top title background image
flash

order_07.21.doc

Status: finished
Submission Time: 2021-07-22 10:58:57 +02:00
Malicious
Exploiter
Evader

Comments

Tags

Details

  • Analysis ID:
    452438
  • API (Web) ID:
    820027
  • Analysis Started:
    2021-07-22 11:00:15 +02:00
  • Analysis Finished:
    2021-07-22 11:12:26 +02:00
  • MD5:
    401b19c454075d52bd832725f3c22cfe
  • SHA1:
    088f76c184a0cba673abc41bd5582e4e21672fdd
  • SHA256:
    6b94e6319e46f52058d5f0c1bc07d7e367152e3bb769f2fd1af097914fe64ce3
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 96
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
malicious
Score: 96
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

malicious
Score: 29/60
malicious
Score: 5/35
malicious
Score: 7/46

Domains

Name IP Detection
airloweryd.com
0.0.0.0

URLs

Name Detection
http://airloweryd.com/adda/CzJsZLz8s7e1PAiOuESLghxyuWpr1A46cHBNR/dmIczx3VCKJVxOIM45tzrpZTl8IQ06/ryme
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
Click to see the 9 hidden entries
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.%s.comPA
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://servername/isapibackend.dll
http://investor.msn.com/

Dropped files

Name File Type Hashes Detection
C:\ProgramData\captionEx.hta
HTML document, ASCII text, with very long lines, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\warning[1]
GIF image data, version 89a, 36 x 38
#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\error[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6002BB0F.png
PNG image data, 1022 x 235, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{47D4F006-6281-436E-ADD1-2266A057AE87}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{76C67B44-1352-433D-B760-8C34027C46CD}.tmp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\order_07.21.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Thu Jul 22 17:00:31 2021, length=89257, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\Desktop\~$der_07.21.doc
data
#