top title background image
flash

SpecificationX20202611.xlsx

Status: finished
Submission Time: 2020-11-27 08:04:17 +01:00
Malicious
Trojan
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    323613
  • API (Web) ID:
    549002
  • Analysis Started:
    2020-11-27 08:25:51 +01:00
  • Analysis Finished:
    2020-11-27 08:35:43 +01:00
  • MD5:
    8bbf38221e93da549de22199cafb1ece
  • SHA1:
    4d650073a4fd46217e891c94d6eca54644addfb6
  • SHA256:
    1cea11e60bce272e08ef8906924229cc33ba41dc2903ca2c397eb0ca70d85196
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 40/64
malicious
Score: 25/47

IPs

IP Country Detection
128.199.253.44
United Kingdom
50.87.153.103
United States
162.159.136.232
United States

Domains

Name IP Detection
khunnapap.com
128.199.253.44
discord.com
162.159.136.232
fanosethiopiatours.com
50.87.153.103

URLs

Name Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
http://www.%s.comPA
Click to see the 8 hidden entries
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://gorohov.narod.ru/index.htmS
http://fanosethiopiatours.com/components/com_messages/controllers/messages08/Hqfafff
http://gorohov.narod.ru/index.htm
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://rMSjwD.com
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Hqfadrv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lxpo[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\~$SpecificationX20202611.xlsx
data
#
Click to see the 2 hidden entries
C:\Users\Public\name.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\afqH.url
MS Windows 95 Internet shortcut text (URL=<file:\\\C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Hqfadrv.exe>), ASCII text, with CRLF line terminators
#