Register Login

sloganpng

top title background image

PURCHASE ORDER No-17-11-98543.xlsm

Status: finished

Submission Time: 2020-11-18 07:56:17 +01:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
319311
API (Web) ID:
540431
Analysis Started:

2020-11-18 07:56:19 +01:00
Analysis Finished:

2020-11-18 08:03:12 +01:00
MD5:
921ac551fe8d88c2185f39f0e777eabd
SHA1:
40702dc4f773cfa3fcf03c62ec810ba3f5e6b72d
SHA256:
b1660b65514182bf97a767caa264b0500ef14692e69dae6ddca344591e7e016d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 21/72

malicious

Score: 11/48

IPs

IP	Country	Detection
193.106.175.25	Russian Federation

Domains

Name	IP	Detection
gvbmkhvnyib.top	193.106.175.25

URLs

Name	Detection
http://gvbmkhvnyib.top/QtuFGobZaW/conhost.triumphloader
http://4cnx9s25gsvw.top/syZsNnTNps.vx

Dropped files

Name	File Type	Hashes	Detection
C:\ETTER\dAneDFma\conhost.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\conhost[1].triumphloader	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Desktop\~$PURCHASE ORDER No-17-11-98543.xlsm	data	#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\71A94C24.png	PNG image data, 9 x 6, 8-bit colormap, interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A97335D5.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2806x1984, frames 3	#
C:\Users\user\AppData\Local\Temp\68FE0000	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Nov 18 14:56:49 2020, atime=Wed Nov 18 14:56:49 2020, length=16384, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PURCHASE ORDER No-17-11-98543.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Nov 18 14:56:49 2020, atime=Wed Nov 18 14:56:49 2020, length=402957, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\2AFE0000	data	#