Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

SecuriteInfo.com.DOC.Kryptik.W.xls

Status: finished
Submission Time: 2020-08-11 21:20:00 +02:00
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    262422
  • API (Web) ID:
    420204
  • Analysis Started:
    2020-08-12 06:02:15 +02:00
  • Analysis Finished:
    2020-08-12 06:08:33 +02:00
  • MD5:
    8b700d7b7db3b85fc73486b9fe02cbda
  • SHA1:
    fcd3c2dc1007d5d6346860b3883ecbdf15c38786
  • SHA256:
    6eea9323d0a2e383b0690af294cbb3ee554886742c34c641cfa3e0c4904d23cd
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
31.170.166.136
 United States

Domains

Name IP Detection
chiarizzimooca-lancamento.com.br
 31.170.166.136

URLs

Name Detection
https://maps.google.ch/maps?hl=de&tab=wl
https://about.google/?utm_source=google-CH&utm_medium=referral&utm_campaign=hp-footer&fg
https://www.youtube.com/?gl=CH&tab=w1
Click to see the 4 hidden entries
https://www.google.ch/intl/de/about/products?tab=wh
https://www.google.ch/imghp?hl=de&tab=wi
http://www.google.ch/history/optout?hl=de
http://schema.org/WebPage

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\KyPjh.vbs
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\brcg1A0.html
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\O6N7JB1W.htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Temp\C1F10000
 data
 #
C:\Users\user\AppData\Local\Temp\JGa.txt
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 19:05:17 2019, mtime=Wed Aug 12 12:03:26 2020, atime=Wed Aug 12 12:03:26 2020, length=12288, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.DOC.Kryptik.W.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 12 12:03:02 2020, mtime=Wed Aug 12 12:03:26 2020, atime=Wed Aug 12 12:03:26 2020, length=257024, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
 Little-endian UTF-16 Unicode text, with CR line terminators
 #
C:\Users\user\Desktop\43F10000
 Applesoft BASIC program data, first line number 16
 #