Register Login

sloganpng

top title background image

form.doc

Status: finished

Submission Time: 2020-02-17 20:10:17 +01:00

Malicious

E-Banking Trojan

Trojan

Evader

Emotet

Comments

Tags

Details

Analysis ID:
208880
API (Web) ID:
315109
Analysis Started:

2020-02-17 20:10:21 +01:00
Analysis Finished:

2020-02-17 20:18:36 +01:00
MD5:
5b101da4ee2714a73444b8c8b62307b2
SHA1:
ae4e0491b2d256266892aafa58d02c341625bfcd
SHA256:
05b0cccc569850310ab912b52a3b9d37fe0f32029c5b5443b4aca76184224bd1
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: unknown

Third Party Analysis Engines

Open Full Report

malicious

Score: 39/62

malicious

malicious

IPs

IP	Country	Detection
98.239.119.52	United States
104.236.28.47	United States
205.144.171.44	United States
Click to see the 4 hidden entries
71.126.247.90	United States
13.85.72.129	United States
80.86.91.91	Germany
104.31.68.30	United States

Domains

Name	IP	Detection
thebluebearyhillproject.com	205.144.171.44
sportnal.azurewebsites.net	0.0.0.0
teeo.highoninfo.com	104.31.68.30
Click to see the 1 hidden entries
waws-prod-sn1-081.cloudapp.net	13.85.72.129

URLs

Name	Detection
http://sportnal.azurewebsites.net/calendar/Xzoo/
http://thebluebearyhillproject.com/wp-admin/q07/
http://teeo.highoninfo.com/wp-admin/1tx/
Click to see the 2 hidden entries
http://98.239.119.52/VgwZzucbO28XwD/OLIsQLqeqyzclLWVv/dDqe/wmOuSU/6FaQefiFlRcfZlz/
https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\317.exe	data	#
C:\Users\user\Desktop\~$form.doc	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D32B9406-F01F-40D8-83CD-7625E857602F}.tmp	data	#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd	data	#
C:\Users\user\AppData\Local\Temp\imgs\cscheme.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\imgs\editdata.mso	data	#
C:\Users\user\AppData\Local\Temp\imgs\filelist.xml	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\imgs\img001.jpg	[TIFF image data, little-endian, direntries=1, copyright=AoohbvdsjsiVargvdubnLssuhpdt], baseline, precision 8, 2000x1000, frames 3	#
C:\Users\user\AppData\Local\Temp\imgs\img002.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 624x312, frames 3	#
C:\Users\user\AppData\Local\Temp\imgs\theme.thm	Microsoft OOXML	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\form.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:39 2020, mtime=Tue Jan 28 13:45:39 2020, atime=Mon Feb 17 18:13:23 2020, length=282112, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KJZZRJ5YE23ETZMNYK5Z.temp	data	#