Register Login

sloganpng

top title background image

Claim-1763045001-09242021.xls

Status: finished

Submission Time: 2021-09-24 16:27:20 +02:00

Malicious

Exploiter

Evader

Hidden Macro 4.0

Comments

Tags

Details

Analysis ID:
489852
API (Web) ID:
857421
Analysis Started:

2021-09-24 16:27:21 +02:00
Analysis Finished:

2021-09-24 16:46:28 +02:00
MD5:
7a4ee63e2e2aacea7ffa5d4f27261347
SHA1:
c47ebf9357eaa3984e2a977a77469f2097004bda
SHA256:
3776549225fea6c85372989034fb8d4d0d94eeca4ba33e8473d50898afea6533
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

IPs

IP	Country	Detection
190.14.37.173	Panama
51.89.115.111	France
111.90.148.104	Malaysia

URLs

Name	Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://51.89.115.111/44463.6863100694.dat
Click to see the 3 hidden entries
http://190.14.37.173/44463.6863100694.dat
http://servername/isapibackend.dll
http://111.90.148.104/44463.6863100694.dat

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44463.6863100694[1].dat	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44463.6863100694[2].dat	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Fiosa.der	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\Fiosa1.der	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Fiosa2.der	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd	data	#