Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Request_12_11.doc

Status: finished
Submission Time: 2019-12-11 22:31:42 +01:00
Malicious
Exploiter

Comments

Tags

Details

  • Analysis ID:
    195562
  • API (Web) ID:
    289127
  • Analysis Started:
    2019-12-11 22:31:46 +01:00
  • Analysis Finished:
    2019-12-11 22:46:52 +01:00
  • MD5:
    b6c16f14dad19e610ed76b98f0ccfe48
  • SHA1:
    9bc06c3f33da1b162ad498800eb1188930aff29e
  • SHA256:
    5ee3d065464616384bbca956ee181d8bbaa5de7114698cb79fd087cd3f2745b7
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 80
System: unknown
Full Report Management Report IOC Report
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
Full Report Management Report IOC Report
malicious
Score: 80
System: unknown
Run Condition: Without Instrumentation

Third Party Analysis Engines

Open Full Report
malicious
Score: 15/61

IPs

IP Country Detection
37.230.114.73
 Russian Federation

Domains

Name IP Detection
toortoctel.com
 37.230.114.73

URLs

Name Detection
http://toortoctel.com/effinz/cyaess.php?l=satury11.cabquot;a
http://toortoctel.com/effinz/cyaess.php?l=satury11.cab
http://toortoctel.com/effinz/cyaess.php?l=satu
Click to see the 1 hidden entries
http://toortoctel.com/effinz/cyaess.php?l=satury11.cab;

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\42ADB476.png
 PNG image data, 1230 x 390, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{01CAAE30-D7A8-4D17-A4E2-5DEC5895E0DE}.tmp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1B122321-A94F-4C49-B392-832599B83BA6}.tmp
 data
 #
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1E612B9F-EB45-4B49-9EC1-09605186F7D4}.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Request_12_11.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Sep 24 13:01:37 2017, mtime=Sun Sep 24 13:01:37 2017, atime=Wed Dec 11 20:32:56 2019, length=61747, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
 data
 #
C:\Users\user\Desktop\~$quest_12_11.doc
 data
 #
C:\Windows\Temp\aVAJ9Y.xsl
 XML 1.0 document text (XSL stylesheet)
 #