Register Login

sloganpng

top title background image

tender-1235416393.xlsm

Status: finished

Submission Time: 2021-06-22 17:50:15 +02:00

Malicious

Trojan

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
438525
API (Web) ID:
806114
Analysis Started:

2021-06-22 17:51:20 +02:00
Analysis Finished:

2021-06-22 18:03:34 +02:00
MD5:
7b3bc7d505fcb3b4c0b30aeb3ee9d0a1
SHA1:
aea1e832eed27f02e48248cee5334bc1d20f1263
SHA256:
bfe0e882d0ca0fb04757d96181db67c3c5b67e636ac1e92b2d6f6b63e35f0097
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/88

IPs

IP	Country	Detection
192.185.88.195	United States
192.185.112.212	United States

Domains

Name	IP	Detection
corazonarquitectura.com	192.185.88.195
norsecompassgroup.com	192.185.112.212

URLs

Name	Detection
http://servername/isapibackend.dll

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\Desktop\~$tender-1235416393.xlsm	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D413B.png	PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced	#
C:\Users\user\Desktop\92EE0000	data	#
Click to see the 15 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\tender-1235416393.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:18 2020, mtime=Tue Jun 22 23:51:43 2021, atime=Tue Jun 22 23:51:43 2021, length=183962, window=hide	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jun 22 23:51:43 2021, atime=Tue Jun 22 23:51:43 2021, length=12288, window=hide	#
C:\Users\user\AppData\Local\Temp\TarED1F.tmp	data	#
C:\Users\user\AppData\Local\Temp\CabED1E.tmp	Microsoft Cabinet archive data, 60080 bytes, 1 file	#
C:\Users\user\AppData\Local\Temp\51EE0000	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, 60080 bytes, 1 file	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABDBFCB7.png	PNG image data, 490 x 30, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A76CD200.png	PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9268080E.png	PNG image data, 934 x 29, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E32AA01.png	PNG image data, 246 x 108, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\375F21A2.png	PNG image data, 521 x 246, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	#