Register Login

sloganpng

top title background image

gn1Th9mFq8.xls

Status: finished

Submission Time: 2020-07-06 08:22:27 +02:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
243456
API (Web) ID:
382609
Analysis Started:

2020-07-06 08:24:06 +02:00
Analysis Finished:

2020-07-06 08:34:52 +02:00
MD5:
7bb9919cc3d3489f02a026ee1ad00d3f
SHA1:
ffc2d1e999828944f1decda05e64d2597e3952e8
SHA256:
18fb913018bc2522797135829d06b00c12f76f5a9dd80e3150c3e999ed5e5dd0
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 60	System: unknown
	Full Report Management Report IOC Report	malicious Score: 56	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

IPs

IP	Country	Detection
185.220.34.93	Russian Federation

Domains

Name	IP	Detection
line.winneratlaw.com	185.220.34.93

URLs

Name	Detection
http://line.winneratlaw.com/setup.exe

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\21430000	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Mon Jul 6 05:25:39 2020, atime=Mon Jul 6 05:25:39 2020, length=12288, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\gn1Th9mFq8.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:46 2020, mtime=Mon Jul 6 05:25:39 2020, atime=Mon Jul 6 05:25:39 2020, length=157184, window=hide	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\C2430000	Applesoft BASIC program data, first line number 16	#