top title background image
flash

PO4018308875.doc

Status: finished
Submission Time: 2021-07-22 13:58:32 +02:00
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • doc

Details

  • Analysis ID:
    452509
  • API (Web) ID:
    820086
  • Analysis Started:
    2021-07-22 14:13:52 +02:00
  • Analysis Finished:
    2021-07-22 14:24:27 +02:00
  • MD5:
    1e7bc879d7960afaa08148c635ae534f
  • SHA1:
    e1a0db056bdc1cba07ef43c27a80e5bfd79b4eac
  • SHA256:
    8c4b07ce49252a4ed12ad611a9f8fde65a63fc12368c6726776e86e140d3872e
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 19/46
malicious

IPs

IP Country Detection
185.239.243.112
Moldova Republic of

Domains

Name IP Detection
topv.xyz
185.239.243.112

URLs

Name Detection
http://topv.xyz/princedanx.exe
www.containerflippers.com/np0c/
http://go.microso
Click to see the 1 hidden entries
http://www.opera.com0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\princedanx[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\princedan859323.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\princedan859323.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9B09F78D-537D-406E-B057-1B1541B1D39D}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C67C7B4A-7023-4170-93C2-146687425423}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F7C72BCE-A594-453E-9048-97C10E531855}.tmp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PO4018308875.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Thu Jul 22 20:14:33 2021, length=50939, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\Desktop\~$4018308875.doc
data
#