Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Doc_37584567499454.xlsx

Status: finished
Submission Time: 2021-01-27 19:55:18 +01:00
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    345175
  • API (Web) ID:
    592260
  • Analysis Started:
    2021-01-27 19:55:20 +01:00
  • Analysis Finished:
    2021-01-27 20:06:29 +01:00
  • MD5:
    3cee064f8475688e425d7ade676a1598
  • SHA1:
    bad71a575189539a0c57a78cdd24524fe8a2a845
  • SHA256:
    efcc32d3d6d53019b57fbbf107ab622a6374c8d0816c05d1c7687b57c97152e8
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 7/83
malicious
Score: 11/46
malicious

IPs

IP Country Detection
34.102.136.180
 United States
23.105.124.225
 United States
185.26.106.165
 France
Click to see the 3 hidden entries
100.24.208.97
 United States
198.185.159.144
 United States
52.209.107.24
 United States

Domains

Name IP Detection
epicmassiveconcepts.com
 34.102.136.180
www.alparmuhendislik.com
 23.105.124.225
medicelcoolers.cn
 185.26.106.165
Click to see the 11 hidden entries
brainandbodystrengthcoach.com
 34.102.136.180
www.stattests.com
 0.0.0.0
www.1033325.com
 0.0.0.0
www.brainandbodystrengthcoach.com
 0.0.0.0
www.soundon.events
 0.0.0.0
www.gourmetgroceriesfast.com
 0.0.0.0
www.arb-invest.com
 0.0.0.0
www.epicmassiveconcepts.com
 0.0.0.0
s.multiscreensite.com
 100.24.208.97
dualstack.appdrag-883352178.eu-west-1.elb.amazonaws.com
 52.209.107.24
ext-cust.squarespace.com
 198.185.159.144

URLs

Name Detection
http://www.brainandbodystrengthcoach.com/csv8/?l48tdRq0=4rzgp1jcc8l4Wxs4KztLQnvubqNqMY/2ozhXYXCY6yGJDbul1z8E6+SozVJniMc1Iz21RA==&RF=fra8
http://www.alparmuhendislik.com/csv8/?l48tdRq0=qrM/jq4LcG9rGmd8GV9Oj1wgtu+jolIiSWn3/swEVCZ8jKRp1GYmoG9veOaFoBSGv/vRuA==&RF=fra8
http://medicelcoolers.cn/file2.exe
Click to see the 97 hidden entries
http://www.soundon.events/csv8/?l48tdRq0=f1zFyjN0EmLviNF8fKKCz7YQnzvARTiViS3XLvwk6t41gXJpQ0SRSkWjGn1VRBwYOzEhaA==&RF=fra8
http://www.ozu.es/favicon.ico
http://www.soso.com/
http://www.google.cz/
http://www.google.si/
http://searchresults.news.com.au/
http://search.nifty.com/
http://www.gmarket.co.kr/
http://search.ebay.com/
http://search.yahoo.co.jp/favicon.ico
http://openimage.interpark.com/interpark.ico
http://search.sify.com/
http://www.univision.com/
http://espanol.search.yahoo.com/
http://uk.search.yahoo.com/
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
http://browse.guardian.co.uk/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://busca.buscape.com.br/favicon.ico
http://sads.myspace.com/
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://www.amazon.de/
http://www.tesco.com/
http://ariadna.elmundo.es/
http://www.%s.comPA
http://service2.bfast.com/
http://p.zhongsou.com/favicon.ico
http://search.centrum.cz/favicon.ico
http://www.myspace.com/favicon.ico
http://search.espn.go.com/
http://search.ipop.co.kr/favicon.ico
http://search.interpark.com/
http://suche.freenet.de/favicon.ico
http://search.seznam.cz/favicon.ico
http://cgi.search.biglobe.ne.jp/
http://search.auction.co.kr/
http://www.iask.com/
http://search.orange.co.uk/favicon.ico
http://buscador.terra.es/
http://www.target.com/
http://search.yahoo.co.jp
http://auto.search.msn.com/response.asp?MT=
http://cnweb.search.live.com/results.aspx?q=
http://busca.orange.es/
http://www.asharqalawsat.com/
http://images.joins.com/ui_c/fvc_joins.ico
http://search.ebay.it/
http://asp.usatoday.com/
http://search.rediff.com/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://msk.afisha.ru/
http://%s.com
http://image.excite.co.jp/jp/favicon/lep.ico
http://search.ebay.in/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://in.search.yahoo.com/
http://rover.ebay.com
http://fr.search.yahoo.com/
http://www.ya.com/favicon.ico
http://www.sogou.com/favicon.ico
http://search.yahoo.com/favicon.ico
http://buscar.ya.com/
http://www3.fnac.com/favicon.ico
http://www.dailymail.co.uk/
http://www.nifty.com/favicon.ico
http://www.rambler.ru/
http://www.mtv.com/
http://search.ebay.de/
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://buscar.ozu.es/
http://search.chol.com/favicon.ico
http://www.google.it/
http://suche.t-online.de/
http://search.centrum.cz/
http://www.cjmall.com/
http://www.priceminister.com/favicon.ico
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://busca.igbusca.com.br/
http://search.about.com/
http://kr.search.yahoo.com/
http://www.ceneo.pl/
http://www.clarin.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://search.naver.com/favicon.ico
http://search.daum.net/
http://www.abril.com.br/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://search.hanafos.com/favicon.ico
http://www.google.ru/
http://search.naver.com/
http://it.search.dada.net/favicon.ico
http://www.etmall.com.tw/favicon.ico

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file2[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\tmp4BF0.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\Desktop\~$Doc_37584567499454.xlsx
 data
 #
Click to see the 5 hidden entries
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2524EB81.jpeg
 gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\565D3980.jpeg
 gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D2A0E6BB.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Roaming\VqdYEvk.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #