Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

doc_2747.xls

Status: finished
Submission Time: 2020-10-30 22:14:48 +01:00
Malicious
Spreader
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

  • macros
  • xls
  • zloader

Details

  • Analysis ID:
    307780
  • API (Web) ID:
    517352
  • Analysis Started:
    2020-10-30 22:14:49 +01:00
  • Analysis Finished:
    2020-10-30 22:21:45 +01:00
  • MD5:
    f1feb8d03872d302151feadb367272a6
  • SHA1:
    76c87634b9474e7d1a1c3def186b0d5226211063
  • SHA256:
    fa967d25a1edfc762e45199840ff300d1f3ad4dc72bbea6672d90a577bd4de0d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 15/63
malicious
Score: 6/48

IPs

IP Country Detection
104.28.20.225
 United States

Domains

Name IP Detection
freelancer.yoga
 104.28.20.225

URLs

Name Detection
https://freelancer.yoga/wp-index.php
https://freelancer.yoga/
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Click to see the 37 hidden entries
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://joliet.xyz/wp-index.phpN
https://lh3.googleusercontent.com/ogw/default-user=s24
http://ocsp.pki.goog/gts1o1core0
http://investor.msn.com/
http://crl.pki.goog/GTS1O1core.crl0
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.%s.comPA
https://joliet.xyz/wp-index.php
https://freelancer.yoga/wp-index.phpr
http://crl.pki.goog/gsr2/gsr2.crl0?
https://freelancer.yoga/wp-index.php1
https://secure.comodo.com/CPS0
http://servername/isapibackend.dll
http://www.google.co.uk/preferences?hl=en
http://video.google.co.uk/?hl=en&tab=wv
http://pki.goog/gsr2/GTS1O1.crt0
https://www.google.co.uk/intl/en/about/products?tab=wh
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
https://lh3.googleusercontent.com/ogw/default-user=s96
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net03
https://freelancer.yoga/wp-index.php006
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://joliet.xyz/wp-index.phpB
http://www.windows.com/pctv.
http://www.diginotar.nl/cps/pkioverheid0
http://www.google.co.uk/history/optout?hl=en
https://www.google.co.uk/finance?tab=we
http://ocsp.pki.goog/gsr202
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
https://pki.goog/repository/0
https://joliet.xyz/wp-index.phpH
http://schema.org/WebPage

Dropped files

Name File Type Hashes Detection
C:\Users\Public\JfPPt1GD.vbs
 ASCII text, with CRLF, CR line terminators
 #
C:\Users\Public\VhHzFFmk.html
 HTML document, ISO-8859 text, with very long lines
 #
C:\Users\Public\yJt.vbs
 ASCII text, with CRLF line terminators
 #
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Temp\BBCE0000
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sat Oct 31 04:15:37 2020, atime=Sat Oct 31 04:15:37 2020, length=8192, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\doc_2747.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11 2020, mtime=Sat Oct 31 04:15:37 2020, atime=Sat Oct 31 04:15:37 2020, length=55808, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\5CCE0000
 Applesoft BASIC program data, first line number 16
 #
C:\Users\Public\E09C.dat
 ASCII text, with very long lines, with no line terminators
 #