top title background image
flash

req.197.xls

Status: finished
Submission Time: 2020-07-06 23:10:20 +02:00
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    243666
  • API (Web) ID:
    383032
  • Analysis Started:
    2020-07-06 23:10:20 +02:00
  • Analysis Finished:
    2020-07-06 23:23:06 +02:00
  • MD5:
    60bc1581aab976eaf42ed45abd83586c
  • SHA1:
    b7f4bdce59281f912f30f2d2d0d117834fd542dc
  • SHA256:
    500df0be11381a913b44a527ab39cbf4a5f8b72994dec3d59c62baf75e9045ca
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 96
System: unknown
malicious
Score: 88
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

IPs

IP Country Detection
172.67.142.204
United States

Domains

Name IP Detection
celltee.xyz
172.67.142.204

URLs

Name Detection
http://schema.org/WebPage

Dropped files

Name File Type Hashes Detection
C:\Users\Public\IInL5.html
HTML document, ASCII text, with very long lines
#
C:\Users\Public\dPaJB.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T2BF62M\2AXFMV01.htm
HTML document, ASCII text, with very long lines
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Temp\81130000
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Mon Jul 6 20:11:28 2020, atime=Mon Jul 6 20:11:28 2020, length=8192, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\req.197.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:44 2020, mtime=Mon Jul 6 20:11:28 2020, atime=Mon Jul 6 20:11:28 2020, length=151552, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\F780R1FI.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\P32UVW95.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\TQ83AWG8.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\YJ0YOI7B.txt
ASCII text
#
C:\Users\user\Desktop\F4130000
Applesoft BASIC program data, first line number 16
#
C:\Users\Public\zY369.txt
ASCII text, with CRLF line terminators
#