Register Login

sloganpng

top title background image

AD_loc_cl_6627815.xls

Status: finished

Submission Time: 2020-06-26 16:37:37 +02:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
241741
API (Web) ID:
379204
Analysis Started:

2020-06-26 16:37:38 +02:00
Analysis Finished:

2020-06-26 16:46:28 +02:00
MD5:
d9e421a165315d2d99f7e827a0384b37
SHA1:
1e4d68ce830115798f8164d182d3d47b1c60f441
SHA256:
d09dbd794c373acc722abcff3df66acb8aa0260f099278a271cdf8febb30fce9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: unknown

Third Party Analysis Engines

Open Full Report

malicious

Score: 8/80

IPs

IP	Country	Detection
104.27.154.5	United States
172.67.205.79	United States

Domains

Name	IP	Detection
activediscounts.club	104.27.154.5
hackcheatsonline.club	172.67.205.79

URLs

Name	Detection
https://activediscounts.club/wp-data.php
https://hackcheatsonline.club/wp-data.php
https://github.com/v-ralewa.png?size=32
Click to see the 9 hidden entries
https://github.com/cynlau2020.png?size=32
http://schema.org/BreadcrumbList
https://github.com/MicrosoftDocs/OfficeDocs-OfficeUpdates/issues
http://schema.org/Organization
https://aka.ms/sitefeedback
https://github.com/MicrosoftDocs/OfficeDocs-OfficeUpdates-pr/blob/live/OfficeUpdates/office-MSI-non-
https://support.office.com/article/2ab296f3-7f03-43a2-8e50-46de917611c5
https://github.com/MicrosoftDocs/OfficeDocs-OfficeUpdates-pr/blob/ea2f2ee497d74222046b66bd2655f085da
https://github.com/TimDavenport.png?size=32

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1DBY5YH\office-msi-non-security-updates[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Temp\DDF20000	data	#
C:\Users\user\AppData\Local\Temp\REGA78E.tmp	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators	#
Click to see the 10 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\AD_loc_cl_6627815.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:44 2020, mtime=Fri Jun 26 13:38:22 2020, atime=Fri Jun 26 13:38:22 2020, length=252416, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Fri Jun 26 13:38:22 2020, atime=Fri Jun 26 13:38:22 2020, length=12288, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\83VOYWWA.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\DJ56G7R4.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\MVQKM0CS.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ON60LM65.txt	ASCII text	#
C:\Users\user\Desktop\1FF20000	Applesoft BASIC program data, first line number 16	#
C:\Users\Public\6bpD9.reg	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators	#
C:\Users\Public\zGocdFZ.html	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	#