Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

INV8073565781-20210111319595.xlsm

Status: finished
Submission Time: 2021-01-11 20:46:39 +01:00
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    338240
  • API (Web) ID:
    578374
  • Analysis Started:
    2021-01-11 20:46:41 +01:00
  • Analysis Finished:
    2021-01-11 20:54:15 +01:00
  • MD5:
    9b7c2b0abf5478ef9a23d9a9e87c7835
  • SHA1:
    6931c4b845a8a952699d9cf85b316e3b3d826a41
  • SHA256:
    a463f9a8842a5c947abaa2bff1b621835ff35f65f9d3272bf1fa5197df9f07d0
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 28/63
malicious
Score: 9/28
malicious

IPs

IP Country Detection
5.100.228.233
 Netherlands
80.86.91.27
 Germany
46.105.131.65
 France
Click to see the 2 hidden entries
77.220.64.37
 Italy
198.54.125.162
 United States

Domains

Name IP Detection
wexfashion.com
 198.54.125.162
cdn.digicertcdn.com
 104.18.11.39

URLs

Name Detection
http://wexfashion.com/k04qkvqu.zip
https://77.220.64.37/2
https://46.105.131.65/
Click to see the 29 hidden entries
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://80.86.91.27:3308/
http://investor.msn.com/
https://46.105.131.65:1512/
http://www.%s.comPA
https://77.220.64.37/5
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
https://5.100.228.233/
http://servername/isapibackend.dll
http://crl.entrust.net/2048ca.crl0
http://www.windows.com/pctv.
https://80.86.91.27:3308/H
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.pub.
https://80.86.91.27/xw1
https://80.86.91.27/
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0
https://80.86.91.27:3308/rt
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com
https://5.100.228.233:3389/

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$INV8073565781-20210111319595.xlsm
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\k04qkvqu[1].zip
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\cjrumqtd.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
Click to see the 18 hidden entries
C:\Users\user\AppData\Local\Temp\Cab8641.tmp
 Microsoft Cabinet archive data, 58936 bytes, 1 file
 #
C:\Users\user\Desktop\3DEE0000
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\INV8073565781-20210111319595.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:10 2020, mtime=Tue Jan 12 03:47:45 2021, atime=Tue Jan 12 03:47:54 2021, length=58711, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jan 12 03:47:45 2021, atime=Tue Jan 12 03:47:45 2021, length=16384, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Excel\~ar4A6F.xar
 data
 #
C:\Users\user\AppData\Local\Temp\WER58FA.tmp.WERInternalMetadata.xml
 XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\Tar8642.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
 data
 #
C:\Users\user\AppData\Local\Temp\993414.cvr
 data
 #
C:\Users\user\AppData\Local\Temp\93EE0000
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_6f227b18f49da44a2d1889aa10939f535bdc_0b90bebe\Report.wer
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\88DFF5C3.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2F562CE8.png
 PNG image data, 363 x 234, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 58936 bytes, 1 file
 #