Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 88
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
IP | Country | Detection |
---|---|---|
5.100.228.233 | Netherlands | |
80.86.91.27 | Germany | |
46.105.131.65 | France | |
Click to see the 4 hidden entries | ||
77.220.64.37 | Italy | |
192.185.41.153 | United States | |
74.220.219.210 | United States | |
184.171.244.207 | United States |
Name | IP | Detection |
---|---|---|
osmosisecuador.com | 192.185.41.153 | |
bulksms.interweblimited.com | 74.220.219.210 | |
sistacweb.com | 184.171.244.207 |
Name | Detection |
---|---|
https://77.220.64.37/F | |
https://77.220.64.37/H | |
https://outlook.office.com/ | |
Click to see the 97 hidden entries | |
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json | |
https://entitlement.diagnostics.office.com | |
https://77.220.64.37/W | |
https://clients.config.office.net/user/v1.0/android/policies | |
https://77.220.64.37/S | |
https://outlook.office365.com/api/v1.0/me/Activities | |
https://o365auditrealtimeingestion.manage.office.com | |
https://77.220.64.37/? | |
https://77.220.64.37/; | |
https://clients.config.office.net/user/v1.0/ios | |
https://77.220.64.37/O | |
https://77.220.64.37/B | |
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml | |
https://77.220.64.37/3321935-2125563209-4053062332-1002 | |
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios | |
http://weather.service.msn.com/data.aspx | |
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ | |
https://80.86.91.27:3308/raphy | |
https://80.86.91.27:3308/crosoft | |
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json | |
https://graph.windows.net | |
https://5.100.228.233:3389/ES | |
https://5.100.228.233:3389/oft | |
https://5.100.228.233:3389/N | |
https://onedrive.live.com/embed? | |
https://staging.cortana.ai | |
https://visio.uservoice.com/forums/368202-visio-on-devices | |
https://5.100.228.233:3389/P | |
https://api.cortana.ai | |
https://5.100.228.233:3389/Z | |
https://5.100.228.233:3389/X | |
https://skyapi.live.net/Activity/ | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing | |
https://77.220.64.37/l | |
https://messaging.office.com/ | |
https://web.microsoftstream.com/video/ | |
https://devnull.onenote.com | |
https://graph.windows.net/ | |
https://46.105.131.65:1512/la | |
https://77.220.64.37/53321935-2125563209-4053062332-1002 | |
https://77.220.64.37/X | |
https://5.100.228.233:3389/ll | |
https://77.220.64.37/e | |
https://77.220.64.37/b | |
https://77.220.64.37/c | |
https://5.100.228.233:3389/la | |
https://storage.live.com/clientlogs/uploadlocation | |
https://80.86.91.27:3308/H | |
https://80.86.91.27:3308/3 | |
https://80.86.91.27:3308/rX | |
https://80.86.91.27:3308// | |
https://80.86.91.27:3308/0 | |
https://77.220.64.37/si3 | |
https://5.100.228.233:3389/soft | |
https://5.100.228.233:3389/8 | |
https://api.aadrm.com/ | |
https://77.220.64.37/si( | |
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy | |
https://46.105.131.65:1512/ | |
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile | |
https://77.220.64.37/si= | |
https://80.86.91.27:3308/D | |
https://lookup.onenote.com/lookup/geolocation/v1 | |
https://rpsticket.partnerservices.getmicrosoftkey.com | |
https://5.100.228.233:3389/( | |
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ | |
https://cdn.entity. | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr | |
https://autodiscover-s.outlook.com/ | |
https://77.220.64.37/105.131.65/pe | |
https://shell.suite.office.com:1443 | |
https://80.86.91.27:3308/P | |
https://80.86.91.27:3308/( | |
https://api.powerbi.com/v1.0/myorg/groups | |
https://www.odwebp.svc.ms | |
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
https://80.86.91.27:3308/220.64.37 | |
https://77.220.64.37/nd-point: | |
https://80.86.91.27/ | |
https://wus2-000.pagecontentsync. | |
https://store.office.cn/addinstemplate | |
https://officeci.azurewebsites.net/api/ | |
https://tasks.office.com | |
https://80.86.91.27:3308/- | |
https://res.getmicrosoftkey.com/api/redemptionevents | |
https://5.100.228.233:3389/ | |
https://80.86.91.27:3308/rh | |
https://5.100.228.233:3389/D | |
https://5.100.228.233:3389/H | |
https://cr.office.com | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive | |
https://api.microsoftstream.com/api/ | |
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies | |
https://80.86.91.27:3308//x | |
https://80.86.91.27:3308/8 | |
https://77.220.64.37/.( | |
https://5.100.228.233:3389/0 |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\Desktop\~$sample20210111-01.xlsm |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\dvnrlttv[1].zip |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\u8wa3gh[1].zip |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
Click to see the 16 hidden entries | |||
C:\Users\user\AppData\Local\Temp\xnaitann.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\dunjzsby.dll |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\mkmanoo.dll |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd |
data | # | |
C:\Users\user\Desktop\CAF40000 |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC |
Little-endian UTF-16 Unicode text, with CR line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\sample20210111-01.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 06:35:53 2020, mtime=Mon Jan 11 16:34:44 2021, atime=Mon Jan 11 16:34:44 2021, length=52604, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 17:12:41 2019, mtime=Mon Jan 11 16:34:36 2021, atime=Mon Jan 11 16:34:36 2021, length=16384, window=hide | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 58936 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\AAD40000 |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bvw04lh5c[1].htm |
HTML document, ASCII text | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A760AE4.png |
PNG image data, 363 x 234, 8-bit colormap, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\613468AF.emf |
Windows Enhanced Metafile (EMF) image data version 0x10000 | # | |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6EC7F2B2-66F2-402E-AC2F-EE48EA399479 |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # |