Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

RPM.xlsx

Status: finished
Submission Time: 2021-09-27 15:27:45 +02:00
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    491441
  • API (Web) ID:
    859007
  • Analysis Started:
    2021-09-27 15:38:47 +02:00
  • Analysis Finished:
    2021-09-27 15:52:42 +02:00
  • MD5:
    eaa0090a7f7c6f995a4ff9b84410ef81
  • SHA1:
    82198ab187a84b7a90ae83d57bfddd3c3acaafbc
  • SHA256:
    a81768982216ba95346c4a6eb0a591e71ab952b187565aef82331e8bb60851ea
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 19/58
malicious
Score: 13/45

IPs

IP Country Detection
23.95.13.176
 United States
203.170.129.2
 Thailand
107.187.86.150
 United States
Click to see the 2 hidden entries
209.17.116.163
 United States
204.141.43.204
 United States

Domains

Name IP Detection
www.floridawp.com
 107.187.86.150
www.viscoent.online
 209.17.116.163
www.meta-bot.xyz
 203.170.129.2
Click to see the 3 hidden entries
www.dermaqueeniran.com
 0.0.0.0
www.atelifer.com
 0.0.0.0
zhs.zohosites.com
 204.141.43.204

URLs

Name Detection
http://www.meta-bot.xyz/scb0/?Fd=BfSM6E5FO5mfZBpeeQrV1vQh+D95EOiFfI1FDjk8ynIPzfiNz31eNoHs9fDCzXb1/NDphw==&w6AxuD=NpI8gJ
www.vetpipes.com/scb0/
http://23.95.13.176/rpm/vbc.exe
Click to see the 58 hidden entries
http://www.viscoent.online/scb0/?Fd=L8pgukv0AuVDNAdjNh2AJGutMHnCfg3bCrFlNw+YyifAdhr3mrIeLuq3PR+hiDkJiRhf3g==&w6AxuD=NpI8gJ
http://www.atelifer.com/scb0/?Fd=mwRuPibKyw2L8cALxBov5M1LiNVIxoe3TesDkz/iiiM8SziCnVEVET/qb0i1hxI+nmTWCA==&w6AxuD=NpI8gJ
http://www.floridawp.com/scb0/?Fd=9/BqtxNO8SZEigUgjw/jJ2i6+zR3ejBZmh2LifaRE3cbasx521HSBMlSKzI9uLCsk85EYQ==&w6AxuD=NpI8gJ
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
https://twitter.com/hanalen_
https://api.twitter.com/1.1/statuses/mentions_timeline.json
https://twitter.com/Dalsae_info
https://userstream.twitter.com/1.1/user.json
https://twitter.com/
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
https://api.twitter.com/1.1/statuses/user_timeline.jsonwhttps://api.twitter.com/1.1/account/verify_c
https://api.twitter.com/1.1/statuses/update.json
https://api.twitter.com/1.1/users/lookup.json
http://wellformedweb.org/CommentAPI/
http://java.sun.com
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://api.twitter.com/1.1/statuses/show.json
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://www.piriform.com/ccleaner
https://api.twitter.com/1.1/favorites/create.json
https://api.twitter.com/oauth/authorize?oauth_token=
https://support.mozilla.org
https://api.twitter.com/1.1/direct_messages.json
https://api.twitter.com/1.1/friends/ids.json
https://api.twitter.com/1.1/favorites/list.json
https://api.twitter.com/1.1/statuses/home_timeline.jsonahttps://upload.twitter.com/1.1/media/upload.
https://api.twitter.com/oauth/request_token
http://www.icra.org/vocabulary/.
http://kr.battle.net/heroes/ko/?https://twitter.com/Dalsae_info9https://twitter.com/hanalen_
https://api.twitter.com/1.1/friendships/no_retweets/ids.json
https://pbs.twimg.com/media/
http://kr.battle.net/heroes/ko/
http://www.iis.fhg.de/audioPA
https://api.twitter.com/1.1/friendships/update.json
https://api.twitter.com/1.1/blocks/create.json
https://api.twitter.com/1.1/blocks/ids.json
https://api.twitter.com/1.1/statuses/unretweet/
http://treyresearch.net
https://api.twitter.com/1.1/statuses/user_timeline.json
https://upload.twitter.com/1.1/media/upload.json
https://api.twitter.com/1.1/statuses/unretweet/whttps://api.twitter.com/1.1/statuses/mentions_timeli
https://api.twitter.com/1.1/account/verify_credentials.json
http://www.msnbc.com/news/ticker.txt
https://api.twitter.com/oauth/access_token
http://investor.msn.com/
https://api.twitter.com/1.1/favorites/destroy.json
https://api.twitter.com/1.1/statuses/retweet/
https://api.twitter.com/1.1/statuses/destroy/
https://api.twitter.com/1.1/statuses/home_timeline.json
http://computername/printers/printername/.printer
http://www.%s.comPA
http://www.autoitscript.com/autoit3
http://servername/isapibackend.dll
https://api.twitter.com/1.1/friends/list.json
http://www.windows.com/pctv.
https://api.twitter.com/1.1/direct_messages.jsonyhttps://api.twitter.com/1.1/friendships/no_retweets
http://investor.msn.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\Desktop\~$RPM.xlsx
 data
 #
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\19162964.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2561F215.png
 PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5CE7E12F.png
 PNG image data, 484 x 544, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7D72DE31.png
 PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\907AA912.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B859C1EB.png
 PNG image data, 484 x 544, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D625CE7E.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E0181866.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FC57AF0.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
 #