Register Login

sloganpng

top title background image

tripadvisor_hint.xls

Status: finished

Submission Time: 2020-07-23 18:10:04 +02:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
250297
API (Web) ID:
396544
Analysis Started:

2020-07-23 18:14:18 +02:00
Analysis Finished:

2020-07-23 18:28:19 +02:00
MD5:
f4020bb7757a09499282a052482009c1
SHA1:
cbdf36ce6c148b2037df4aa5514fc8f03d49ef85
SHA256:
e2e495aede724729169c83f7ad43d71404753372058fd5002818b11386f5980a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: unknown
	Full Report Management Report IOC Report	malicious Score: 64	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/60

IPs

IP	Country	Detection
104.161.32.117	United States

URLs

Name	Detection
http://104.161.32.117/qTG6Ap4f3MUls5zq.php

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\96330000	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Thu Jul 23 15:15:37 2020, atime=Thu Jul 23 15:15:37 2020, length=12288, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\tripadvisor_hint.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:47 2020, mtime=Thu Jul 23 15:15:37 2020, atime=Thu Jul 23 15:15:37 2020, length=196608, window=hide	#
C:\Users\user\Desktop\69330000	Applesoft BASIC program data, first line number 16	#