top title background image
flash

Proof of Delivery_6.xls

Status: finished
Submission Time: 2020-07-06 18:02:20 +02:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Trickbot

Comments

Tags

Details

  • Analysis ID:
    243590
  • API (Web) ID:
    382880
  • Analysis Started:
    2020-07-06 18:03:24 +02:00
  • Analysis Finished:
    2020-07-06 18:10:04 +02:00
  • MD5:
    9a795b2010e83ac940fab1c81a7f6db5
  • SHA1:
    720eb06925f3b4109f250ac7ad69d5e49e301102
  • SHA256:
    23c04fe08bd18d6309e03e6ca11491f829340d73f0ea893c4fafeb697005210a
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: unknown

IPs

IP Country Detection
78.108.216.47
Germany
185.99.2.66
Bosnia and Herzegowina
5.1.81.68
Germany
Click to see the 1 hidden entries
107.161.180.37
United States

Domains

Name IP Detection
unitedyfl.com
107.161.180.37

URLs

Name Detection
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net03
Click to see the 10 hidden entries
https://185.99.2.66/ono54/768287_W617601.443E5E0A119C6C92FFCAA0E06DEDEECD/5/spk//
https://185.99.2.66/ono54/768287_W617601.443E5E0A119C6C92FFCAA0E06DEDEECD/5/spk/
https://185.99.2.66/ono54/768287_W617601.443E5E0A119C6C92FFCAA0E06DEDEECD/5/spk/1
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
http://crl.com
http://crl.comodo.ne
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
http://crl.entrust.net/2048ca.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIEADQ6U\503rockyoustart[1].exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\Documents\RPJbYuR.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58367 bytes, 1 file
#
Click to see the 10 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\814B5C4.png
PNG image data, 947 x 477, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Temp\02030000
data
#
C:\Users\user\AppData\Local\Temp\Cab1436.tmp
Microsoft Cabinet archive data, 58367 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\Tar1437.tmp
data
#
C:\Users\user\AppData\Local\Temp\log8104.tmp
Non-ISO extended-ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Mon Jul 6 15:04:23 2020, atime=Mon Jul 6 15:04:23 2020, length=16384, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Proof of Delivery_6.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:42 2020, mtime=Mon Jul 6 15:04:23 2020, atime=Mon Jul 6 15:04:23 2020, length=395776, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\24030000
Applesoft BASIC program data, first line number 16
#