Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

MV TRIADES.xlsm

Status: finished
Submission Time: 2021-03-22 15:20:45 +01:00
Malicious
Trojan
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    372951
  • API (Web) ID:
    647945
  • Analysis Started:
    2021-03-22 15:35:13 +01:00
  • Analysis Finished:
    2021-03-22 15:53:26 +01:00
  • MD5:
    f7f66672f19f2dabe4f7269e32eb8540
  • SHA1:
    688ba6fb074142755fecd74056278b145a282f5a
  • SHA256:
    9664740123170b912430759af6cfad9ff784ccd266fe93909022093beff051c7
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 29/65
malicious
Score: 20/47
malicious

IPs

IP Country Detection
198.54.116.63
 United States
172.67.176.78
 United States
107.180.99.252
 United States

Domains

Name IP Detection
smtp.jiratane.com
 198.54.116.63
specfloors.net
 107.180.99.252
liverpoolsupporters9.com
 172.67.176.78

URLs

Name Detection
http://specfloors.net/dev/income.exe
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-6C294B0CA76FD09CC6E09D2031D8695F.html
http://specfloors.net/dev/income.exePE
Click to see the 43 hidden entries
http://specfloors.net/dev/income
http://specfloors.net
http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-
http://liverpoolsupporters9.com
http://jEOkvI.com
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s458/0_WhatsApp-Image-2021-03-
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
http://www.piriform.com/ccleaner
https://api.ipify.org%GETMozilla/5.0
https://i2-prod.live
http://www.%s.comPA
https://oMAWpB8PlZYBRN.org
https://www.liverpool.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish-199590
http://ocsp.entrust.net0D
https://www.liverpool.com/all-about/steven-gerrard
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://secure.comodo.com/CPS0
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://servername/isapibackend.dll
http://crl.entrust.net/2048ca.crl0
http://127.0.0.1:HTTP/1.1
http://www.diginotar.nl/cps/pkioverheid0
http://DynDns.comDynDNS
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s615/1_FreeAgentPlayers.jpg
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s180/1_FreeAgentPlayers.jpg
http://crl.entrust.net/server1.crl0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://ocsp.entrust.net03
http://smtp.jiratane.com
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://www.liverpool.com/liverpool-fc-news/features/
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s220b/0_Salah-Goal-vs-Leeds.jp
http://crl3.dJ
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\tNDFx.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\Desktop\~$MV TRIADES.xlsm
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 58596 bytes, 1 file
 #
Click to see the 7 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #
C:\Users\user\AppData\Local\ConsoleApp1\tNDFx.exe_Url_1w40bkugt4lbn414pfn202m3aujsqqra\7.926.901.773\qf3mddhz.newcfg
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\625B6235.jpg
 PNG image data, 1243 x 610, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FEF21AB2.png
 PNG image data, 225 x 225, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\Cab9934.tmp
 Microsoft Cabinet archive data, 58596 bytes, 1 file
 #
C:\Users\user\AppData\Local\Temp\Tar9935.tmp
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6SFY2ZDAX72H3NDC9G39.temp
 data
 #