Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

BankSwiftCopyUSD95000.ppt

Status: finished
Submission Time: 2021-01-13 13:42:32 +01:00
Malicious
Trojan
Exploiter
Evader
AgentTesla

Comments

Tags

  • ppt

Details

  • Analysis ID:
    339086
  • API (Web) ID:
    580083
  • Analysis Started:
    2021-01-13 13:42:35 +01:00
  • Analysis Finished:
    2021-01-13 13:54:17 +01:00
  • MD5:
    7f0b415d0b7a76530b2f510a910811e5
  • SHA1:
    480594ad26c91dd9d719c80334285375540dc83e
  • SHA256:
    8d3e1d1a1775191a33980069f500e37f22bdcd0a1ad3544ab4a9d0a651fbd019
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 22/63
malicious
Score: 10/46
malicious

IPs

IP Country Detection
67.199.248.16
 United States
108.177.127.132
 United States
172.67.219.133
 United States
Click to see the 2 hidden entries
104.18.49.20
 United States
64.188.18.218
 United States

Domains

Name IP Detection
j.mp
 67.199.248.16
paste.ee
 104.18.49.20
blogspot.l.googleusercontent.com
 108.177.127.132
Click to see the 7 hidden entries
ghostbackbone123.blogspot.com
 0.0.0.0
startthepartyup.blogspot.com
 0.0.0.0
backbones1234511a.blogspot.com
 0.0.0.0
mainjigijigi123.blogspot.com
 0.0.0.0
randikhanaekminar.blogspot.com
 0.0.0.0
www.blogger.com
 0.0.0.0
resources.blogblog.com
 0.0.0.0

URLs

Name Detection
https://www.blogger.com/rpc_relay.html
https://www.blogger.com/comment-iframe.g?blogID=9116518222795791100&pageID=8792113328696570758&blogs
https://www.blogger.com/feeds/9116518222795791100/posts/default
Click to see the 97 hidden entries
https://mainjigijigi123.blogspot.com/p/st2222.html...
https://www.blogger.com/share-post.g?blogID=9116518222795791100&pageID=8792113328696570758&target=bl
https://mainjigijigi123.blogspot.com/p/st2222.html
https://pki.goog/repository/0
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://ocsp.pki.goog/gsr202
http://ocsp.pki.goog/gs
https://mainjigijigi123.blogspot.com/feeds/posts/defaultng
https://mainjigijigi123.blogspot.com/p/st2222.htmld
http://pki.goog/gsr2/GTS1O1.crt0
https://www.blogger.com/static/v1/widgets/84067855-widgets.js
https://www.blogger.com/static/v1/jsbin/3767
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.pngx6
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.htmlH
https://mainjigijigi123.blogspot.com/p/----
https://resources.blogblog.com/
https://www.blogger.com/go/blogspot-cookies
https://mainjigijigi123.blogspot.com/feeds/posts/default?alt
https://www.blogger.com/go/devapi
https://mainjigijigi123.blogspot.com/p/st2222.htmlK
https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js
https://resources.blogblog.com/img/widgets/s_bottom.png
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.csscV
https://mainjigijigi123.blogspot.com/p/st2222.htmlw
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js.blogspot.com%2Fp%2Fst2222.
http://crl.entrust.net/2048ca.crl0
https://mainjigijigi123.blogspot.com/p/st2222.htmldnasdjasgdakgsdhv
https://mainjigijigi123.blogspot.com/js/cookienotice.jsA
http://crl.pki.goog/gsr2/gsr2.crl0?
https://mainjigijigi123.blogspot.com/feeds/posts/default?alt=rss
http://www.cookiechoices.org/
https://www.blogger.com/
https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js.cssmV
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.html0E)
https://backbones1234511a.blogspot.com/p/stback1.html
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.cssQV
https://s.ytimg.com
https://randikhanaekminar.blogspot.com/p/st2.htmlC:
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.pngt.co
https://www.blogger.com/go/buzz
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.htmlgspo
https://mainjigijigi123.blogspot.com/p/st2222.htmls
https://mainjigijigi123.blogspot.com/p/st2222.htmlvg
https://www.blogger.com/go/adspersonalization
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png0C;
https://www.blogger.com/static/v1/jsbin/2036001057-lbx__en_gb.js
https://mainjigijigi123.blogs
https://www.blogger.com/comment-iframe.g?blogID=9116518222795791100&pageID=87921133286965707584.0E)
https://www.blogger.com/go/discuss
https://www.youtube.com
https://resources.blogblog.com/img/triangle_ltr.gif)
https://www.blogger.com/img/share_buttons_20_3.pnga
https://www.blogger.com/img/share_buttons_20_3.png
https://mainjigijigi123.blogspot
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png)
https://www.blogger.com/unvisited-link-
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.html$
http://www.diginotar.nl/cps/pkioverheid0
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png).meather)
https://www.blogger.com/page-edit.g?blogID=9116518222795791100&pageID=8792113328696570758&from=penci
https://resources.blogblog.com/img/icon18_wrench_allbkg.pngq
https://resources.blogblog.com/img/icon18_wrench_allbkg.pngk
https://www.blogger.com/share-post.g?blogID=9116518222795791100&pageID=8792113328696570758&target=pi
https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.jsET4.0C;
https://www.blogger.com/go/privacy
https://www.blogger.com
https://mainjigijigi123.blogspot.com/js/cookienotice.jspnga
https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css
https://www.blogger.com/img/share_buttons_20_3.pngx
https://mainjigijigi123.blogspot.com/p/nap
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.html
https://resources.blogblog.com/img/widgets/s_bottom.png)
Https://www.blogger.com/share-post.g?blogID=9116518222795791100&pageID=8792113328696570758&target=pi
https://www.blogger.com/go/contentpolicy
https://www.blogger.com/?tab=jj
http://www.windows.com/pctv.
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.jsC:
https://www.blogger.com/img/share_buttons_20_3.pngcomment_from_post_iframe.jspng
https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js
http://schema.org/BlogPosting
https://www.blogger.com/static/v1/v-css/281434096-static_pages.cssjigi123.blogspot.com%2Fp%2Fst2222.
https://mainjigijigi123.blogspot.com/feeds/posts/default
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://mainjigijigi123.blogspot.com/js/cookienotice.js
https://mainjigijigi123.blogspot.com/js/cookienotice.jsi
https://i18n-cloud.appspot.com
http://crl.pki.goog/GTS1O1core.crl0
https://mainjigijigi123.blogspot.com/p/st2222.htmldnasdja
https://resources.blogblog.com/img/widgets/s_top.png
http://ocsp.pki.goog/gts1o1core0
https://www.blogger.com/img/share_buttons_20_3.pngv
https://mainjigijigi123.blogspot.com/js/cookienotice.jsp

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\icon18_wrench_allbkg[1].png
 PNG image data, 18 x 18, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[3].htm
 gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[4].htm
 gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
 #
Click to see the 42 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\cookienotice[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\error[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\backbone14[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[3].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\error[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\error[2]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\icon18_edit_allbkg[1].gif
 GIF image data, version 89a, 18 x 18
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[2].htm
 gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\maia[1].css
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\share_buttons_20_3[1].png
 PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\st2222[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\stback1[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\BankSwiftCopyUSD95000.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Wed Aug 26 14:08:14 2020, atime=Wed Jan 13 20:43:35 2021, length=104448, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0C80LKLL3RNFORU629R4.temp
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3U3Q2FM73WBY1UE104TU.temp
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J8I74OU51TKSDH4DLI8O.temp
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K99IMC5JY7YG7OEZH6Y6.temp
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\cookienotice[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\3101730221-analytics_autotrack[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\376796862-ieretrofit[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\84067855-widgets[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\body_gradient_tile_light[1].png
 PNG image data, 10 x 10, 1-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cookienotice[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cookienotice[2].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\error[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\gradients_light[1].png
 PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\3858658042-comment_from_post_iframe[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\blogin[1].htm
 gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\281434096-static_pages[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\cookienotice[2].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\css[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dbgghasdnasdjasgdakgsdhv[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\error[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\error[2]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ghostbackup13[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\st2[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\3416767676-css_bundle_v2[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\84067855-widgets[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[1].htm
 gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
 #