top title background image
flash

SecuriteInfo.com.Exploit.Siggen2.37769.10681.xls

Status: finished
Submission Time: 2020-09-16 10:55:10 +02:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Qbot

Comments

Tags

Details

  • Analysis ID:
    286241
  • API (Web) ID:
    467647
  • Analysis Started:
    2020-09-16 10:55:11 +02:00
  • Analysis Finished:
    2020-09-16 11:03:37 +02:00
  • MD5:
    7d79337034644c63459eacc856a78a90
  • SHA1:
    75c24185470bd4fd87f3d92142841e04e25e7bec
  • SHA256:
    317f92579bf03406b4318f8d2b54499872c5134ba4d7432e9297e6d647dc1f90
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 25/68
malicious
Score: 14/29
malicious
malicious

IPs

IP Country Detection
198.71.233.47
United States

Domains

Name IP Detection
oceanbm.ca
198.71.233.47

URLs

Name Detection
http://www.%s.comPA
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
https://sectigo.com/CPS0
Click to see the 6 hidden entries
http://ocsp.sectigo.com0
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://oceanbm.ca/hpplo/555555555.png
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.ip-adress.com
http://www.ip-adress.com?

Dropped files

Name File Type Hashes Detection
C:\Fetil\Giola\ocean.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\555555555[1].png
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Irfqpqn\gurbrup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Temp\ECCE0000
data
#
C:\Users\user\AppData\Roaming\Microsoft\Irfqpqn\gurbrup.dat
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Sep 16 16:55:37 2020, atime=Wed Sep 16 16:55:37 2020, length=16384, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.Siggen2.37769.10681.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 16 16:55:28 2020, mtime=Wed Sep 16 16:55:37 2020, atime=Wed Sep 16 16:55:37 2020, length=114688, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\9DCE0000
Applesoft BASIC program data, first line number 16
#