Register Login

sloganpng

top title background image

document-1900770373.xls

Status: finished

Submission Time: 2021-02-21 16:54:12 +01:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
355743
API (Web) ID:
613454
Analysis Started:

2021-02-21 16:54:13 +01:00
Analysis Finished:

2021-02-21 17:04:47 +01:00
MD5:
139a10b28479f4f9e2e4465053e039f8
SHA1:
10251eb69e603ed7259265015b71b1160e3b4a06
SHA256:
ed17094f3e820674c9fa18192292108e8766d28eb0afcc0cf350a44b54196c1d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 96	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

Open Full Report

malicious

Score: 11/83

malicious

IPs

IP	Country	Detection
185.151.30.170	United Kingdom

Domains

Name	IP	Detection
kashful.softwarebd.biz	185.151.30.170
cert.int-x1.letsencrypt.org	0.0.0.0

URLs

Name	Detection
https://kashful.softwarebd.biz/ds/1802.gif
https://kashful.softwarebd.biz/ds/1802.Dc
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Click to see the 9 hidden entries
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://investor.msn.com/
http://cert.int-x1.letsencrypt.org/
http://cps.root-x1.letsencrypt.org0

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 59134 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CD13771E5132C64BEEF257719A4363C4	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
Click to see the 10 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CD13771E5132C64BEEF257719A4363C4	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
C:\Users\user\AppData\Local\Temp\2BBE0000	data	#
C:\Users\user\AppData\Local\Temp\CabD03B.tmp	Microsoft Cabinet archive data, 59134 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\TarD03C.tmp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sun Feb 21 23:54:33 2021, atime=Sun Feb 21 23:54:33 2021, length=8192, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1900770373.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11 2020, mtime=Sun Feb 21 23:54:33 2021, atime=Sun Feb 21 23:54:33 2021, length=90112, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\CBBE0000	Applesoft BASIC program data, first line number 16	#