top title background image
flash

Fennec Pharma.xlsx

Status: finished
Submission Time: 2020-11-21 00:34:39 +01:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    321368
  • API (Web) ID:
    544537
  • Analysis Started:
    2020-11-21 00:34:40 +01:00
  • Analysis Finished:
    2020-11-21 00:49:02 +01:00
  • MD5:
    a2315b66552273d966bdc8570a6a7208
  • SHA1:
    ad82640b54ce17f43e9df68ebfa700de48df5ef0
  • SHA256:
    8c3a18ce48dbab7971870da260421c03483e279795768bfdeb0ee7dd6079ec2b
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 64
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

malicious

IPs

IP Country Detection
54.84.56.113
United States
52.217.43.14
United States
74.125.140.154
United States
Click to see the 2 hidden entries
45.79.137.127
United States
104.16.19.94
United States

Domains

Name IP Detection
workflowy.com
54.84.56.113
us-east-1.linodeobjects.com
45.79.137.127
s3.amazonaws.com
52.217.43.14
Click to see the 10 hidden entries
stats.l.doubleclick.net
74.125.140.154
cdnjs.cloudflare.com
104.16.19.94
ka-f.fontawesome.com
0.0.0.0
code.jquery.com
0.0.0.0
kit.fontawesome.com
0.0.0.0
js-agent.newrelic.com
0.0.0.0
maxcdn.bootstrapcdn.com
0.0.0.0
jamif-cdn3d.us-east-1.linodeobjects.com
0.0.0.0
bam-cell.nr-data.net
0.0.0.0
stats.g.doubleclick.net
0.0.0.0

URLs

Name Detection
https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html
https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Click to see the 79 hidden entries
https://workflowy.com/s/this-doRoot
https://workflowy-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.htmlRoot
https://promisesaplus.com/#point-54
https://github.com/eslint/eslint/issues/3229
https://promisesaplus.com/#point-57
https://jsperf.com/getall-vs-sizzle/2
https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
https://promisesaplus.com/#point-59
https://code.jquery.com/jquery-3.3.1.js
https://code.jquery.com/jquery-3.1.1.min.js
https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/Z
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI
https://bugs.chromium.org/p/chromium/issues/detail?id=589347
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6
https://drafts.csswg.org/cssom/#resolved-values
https://promisesaplus.com/#point-61
https://promisesaplus.com/#point-64
https://workflowy.com/accounts/password_reset/
https://getbootstrap.com)
https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
https://bugs.chromium.org/p/chromium/issues/detail?id=449857
https://sizzlejs.com/
https://github.com/jquery/sizzle/pull/225
https://jamif-cdn3d.us
https://promisesaplus.com/#point-48
https://workflowy.com/media/i/favicon.ico~
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
https://bugs.webkit.org/show_bug.cgi?id=137337
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
https://stats.g.doubleclick.net/j/collect?
https://jquery.com/
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/r
https://jquery.org/license
https://developer.mozilla.org/en-US/docs/CSS/display
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
https://html.spec.whatwg.org/multipage/forms.html#category-listed
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
https://html.spec.whatwg.org/#strip-and-collapse-whitespace
https://fontawesome.com/license/free
https://bugs.webkit.org/show_bug.cgi?id=29084
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
https://drafts.csswg.org/cssom/#common-serializing-idioms
https://fontawesome.comhttps://fontawesome.comFont
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
https://promisesaplus.com/#point-75
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPInThis
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
https://workflowy.com/media/i/favicon.ico
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPIRoot
https://code.jquery.com/jquery-3.2.1.slim.min.js
https://bugs.jquery.com/ticket/12359
https://jsperf.com/thor-indexof-vs-for/5
http://jquery.org/license
https://bugs.webkit.org/show_bug.cgi?id=136851
https://github.com/twbs/bootstrap/graphs/contributors)
https://kit.fontawesome.com/585b051251.js
https://bugs.jquery.com/ticket/13378
http://opensource.org/licenses/MIT).
http://getfirefox.com
https://bugs.chromium.org/p/chromium/issues/detail?id=470258
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI&Log
https://bugzilla.mozilla.org/show_bug.cgi?id=687787
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
https://bugs.chromium.org/p/chromium/issues/detail?id=378607
https://workflowy.com/referrals/
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
https://github.com/jquery/jquery/pull/557)
https://www.google.%/ads/ga-audiences?
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI
https://ukrainianpolicy.ru/Dee23ope11nov/next.php
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
https://github.com/eslint/eslint/issues/6125
https://fontawesome.com
https://workflowy.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dfce06801e1a85d6d06f1fdd4475dacd[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\signup[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Temp\~DFB1D5C56FF7851F42.TMP
data
#
Click to see the 72 hidden entries
C:\Users\user\AppData\Local\Temp\~DF3768AA9CB305EF1C.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF091722ACA51A2E65.TMP
data
#
C:\Users\user\AppData\Local\Temp\Tar671E.tmp
data
#
C:\Users\user\AppData\Local\Temp\Tar66CE.tmp
data
#
C:\Users\user\AppData\Local\Temp\Cab671D.tmp
Microsoft Cabinet archive data, 58936 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\Cab66CD.tmp
Microsoft Cabinet archive data, 58936 bytes, 1 file
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7187B60E.png
PNG image data, 1420 x 1525, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\1WK6T6E9.txt
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.2.1.slim.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.1.1.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ga[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\document_view.min[1].js
UTF-8 Unicode text, with very long lines, with NEL line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bootstrap.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bootstrap.min[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\adf9fc155506e2fa3fbf[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KVH6AM6A.txt
ASCII text
#
C:\Users\user\Desktop\~$Fennec Pharma.xlsx
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\XLJJ3868.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\XA5F7322.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VTFEJJP0.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\THU81BG5.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RP8HJGZS.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Q0N28S8O.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\P0VR5QOE.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\OKD2JEM2.txt
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\site.min[1].js
UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KIVMU0HH.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\HWA2M6MO.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GNHVW6BT.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FJQJA7G9.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EJ38YTYP.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C08G4TO5.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B8LOWNP4.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3UUPYR02.txt
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Tdcv9KOl0AuohEPI[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\signup[1].htm
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\rC56cpX1uS2qJKOxJ-5Sb8u-[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\login[1].htm
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\favicon[1].ico
PNG image data, 16 x 16, 4-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\eaeea54ab7[2].js
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\eaeea54ab7[1].js
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\css[1].css
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Tdcv9KOl0AuohEPI[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZJH_2F3Xi0SopxxCuN7EKeDY[1].jpg
JPEG image data, baseline, precision 8, 1920x1080, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ABFD1AF3-2BD4-11EB-ADCF-ECF4BBB5915B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9612F053-2BD4-11EB-ADCF-ECF4BBB5915B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MP98E46N\workflowy[1].xml
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
PNG image data, 16 x 16, 4-bit colormap, non-interlaced
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\e42577a28f6c3e306a7f[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58936 bytes, 1 file
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\popper.min[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nr-1184.min[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\jquery-3.3.1[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\free-fa-solid-900[1].eot
Embedded OpenType (EOT), Font Awesome 5 Free Solid family
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\free-fa-regular-400[1].eot
Embedded OpenType (EOT), Font Awesome 5 Free Regular family
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\favicon[1].ico
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, 128x128, 32 bits/pixel
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\eaeea54ab7[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\6f0b670eddaac85c5e4a[1].js
UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\urlblockindex[1].bin
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\reset[1].css
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\print[1].css
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\logo-bullet-lines-blue[1].svg
SVG Scalable Vector Graphics image
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\login[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\free.min[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\free-v4-shims.min[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\eaeea54ab7[1].gif
GIF image data, version 89a, 1 x 1
#