top title background image
flash

VERDI.doc

Status: finished
Submission Time: 2019-12-03 06:44:48 +01:00
Malicious
Exploiter

Comments

Tags

Details

  • Analysis ID:
    193292
  • API (Web) ID:
    284716
  • Analysis Started:
    2019-12-03 06:44:51 +01:00
  • Analysis Finished:
    2019-12-03 07:02:28 +01:00
  • MD5:
    1304606861c8d05f5bba92d225adc69a
  • SHA1:
    65c3c7a7275a171016d7c9d89a5ac9778eea79a9
  • SHA256:
    5b1aefba63993d6ec0520ed9c482641f6b3caac04c143a065d8c518f89321405
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 84
System: unknown
malicious
Score: 64
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
malicious
Score: 84
System: unknown
Run Condition: Without Instrumentation

Third Party Analysis Engines

malicious
Score: 27/63
malicious
malicious

IPs

IP Country Detection
192.119.106.235
United States

URLs

Name Detection
http://192.119.106.235/mswordupd.tmp
http://pur/elements/1.1/xmphttp://nsom/xap/1.0/xmpidqhttp://nsom/xmp/Identifier/qual/1.0/shttp://ns.
http://ns.adbe.
Click to see the 1 hidden entries
http://ns.ad

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$VERDI.doc
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\13DA4343.wmf
ms-windows metafont .wmf
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4703E149.jpeg
[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=3, software=Adobe Photoshop CS6 (Windows), datetime=2019:10:18 12:40:39], baseline, precision 8, 620x100, frames 3
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4FF15462.wmf
Targa image data - Map - RLE 65536 x 65536 x 0 "\021"
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8A6D1C68.dat
Targa image data - Map - RLE 17 x 65536 x 0 +4 "\021"
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B831BC34.wmf
Targa image data - Map - RLE 65536 x 65536 x 0 "\021"
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{56AE963E-7F84-4C4D-AB85-0E0AE69A7F2E}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5A0184D2-867C-4D19-9D01-A2038572E237}.tmp
data
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\Word8.0\INKEDLib.exd
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\VERDI.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Sep 24 13:01:36 2017, mtime=Sun Sep 24 13:01:36 2017, atime=Tue Dec 3 04:45:54 2019, length=94161, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#