbkq4v93c78ndmjxhwy6z52uor1tgiesp/
https://losscontrol360.ru/erfd/?Orderid=74784.ru/erfd/a0lfbkq4v93c78ndmjxhwy6z52uor1tgiesp/ndsfffphx
https://losscontrol360.ru/erfd/a0lfbkq4v93c78ndmjrand=121nboxLightning.aspox?u=1776756418&fid=4
https://losscontrol360.ru/erfd/a0lfbkq4v93c78ndmjz52uor1tgiesp/ndsfffphxv5yp96lphppcerp.php?Gandi=29
https://losscontrol360.ru/erfd/a0lfbkq4v93c78ndmjxhwy6z52uor1tgiesp/images/bg_form.pngF.
https://losscontrol360.ru/erfd/?Orderid=74784tion
http://auto.search.msn.com/response.asp?MT=
http://search.yahoo.co.jp/favicon.ico
http://www.servicios.clarin.com/
http://www.ceneo.pl/favicon.ico
http://busca.orange.es/
http://it.search.yahoo.com/
http://cnweb.search.live.com/results.aspx?q=
http://www.tiscali.it/favicon.ico
http://www.twitter.com/
http://www.cdiscount.com/
http://www.news.com.au/favicon.ico
http://www.target.com/
http://ariadna.elmundo.es/
http://service2.bfast.com/
http://www.soso.com/
http://search.centrum.cz/favicon.ico
http://stevenwanderski.com
https://bit.ly/2OcH1S7m/
http://www.iask.com/
http://search.orange.co.uk/favicon.ico
http://www.linternaute.com/favicon.ico
http://www.auction.co.kr/auction.ico
http://search.ipop.co.kr/
http://www.univision.com/favicon.ico
http://www.soso.com/favicon.ico
http://www.rtl.de/
http://stilldesigning.com)
http://search.gismeteo.ru/
http://www.google.fr/
http://www.asharqalawsat.com/favicon.ico
http://www.cdiscount.com/favicon.ico
http://www.amazon.co.uk/
http://search.daum.net/favicon.ico
http://www.cnet.com/favicon.ico
http://ie.search.yahoo.com/os?command=
http://www.etmall.com.tw/
http://www.taobao.com/favicon.ico
http://www.nytimes.com/
http://list.taobao.com/
http://search.msn.com/results.aspx?q=
https://adobe.demdex.net/dest5.html?d_nsid=3tion
http://search.goo.ne.jp/favicon.ico
http://www.kkbox.com.tw/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://getify.mit-license.org
http://search.hanafos.com/favicon.ico
http://it.search.dada.net/favicon.ico
https://home.mcafee.com/root/campaign.aspx?cid=64986
http://www.etmall.com.tw/favicon.ico
http://www.ya.com/favicon.ico
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://www.reddit.com/
http://msk.afisha.ru/
https://mssplus.mcafee.com/mssplus.txt?
http://search.msn.co.jp/results.aspx?q=
http://www.opensource.org/licenses/mit-license.php
http://in.search.yahoo.com/
http://jqueryui.com/themeroller/?ffDefault=Verdana
http://fr.search.yahoo.com/
http://brothercake.com/site/resources/scripts/onload/
http://w.b
http://prototypejs.org)
http://www.dailymail.co.uk/
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://search.chol.com/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://search.nifty.com/
http://www.gmarket.co.kr/
https://bit.ly/2OcH1S7s
http://openimage.interpark.com/interpark.ico
http://search.sify.com/
http://www.ozu.es/favicon.ico
http://uk.search.yahoo.com/
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
http://browse.guardian.co.uk/favicon.ico
http://www.google.si/
http://sads.myspace.com/
http://www.amazon.de/
http://search.auction.co.kr/
http://www.google.it/
https://bit.ly/2OcH1S7of
https://bit.ly/2OcH1S7)
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://benalman.com/projects/jquery-outside-events-plugin/
http://buscar.ozu.es/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\navcancl[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
Click to see the 44 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\p[1].gif	GIF image data, version 89a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\a0lfbkq4v93c78ndmjxhwy6z52uor1tgiesp[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\checkboxes[1].png	PNG image data, 86 x 23, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\dest5[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\ndsfffphxv5yp96lphppcerp[1].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\reader_windows[1].gif	GIF image data, version 89a, 316 x 130	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\background[1].png	PNG image data, 5 x 600, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\ndsfffphxv5yp96lphppcerp[1].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KRHE4CQY\yoe7ink-d[1].css	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\bxslider[1].js	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\core[1].css	ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\jquery-ui.min[1].js	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\reader[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QESP4GEJ\yoe7ink[1].htm	HTML document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\dat2BC8.tmp	Web Open Font Format, TrueType, length 25996, version 0.0	#
C:\Users\user\AppData\Local\Temp\~DF56AD7E7ED900D275.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF799FD1857AEE4C78.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFE50A00FF70F00856.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	#
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-191119031133Z-213.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32	#
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	#
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.4640	PostScript document text	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\0QZMDP18\get.adobe[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C8348B3-0A7A-11EA-AAE0-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C8348B5-0A7A-11EA-AAE0-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85B04D1A-0A7A-11EA-AAE0-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\typalil\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\2OcH1S7[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

DHL-DeliveryReport (ORDER# LD-1586140381).pdf

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

DHL-DeliveryReport (ORDER# LD-1586140381).pdf Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

DHL-DeliveryReport (ORDER# LD-1586140381).pdf