Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

ORDER 9387383900.xlsx

Status: finished
Submission Time: 2021-04-12 11:24:31 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    385366
  • API (Web) ID:
    672833
  • Analysis Started:
    2021-04-12 11:33:40 +02:00
  • Analysis Finished:
    2021-04-12 11:41:20 +02:00
  • MD5:
    6cd928e3be0956061f518082a5acb60b
  • SHA1:
    0e377a42bd4197fceb15e458ccfb46445e7f0132
  • SHA256:
    19a975e2303b2394ab8ec3550799702b6a6a1eb166c588e90619e2c117baf73f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 20/60
malicious

IPs

IP Country Detection
198.23.213.61
 United States
208.91.199.225
 United States

Domains

Name IP Detection
us2.smtp.mailhostbox.com
 208.91.199.225

URLs

Name Detection
http://198.23.213.61/rrr.exe
https://bfdUomDwe8FRPCAbrg.com
http://127.0.0.1:HTTP/1.1
Click to see the 12 hidden entries
http://DynDns.comDynDNS
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://us2.smtp.mailhostbox.com
http://www.day.com/dam/1.0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://htJAdA.com
https://api.ipify.org%GETMozilla/5.0
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.ipify.org%
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\rrr[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\Desktop\~$ORDER 9387383900.xlsx
 data
 #
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3CF4807.png
 PNG image data, 294 x 262, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\45AE4F8B.png
 PNG image data, 294 x 262, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C9F6B5.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C21E6C10.jpeg
 gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D0E8725C.jpeg
 gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F3AA532.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
 data
 #