PR0078966.xlsx

Status: finished

Submission Time: 2021-04-12 11:24:31 +02:00

Malicious

Trojan

Exploiter

Evader

Nanocore

Comments

Details

Analysis ID:
385365
API (Web) ID:
672832
Analysis Started:

2021-04-12 11:30:27 +02:00
Analysis Finished:

2021-04-12 11:39:07 +02:00
MD5:
f5921b095b5db6eaa0cccb1cc9874a5b
SHA1:
db7fec49af3b772abf7ffa409fa186860447f375
SHA256:
5f5ec4a144dce14821a36549141718418145e253974eaae902c8acc73a514839
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 17/59

malicious

Score: 9/48

malicious

IPs

IP	Country	Detection
13.235.115.155	United States
79.134.225.30	Switzerland

Domains

Name	IP	Detection
covid19vaccinations.hopto.org	13.235.115.155
nassiru1155.ddns.net	0.0.0.0

URLs

Name	Detection
nassiru1155.ddns.net
http://covid19vaccinations.hopto.org/nass.exe
79.134.225.30
Click to see the 3 hidden entries
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nass[1].exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\Public\vbc.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\~$PR0078966.xlsx	data	#
Click to see the 31 hidden entries
C:\Users\user\AppData\Roaming\blFUun.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat	ISO-8859 text, with LF, NEL line terminators	#
C:\Users\user\AppData\Local\Temp\tmpE206.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B4DB4F4E.png	PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\SMTP Service\smtpsvc.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\10C739BF.png	PNG image data, 768 x 560, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\119EB898.png	PNG image data, 768 x 560, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1741232F.png	PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2973EFB9.png	PNG image data, 613 x 80, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF452740.jpeg	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 403x242, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED4DB7B.png	PNG image data, 294 x 262, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E259E3DC.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DEC708B4.png	PNG image data, 613 x 80, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB4DF71D.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BF1F9F87.jpeg	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 403x242, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B645F9C3.png	PNG image data, 620 x 392, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B577E266.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 297x206, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4F5A1AF7.png	PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABFED4E2.png	PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A992A851.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1B55BC9.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 440x248, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9070C88C.png	PNG image data, 620 x 392, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8FD63A2D.png	PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\871C60E8.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7B6BD21E.png	PNG image data, 294 x 262, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\77272925.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 297x206, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74B7F433.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 364x117, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F68BF36.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 364x117, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\59667E41.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5773E24A.png	PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\55401A7A.jpeg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 440x248, frames 3	#

PR0078966.xlsx

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

PR0078966.xlsx Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Yara Super Rule creation started

PR0078966.xlsx