Register Login

sloganpng

top title background image

Covid-19 Payroll Tax Adjustment.docx

Status: finished

Submission Time: 2021-04-19 20:40:54 +02:00

Malicious

Evader

Comments

Tags

Details

Analysis ID:
392737
API (Web) ID:
687582
Analysis Started:

2021-04-19 20:41:36 +02:00
Analysis Finished:

2021-04-19 20:54:09 +02:00
MD5:
f78e1a17152954d2c56e3de7f889065f
SHA1:
9ad2cffb62540c6ad60eee087c97cc756949adfd
SHA256:
606e7c0165678adb36211ad727f8d128577a06584034ee39402b9a931f457b06
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 48	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
	Full Report Management Report IOC Report	malicious Score: 48	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

IPs

IP	Country	Detection
18.211.24.111	United States

Domains

Name	IP	Detection
admin.phishproof.com	18.211.24.111

URLs

Name	Detection
https://admin.phishproof.com/af-Dbh8nMk.png

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 58596 bytes, 1 file	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
Click to see the 13 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\af-Dbh8nMk[1].png	PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\af-Dbh8nMk[1].png	PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\102272C3.png	PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BF840B3-025D-4403-9DBE-B492A11253DC}.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A70475F6-E366-40C3-B2E6-22C3DC55A9E1}.tmp	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E42C9A4D-C73B-45F3-859A-E103BFD96442}.tmp	data	#
C:\Users\user\AppData\Local\Temp\CabCF8F.tmp	Microsoft Cabinet archive data, 58596 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\TarCF9F.tmp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Covid-19 Payroll Tax Adjustment.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Tue Apr 20 02:42:34 2021, length=10480, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	data	#
C:\Users\user\Desktop\~$vid-19 Payroll Tax Adjustment.docx	data	#