Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

printouts of outstanding as of 01_20_2021.xlsm

Status: finished
Submission Time: 2021-01-20 16:10:16 +01:00
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    342170
  • API (Web) ID:
    586286
  • Analysis Started:
    2021-01-20 16:12:12 +01:00
  • Analysis Finished:
    2021-01-20 16:24:03 +01:00
  • MD5:
    28e9c78dcffb4a80c7bcfcd818791940
  • SHA1:
    0f239865c9e2bdd64d2017c7d26cac19dc7d3cde
  • SHA256:
    09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 16/65
malicious
Score: 5/45
malicious

IPs

IP Country Detection
198.57.200.100
 United States
69.164.207.140
 United States
211.110.44.63
 Korea Republic of
Click to see the 8 hidden entries
194.225.58.214
 Iran (ISLAMIC Republic Of)
185.32.190.115
 Portugal
85.17.252.207
 Netherlands
103.11.153.223
 India
46.28.239.13
 Turkey
192.185.147.185
 United States
132.148.96.144
 United States
64.37.52.138
 United States

Domains

Name IP Detection
bafnabrotherskesarwala.com
 103.11.153.223
salaodigitalautomovel.pt.deve.pt
 185.32.190.115
monitrade.net
 192.185.147.185
Click to see the 5 hidden entries
laureys.be
 85.17.252.207
artec.com.tr
 46.28.239.13
cms.ivpr.org
 64.37.52.138
gastronauts.asia
 132.148.96.144
www.gastronauts.asia
 0.0.0.0

URLs

Name Detection
http://artec.com.tr/xkpffwn.zip
http://laureys.be/uzssv27.rar
http://salaodigitalautomovel.pt.deve.pt/d8ms3mljy.zip
Click to see the 28 hidden entries
http://monitrade.net/h79fwesfe.rar
http://cms.ivpr.org/by9zwa7p1.zip
https://69.164.207.140:3388/
http://crl.entrust.net/2048ca.crl0
http://servername/isapibackend.dll
https://secure.comodo.com/CPS0
http://ocsp.entrust.net0D
http://www.gastronauts.asia/ylztwx.rar
https://211.110.44.63/
https://198.57.200.100/
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://211.110.44.63/h
https://198.57.200.100:3786/
http://bafnabrotherskesarwala.com/ys95lm6k.rar
https://198.57.200.100:3786/hy;R
https://69.164.207.140/q
http://www.diginotar.nl/cps/pkioverheid0
https://69.164.207.140:3388/hy
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://laureys.be/cgi-sys/suspendedpage.cgi
https://194.225.58.214/9
https://211.110.44.63/~
https://194.225.58.214/
http://ocsp.entrust.net03
https://194.225.58.214/5
http://crl.entrust.net/server1.crl0
https://69.164.207.140/
https://211.110.44.63:5353/

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$printouts of outstanding as of 01_20_2021.xlsm
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\ylztwx[1].rar
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\by9zwa7p1[1].zip
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\xkpffwn[1].zip
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\h79fwesfe[1].rar
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\zsijkwsd.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\zlgzuxvz.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\ogsit.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\CabF789.tmp
 Microsoft Cabinet archive data, 58936 bytes, 1 file
 #
C:\Users\user\Desktop\EC1F0000
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\printouts of outstanding as of 01_20_2021.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Jan 20 23:12:58 2021, atime=Wed Jan 20 23:13:00 2021, length=54601, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jan 20 23:12:58 2021, atime=Wed Jan 20 23:12:58 2021, length=8192, window=hide
 #
C:\Users\user\AppData\Local\Temp\TarF78A.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 58936 bytes, 1 file
 #
C:\Users\user\AppData\Local\Temp\780F0000
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C7A618C6.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BCA4260F.png
 PNG image data, 114 x 98, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2F6E8C4.png
 PNG image data, 699 x 298, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\suspendedpage[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #