salvation.docx

Status: finished

Submission Time: 2020-09-24 17:45:03 +02:00

Unknown

Comments

Details

Analysis ID:
289646
API (Web) ID:
474398
Analysis Started:

2020-09-24 17:45:04 +02:00
Analysis Finished:

2020-09-24 17:56:43 +02:00
MD5:
34927f58d0dd1eee5690e9c2d589aece
SHA1:
36d9a81d1ed83115bd21a39494b43f1ad38745e5
SHA256:
d7d827e370737c5962435d75009475b78ec21c14c1bdc8167baa9d7645679f1a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	unknown Score: 1	Error: Incomplete analysis, please check the report for detailed error information System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
	Full Report Management Report IOC Report	unknown Score: 1	Error: Incomplete analysis, please check the report for detailed error information System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

IPs

IP	Country	Detection
104.28.26.108	United States

Domains

Name	IP	Detection
folcenesi.club	104.28.26.108
go.t500track42.com	0.0.0.0

URLs

Name	Detection
https://folcenesi.club/bloger/
http://folcenesi.club/bloger/
https://folcenesi.club/bloger
Click to see the 2 hidden entries
https://folcenesi.club/blogerRoot
http://prismstandard.org/namespaces/prismusagerights/2.1/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3E742551-7EEA-4C35-8799-54095299238F}.tmp	data	#
C:\Users\user\Desktop\~$lvation.docx	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\2MELYPW7.txt	ASCII text	#
Click to see the 21 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex	Little-endian UTF-16 Unicode text, with no line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\salvation.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11 2020, mtime=Wed Aug 26 14:08:11 2020, atime=Thu Sep 24 23:45:31 2020, length=116601, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\~DFD81D001EB7635ED7.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF7273F04BE9DB52B3.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4D57835D18A0E876.TMP	data	#
C:\Users\user\AppData\Local\Temp\msoB951.tmp	GIF image data, version 89a, 15 x 15	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4ABA8187-B28F-4AE5-86AD-026C320EA73C}.tmp	data	#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	PNG image data, 16 x 16, 4-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EAE82ED4.jpg	[TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1541x1233, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\errorPageStrings[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bloger[1].htm	HTML document, ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\bloger[1]	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\urlblockindex[1].bin	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{90C781B4-FEC8-11EA-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B33336E-FEC8-11EA-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B33336C-FEC8-11EA-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#

salvation.docx

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

salvation.docx Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

salvation.docx