case (4335).xls

Status: finished

Submission Time: 2021-01-26 21:25:28 +01:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Details

Analysis ID:
344665
API (Web) ID:
591243
Analysis Started:

2021-01-26 21:34:07 +01:00
Analysis Finished:

2021-01-26 21:41:00 +01:00
MD5:
bf86559630b855e4bf2c54d641147b24
SHA1:
182cbac1bdd020fa5fee6ed9d6a50d1071fbe320
SHA256:
31ea3370ca06a2af45514a59a0ae49dc62ac34bc4dce44402f169a9d6fb93853
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

IPs

IP	Country	Detection
172.67.150.228	United States
104.21.60.169	United States
172.67.200.147	United States
Click to see the 1 hidden entries
104.21.73.69	United States

Domains

Name	IP	Detection
homesoapmolds.com	104.21.60.169
rnollg.com	172.67.150.228
gadgetswolf.com	172.67.200.147
Click to see the 1 hidden entries
govemedico.tk	104.21.73.69

URLs

Name	Detection
https://rnollg.com/kev/scfrd.dll
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
https://govemedico.tk/post.php
Click to see the 25 hidden entries
http://crl.entrust.net/2048ca.crl0
https://homesoapmolds.com/
https://secure.comodo.com/CPS0
https://rnollg.com/kev/scfrd.dll$8
http://ocsp.entrust.net0D
http://wmwifbajxxbcxmucxmlc.com/files/april24.dll~
http://www.%s.comPA
http://investor.msn.com/
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://gadgetswolf.com/post.phpab
http://www.icra.org/vocabulary/.
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://wmwifbajxxbcxmucxmlc.com/files/april24.dll)
https://gadgetswolf.com/f
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.diginotar.nl/cps/pkioverheid0
https://gadgetswolf.com/
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://gadgetswolf.com/post.phpMb
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com
http://www.windows.com/pctv.

Dropped files

Name	File Type	Hashes
C:\ProgramData\formnet.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\scfrd[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\FDDE0000	data	#
Click to see the 9 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jan 27 04:34:42 2021, atime=Wed Jan 27 04:34:42 2021, length=8192, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\case (4335).LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Jan 27 04:34:42 2021, atime=Wed Jan 27 04:34:42 2021, length=99328, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\50PT1LPA.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NZ5UXGF8.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\QUXL3DRG.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Y7E8FGKZ.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Ubc\way.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Desktop\0FDE0000	Applesoft BASIC program data, first line number 16	#

case (4335).xls

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

case (4335).xls Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

case (4335).xls