Register Login

sloganpng

top title background image

Complaint-1091191320-02182021.xls

Status: finished

Submission Time: 2021-02-22 22:42:11 +01:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
356327
API (Web) ID:
614628
Analysis Started:

2021-02-22 22:49:56 +01:00
Analysis Finished:

2021-02-22 23:05:08 +01:00
MD5:
da47abb08bf5ab8ccd6dde8b8395585d
SHA1:
f4ffc845ceb85dee839ac85228ff410d9a01bd33
SHA256:
91b4e89cdfe2e0d0f29642b21d4035ee4201f99e24e5ec841d4c8bb73547cd78
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/37

malicious

Score: 11/29

malicious

IPs

IP	Country	Detection
185.159.153.72	Iran (ISLAMIC Republic Of)
181.88.192.136	Argentina
112.125.131.128	China
Click to see the 2 hidden entries
2.59.117.215	Turkey
192.185.16.95	United States

Domains

Name	IP	Detection
dindorf.com.ar	181.88.192.136
batikentklinik.com	2.59.117.215
chandni.pk	192.185.16.95
Click to see the 2 hidden entries
miaovideo.com	112.125.131.128
7ruzezendegi.com	185.159.153.72

URLs

Name	Detection
http://chandni.pk/cgi-sys/suspendedpage.cgi
http://batikentklinik.com/qtuofsxtov/44249951829861100000.dat
http://7ruzezendegi.com/samsgtlfwzt/44249951829861100000.dat
Click to see the 11 hidden entries
http://7ruzezendegi.com/cgi-sys/suspendedpage.cgi
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://investor.msn.com/
http://chandni.pk/ictrljsfuh/44249951829861100000.dat
http://dindorf.com.ar/ntpnttfypqs/44249951829861100000.dat
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\suspendedpage[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\suspendedpage[1].htm	HTML document, UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\FCCE0000	data	#
Click to see the 6 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Complaint-1091191320-02182021.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Tue Feb 23 05:50:37 2021, atime=Tue Feb 23 05:50:37 2021, length=58880, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Feb 23 05:50:37 2021, atime=Tue Feb 23 05:50:37 2021, length=8192, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\Desktop\8DCE0000	Applesoft BASIC program data, first line number 16	#
C:\Users\user\JDFR.hdfgr1	HTML document, UTF-8 Unicode text, with CRLF line terminators	#
C:\Users\user\JDFR.hdfgr4	HTML document, ASCII text	#