top title background image
flash

INVOICE = 212888585 .xlsx

Status: finished
Submission Time: 2021-09-15 11:35:21 +02:00
Malicious
Trojan
Exploiter
Evader
Nanocore

Comments

Tags

  • xlsx

Details

  • Analysis ID:
    483709
  • API (Web) ID:
    851262
  • Analysis Started:
    2021-09-15 11:56:16 +02:00
  • Analysis Finished:
    2021-09-15 12:10:21 +02:00
  • MD5:
    145e00853b80fb2d97676c4416f984a9
  • SHA1:
    fa80c59ebbafc435e88ffdceae00450b56ec5d48
  • SHA256:
    e9c342550d334bffc58a310997673e24eed03f4d2b9c441dec943b24e7d29d08
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 27/63
malicious
Score: 20/40

IPs

IP Country Detection
103.147.184.84
unknown
136.144.41.96
Netherlands

Domains

Name IP Detection
godisgood1.hopto.org
103.147.184.84

URLs

Name Detection
godisgood1.hopto.org
http://136.144.41.96/HHK.exe
Click to see the 3 hidden entries
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://google.com

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmp3811.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\ALP.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 6 hidden entries
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
Non-ISO extended-ASCII text, with no line terminators
#
C:\Users\user\Desktop\~$INVOICE = 212888585 .xlsx
data
#
C:\Users\user\AppData\Local\Temp\tmp277F.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat
data
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\storage.dat
data
#
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat
ASCII text, with no line terminators
#