Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

SecuriteInfo.com.Exploit.Siggen3.10350.15803.xls

Status: finished
Submission Time: 2021-02-20 01:56:41 +01:00
Malicious
Trojan
Spyware
Exploiter
Evader
Hidden Macro 4.0 Trickbot

Comments

Tags

Details

  • Analysis ID:
    355598
  • API (Web) ID:
    613166
  • Analysis Started:
    2021-02-20 02:02:58 +01:00
  • Analysis Finished:
    2021-02-20 02:12:13 +01:00
  • MD5:
    35ca616a3d685b7d1708eb901841879c
  • SHA1:
    b5073681d9bc3885987ee74ec1325d96152c46f0
  • SHA256:
    b9e1d6f26440468f142642382047529f94536f9601f4ffa70917c1b3ccac69e7
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 7/61
malicious
Score: 13/47
malicious

IPs

IP Country Detection
154.0.134.130
 Uganda
123.231.180.130
 Indonesia
190.239.34.181
 Peru
Click to see the 10 hidden entries
45.184.189.34
 Brazil
185.109.54.99
 Ukraine
193.8.194.96
 United Kingdom
116.68.162.92
 Indonesia
94.140.114.136
 Latvia
187.95.136.38
 Brazil
109.69.4.201
 Albania
185.81.0.78
 Italy
95.217.228.176
 Germany
194.5.249.156
 Romania

Domains

Name IP Detection
38.52.17.84.dnsbl-1.uceprotect.net
 0.0.0.0
www.chipmania.it
 0.0.0.0
chipmania.it
 185.81.0.78
Click to see the 5 hidden entries
wtfismyip.com
 95.217.228.176
38.52.17.84.zen.spamhaus.org
 0.0.0.0
38.52.17.84.cbl.abuseat.org
 0.0.0.0
38.52.17.84.b.barracudacentral.org
 0.0.0.0
38.52.17.84.spam.dnsbl.sorbs.net
 0.0.0.0

URLs

Name Detection
http://www.chipmania.it/mails/open.php
https://116.68.162.92:443/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/83/
http://logo.veri
Click to see the 38 hidden entries
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/1/bnfhZJn91PhwAc8eqCIkI2c
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/1/rznnTbpNFJV19x1x/U
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/1/rznnTbpNFJV19x1x/
http://154.0.134.130:443
http://187.95.136.38:443
http://investor.msn.com/
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.%s.comPA
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/64/pwgrab/DEBG//e
http://ocsp.entrust.net0D
http://wtfismyip.com/text
https://secure.comodo.com/CPS0
http://servername/isapibackend.dll
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/1/jvvnxhpdjrND3fPr33rZPHh
http://crl.entrust.net/2048ca.crl0
http://45.184.189.34:443
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/1/rznnTbpNFJV19x1x/o
http://109.69.4.201:443
http://123.231.180.130:443
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/64/pwgrab/DPST//3
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net03
http://116.68.162.92:443
http://crl.use
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/64/pwgrab/DPST//W
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
https://185.109.54.99:447/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/5/pwgrab64/
https://193.8.194.96/rob60/813435_W617601.8B73F080286CDBB0F9B96995D4E87F7B/64/pwgrab/DPST//
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://190.239.34.181:443
http://www.windows.com/pctv.

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History.bak
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak
 SQLite 3.x database, last written using SQLite version 3032001
 #
Click to see the 15 hidden entries
C:\Users\user\BASE.BABAA
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\10[1].jjkes
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\TarE467.tmp
 data
 #
C:\Users\user\Desktop\D3DE0000
 Applesoft BASIC program data, first line number 16
 #
C:\Users\user\AppData\Roaming\QNetMonitor7737977537\en-EN\pwgrab64
 data
 #
C:\Users\user\AppData\Roaming\QNetMonitor7737977537\cn\aexsxmcq.txt
 data
 #
C:\Users\user\AppData\Roaming\QNetMonitor7737977537\SecurityPreloadState.txt
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.Siggen3.10350.15803.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Feb 20 09:03:26 2021, mtime=Sat Feb 20 09:03:39 2021, atime=Sat Feb 20 09:03:39 2021, length=168448, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sat Feb 20 09:03:39 2021, atime=Sat Feb 20 09:03:39 2021, length=8192, window=hide
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 59134 bytes, 1 file
 #
C:\Users\user\AppData\Local\Temp\CabE466.tmp
 Microsoft Cabinet archive data, 59134 bytes, 1 file
 #
C:\Users\user\AppData\Local\Temp\40DE0000
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State.bak
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #