Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Bank Details.xlsx

Status: finished
Submission Time: 2021-04-12 11:24:32 +02:00
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • Hostgator
  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    385368
  • API (Web) ID:
    672834
  • Analysis Started:
    2021-04-12 11:36:43 +02:00
  • Analysis Finished:
    2021-04-12 11:48:24 +02:00
  • MD5:
    c8aa551fd4cc3b5d6e87ea3f025fa6f2
  • SHA1:
    3285390c80ccb179471f31cb4552db8802de518c
  • SHA256:
    d22df2dfcfccf5964421ffbbceee8193dc4b6cb6663ea2a3c9687ca57d6779a5
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 7/37
malicious
Score: 22/29

IPs

IP Country Detection
104.128.125.95
 United States
18.166.77.19
 United States
103.141.138.117
 Viet Nam
Click to see the 6 hidden entries
144.76.242.196
 Germany
104.21.71.76
 United States
52.59.165.42
 United States
34.102.136.180
 United States
3.230.51.235
 United States
198.54.117.212
 United States

Domains

Name IP Detection
www.hostvngiare.com
 104.21.71.76
stdypmrimelimtewsosq.dns.army
 103.141.138.117
dns.95h5cdn.com
 18.166.77.19
Click to see the 12 hidden entries
www.qcmax.com
 104.128.125.95
www.christlicheliebe.net
 144.76.242.196
www.thunderoffroadresort.com
 0.0.0.0
www.18598853855.com
 0.0.0.0
www.starr2021.com
 0.0.0.0
www.stone-master.info
 0.0.0.0
www.playfulpainters.com
 0.0.0.0
www.thesixteenthround.net
 0.0.0.0
gp-usea-elb-13pj8i7f0fbsh-1771787045.us-east-1.elb.amazonaws.com
 3.230.51.235
parkingpage.namecheap.com
 198.54.117.212
playfulpainters.com
 34.102.136.180
fqe.short.gy
 52.59.165.42

URLs

Name Detection
http://www.starr2021.com/aqu2/?NP=FDSTiZqS/7wu56xr5ud1XtYEDVJDcY6JSxG6s2Z614q4ZNLNR7otPveqGH1j6obhpY7v2w==&Yzrt=nN6d4T
http://search.sify.com/
http://search.ebay.it/
Click to see the 97 hidden entries
http://www.univision.com/
http://www.soso.com/
http://www.google.cz/
http://www.google.si/
http://searchresults.news.com.au/
http://search.nifty.com/
http://www.gmarket.co.kr/
http://search.ebay.com/
http://search.yahoo.co.jp/favicon.ico
http://openimage.interpark.com/interpark.ico
http://www.asharqalawsat.com/
http://www.ozu.es/favicon.ico
http://espanol.search.yahoo.com/
http://uk.search.yahoo.com/
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
http://browse.guardian.co.uk/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://busca.buscape.com.br/favicon.ico
http://sads.myspace.com/
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://www.amazon.de/
http://search.seznam.cz/favicon.ico
http://www.news.com.au/favicon.ico
http://ariadna.elmundo.es/
http://www.%s.comPA
http://service2.bfast.com/
http://p.zhongsou.com/favicon.ico
http://search.centrum.cz/favicon.ico
http://www.myspace.com/favicon.ico
http://search.espn.go.com/
http://investor.msn.com/
http://search.ipop.co.kr/favicon.ico
http://search.interpark.com/
http://suche.freenet.de/favicon.ico
http://images.joins.com/ui_c/fvc_joins.ico
http://cgi.search.biglobe.ne.jp/
http://www.tesco.com/
http://www.iask.com/
http://search.orange.co.uk/favicon.ico
http://buscador.terra.es/
http://www.target.com/
http://search.yahoo.co.jp
http://auto.search.msn.com/response.asp?MT=
http://cnweb.search.live.com/results.aspx?q=
http://busca.orange.es/
http://www.ceneo.pl/
http://www.sogou.com/favicon.ico
http://www.windows.com/pctv.
http://search.rediff.com/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://msk.afisha.ru/
http://%s.com
http://image.excite.co.jp/jp/favicon/lep.ico
http://search.ebay.in/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://in.search.yahoo.com/
http://rover.ebay.com
http://fr.search.yahoo.com/
http://asp.usatoday.com/
http://www.ya.com/favicon.ico
http://www.mozilla.com0
http://search.yahoo.com/favicon.ico
http://buscar.ya.com/
http://www3.fnac.com/favicon.ico
http://www.dailymail.co.uk/
http://www.nifty.com/favicon.ico
http://www.rambler.ru/
http://www.mtv.com/
http://search.ebay.de/
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://buscar.ozu.es/
http://search.auction.co.kr/
http://www.google.it/
http://suche.t-online.de/
http://search.centrum.cz/
http://www.cjmall.com/
http://www.priceminister.com/favicon.ico
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://busca.igbusca.com.br/
http://search.about.com/
http://kr.search.yahoo.com/
http://search.chol.com/favicon.ico
http://www.clarin.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://search.naver.com/favicon.ico
http://search.daum.net/
http://www.abril.com.br/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://search.hanafos.com/favicon.ico
http://www.google.ru/
http://search.naver.com/
http://it.search.dada.net/favicon.ico
http://www.etmall.com.tw/favicon.ico

Dropped files

Name File Type Hashes Detection
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
C:\Users\user\AppData\Local\Temp\nsv1FD2.tmp\e4utfxiuc.dll
 PE32 executable (DLL) (console) Intel 80386, for MS Windows
 #
Click to see the 25 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CFFB160.png
 PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\Desktop\~$Bank Details.xlsx
 data
 #
C:\Users\user\AppData\Local\Temp\qmnajxcs95hz
 data
 #
C:\Users\user\AppData\Local\Temp\Tar75AE.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
 data
 #
C:\Users\user\AppData\Local\Temp\Cab75AD.tmp
 Microsoft Cabinet archive data, 58596 bytes, 1 file
 #
C:\Users\user\AppData\Local\Temp\35ab8wlx6zqe82u0
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E71324BD.png
 PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E5A3FE6E.jpeg
 [TIFF image data, big-endian, direntries=4], baseline, precision 8, 396x275, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD1165B5.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DC0841E1.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D971BF97.jpeg
 [TIFF image data, big-endian, direntries=4], baseline, precision 8, 403x242, frames 3
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 58596 bytes, 1 file
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B3BA968B.jpeg
 [TIFF image data, big-endian, direntries=4], baseline, precision 8, 403x242, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AED92384.png
 PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F8D22C5.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7C8CCA5F.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2F0F20D4.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2C080710.png
 PNG image data, 577 x 201, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1FC8BBD1.png
 PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\17154832.jpeg
 [TIFF image data, big-endian, direntries=4], baseline, precision 8, 396x275, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\12DBE4AC.png
 PNG image data, 577 x 201, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
 data
 #