document-1771131239.xls

Status: finished

Submission Time: 2021-04-04 02:09:11 +02:00

Malicious

Trojan

Exploiter

Evader

Hidden Macro 4.0 Ursnif

Comments

Details

Analysis ID:
381643
API (Web) ID:
665428
Analysis Started:

2021-04-04 02:32:15 +02:00
Analysis Finished:

2021-04-04 02:42:16 +02:00
MD5:
b058594669b275d186207929b4b32eeb
SHA1:
f48e30b9e13cec95978232da40f1d2c279e91191
SHA256:
00a55a2ef2774d581e152e154a34e07fb231a4d5f0fc17a3cb1726fa02843243
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 26/60

Open Full Report

malicious

Score: 7/37

malicious

Score: 8/43

IPs

IP	Country	Detection
185.243.114.196	Netherlands
192.185.129.4	United States
185.186.244.95	Netherlands
Click to see the 4 hidden entries
207.174.213.126	United States
162.241.62.4	United States
5.100.155.169	United Kingdom
198.50.218.68	Canada

Domains

Name	IP	Detection
urs-world.com	185.186.244.95
accesslinksgroup.com	192.185.129.4
under17.com	185.243.114.196
Click to see the 5 hidden entries
mundotecnologiasolar.com	162.241.62.4
ponchokhana.com	5.100.155.169
vts.us.com	207.174.213.126
comosairdoburaco.com.br	198.50.218.68
login.microsoftonline.com	0.0.0.0

URLs

Name	Detection
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
http://investor.msn.com
Click to see the 10 hidden entries
http://urs-world.com/joomla/DzJ1zVBWb/1fmYW7HPNqRQhz6Za_2F/CEQgEHh67hkPdvwOSdi/nEqyJXm1CwTWVs2C
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://investor.msn.com/
http://urs-world.com/joomla/DzJ1zVBWb/1fmYW7HPNqRQhz6Za_2F/CEQgEHh67hkPdvwOSdi/nEqyJXm1CwTWVs2C_2Fr_2/BvjUBKxN9qSpN/cMrTRJ9N/ryJsB4qGY2XHLtxrLDi6xNR/Qw5QsDCu2a/1byqzLlxunqNEdxwm/2jiPBdqZB0a1/q3egY2VhZv3/_2B8x5gL2kXG3P/aL1YXODRbtNtTkBrj3PS7/G.akk
http://urs-world.com/joomla/nFzk0Q7K/E1_2F1CEOHcU967kDpuCuCt/FPWRV6etYO/3uHaVD2_2B5fz4cnT/KUnSOvHj3DDx/LEjym6jOHzl/FeVIuhKblVVnxm/VI6rPV0WA0nCSJBKKjggZ/tlqJBc8y5_2Bbir_/2BCa9ubsQQgGaAg/T_2BNOyNXybfs33Qg4/rm7s6e4PI/6eyckn37N5jlypeo4jei/kAPiG95T_2BrCVeX6k0/F0E8zUcKkiS/aU.akk
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://urs-world.com/joomla/3aDSi90Odm4t/ZQseS7mEKQ6/SSE8Q3crCb0l7w/wIvpan0x1HXuZM3ORESMa/ajJiFPV258iNRovg/KQl9frzLJWGuawc/zcW8IHCp_2F8n02ZSX/SkuilVzI4/iu_2BjoqlDfmKu_2BuVf/kGitIl_2Bi7_2Fz9R6X/Y0sd4k8W3UrfPrzXwVLvdK/7G4iHN0OcM5_2/FPqyROS_/2BKDOK08.akk
http://urs-world.com/favicon.ico

Dropped files

Name	File Type	Hashes
C:\Users\user\fikftkm.thj2	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\fikftkm.thj	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\0104[1].gif	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 68 hidden entries
C:\Users\user\AppData\Local\Temp\~DF7CF03B8C0F417635.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\aU[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Temp\~DF56A129262371E0A4.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF41F1857FFE330BCF.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF2ABEE36455B94053.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0F9755593861B3EA.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0D3E41F0F821E6BD.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0AFF9FFD650E40F3.TMP	data	#
C:\Users\user\AppData\Local\Temp\TarCD50.tmp	data	#
C:\Users\user\AppData\Local\Temp\CabCD4F.tmp	Microsoft Cabinet archive data, 58596 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\05CE0000	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\urlblockindex[1].bin	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\th[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1920x1080, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bLULVERLX4vU6bjspboNMw9vl_0.gz[1].js	very short file (no magic)	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\6sxhavkE4_SZHA_K4rwWmg67vF0.gz[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6PRKYCQ0.txt	ASCII text	#
C:\Users\user\Desktop\D5CE0000	Applesoft BASIC program data, first line number 16	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UIKK4OT4.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RYK07S53.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\N904USWI.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\J31WUCBG.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FO92LQA2.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\D3LSEQT1.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B711W0F3.txt	ASCII text	#
C:\Users\user\AppData\Local\Temp\~DFFB4690FF7436F266.TMP	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\6AQYXAJN.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\460PAFDF.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\2SCY25TS.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\14HKUKTQ.txt	ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1771131239.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Sun Apr 4 08:32:35 2021, atime=Sun Apr 4 08:32:36 2021, length=185344, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sun Apr 4 08:32:35 2021, atime=Sun Apr 4 08:32:35 2021, length=12288, window=hide	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D6695D0-9529-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\NGDGShwgz5vCvyjNFyZiaPlHGCE.gz[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\HdepnBaFj-yarvouFUIlfV4Q9D8.gz[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7092823-9528-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCF30F4A-9528-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D6695D2-9529-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D6695CE-9529-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7092821-9528-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCF30F48-9528-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D6695CC-9529-11EB-ADCF-ECF4BBB5915B}.dat	Microsoft Word Document	#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ULJCe4CXM2DCjZgELMGm2K4PcPo[1].png	PNG image data, 1642 x 116, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58596 bytes, 1 file	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\hsq54HXv3E6bOWi_58PaE6vwTYM.gz[1].js	exported SGML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\favicon[1].ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\suspendedpage[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\MstqcgNaYngCBavkktAoSE0--po.gz[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JDHEvZVDnqsG9UcxzgIdtGb6thw.gz[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\5rqGloMo94v3vwNVR5OsxDNd8d0[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\4JDAW1W1.htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\2BKDOK08[1].htm	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#

document-1771131239.xls

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

document-1771131239.xls Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

document-1771131239.xls