spetsifikatsiya.xls

Status: finished

Submission Time: 2021-01-06 09:56:47 +01:00

Malicious

Trojan

Spyware

Exploiter

Evader

Hidden Macro 4.0 Quasar

Comments

Details

Analysis ID:
336545
API (Web) ID:
574974
Analysis Started:

2021-01-06 09:56:48 +01:00
Analysis Finished:

2021-01-06 10:09:56 +01:00
MD5:
2e0819723d50d0b6a2e6ffdb33778e40
SHA1:
329d002fc53f93e92b99dfbc5937412b40fccf93
SHA256:
04ee61f1184be78db3fd78821306e0b81e6dfaff17f6019d76e69237d6133b6a
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 8/59

Open Full Report

malicious

Score: 7/36

malicious

Score: 13/44

IPs

IP	Country	Detection
172.67.8.238	United States
195.191.149.103	Bulgaria
185.157.162.81	Sweden
Click to see the 2 hidden entries
208.95.112.1	United States
37.46.150.139	Moldova Republic of

Domains

Name	IP	Detection
cutt.ly	172.67.8.238
yz.videomarket.eu	185.157.162.81
gtp.bg	195.191.149.103
Click to see the 1 hidden entries
ip-api.com	208.95.112.1

URLs

Name	Detection
http://gtp.bg/opka/iopd/ztyh/nmk/1vrkY2OMQfcfBgx.exe
http://www.piriform.com/ccleaner
http://37.46.150.139/bat/scriptxls_db309dc0-6a94-419d-8933-c37781a53f80_mic2_wddisabler.bat
Click to see the 7 hidden entries
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://www.piriform.com/ccleanerhttp://www.piri
http://gtp.bg/opkl/fioli/zplk/apo/5DVxvgK9jn5gaBl.exe
http://ip-api.com/json/
https://curl.haxx.se/docs/http-cookies.html

Dropped files

Name	File Type	Hashes
C:\Users\user\Documents\pd.bat	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\JrekdQ.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\tmpCF32.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
Click to see the 24 hidden entries
C:\Users\user\AppData\Local\Temp\eyBLwzbrUF1mwXoy.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\ars4t7gFPGrepVgh.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\sp.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\5DVxvgK9jn5gaBl[1].exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\5DVxvgK9jn5gaBl[1].exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\gUuYfpYBjYgU.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\CCDE0000	Applesoft BASIC program data, first line number 16	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Y0IWL9PP10MD7U9YNNWP.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UF448UGC9HH8NS13TMAN.temp	data	#
C:\Users\user\AppData\Roaming\Logs\01-06-2021	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OY5PTG0JO5WWBCHCBZ8W.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DFLQU3YDWIS0DDTFQO4S.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\C46FS22UMOIQN8SC5D58.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\71YY0ZNRPQ4IRKSGGQ82.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\spetsifikatsiya.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Jan 6 16:57:41 2021, atime=Wed Jan 6 16:57:41 2021, length=242176, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jan 6 16:57:41 2021, atime=Wed Jan 6 16:57:41 2021, length=8192, window=hide	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58936 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\tmpC70.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\tmp4F59.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\Tar9A5E.tmp	data	#
C:\Users\user\AppData\Local\Temp\Cab9A5D.tmp	Microsoft Cabinet archive data, 58936 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\1CDE0000	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#

spetsifikatsiya.xls

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

spetsifikatsiya.xls Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

spetsifikatsiya.xls