Register Login

sloganpng

top title background image

Compensation-2100058996-09272021.xls

Status: finished

Submission Time: 2021-09-28 10:17:02 +02:00

Malicious

Trojan

Exploiter

Evader

Hidden Macro 4.0 Qbot

Comments

Tags

Details

Analysis ID:
492061
API (Web) ID:
859631
Analysis Started:

2021-09-28 10:21:25 +02:00
Analysis Finished:

2021-09-28 10:37:07 +02:00
MD5:
4658146f947ea498baaf9cf542ad0fc5
SHA1:
7e5ff8360eba1e466a301e0e562574ae333f7a89
SHA256:
7113398b5e27483757f79c346d4357014e972bb103d0fc8cc03ab2641d51eb8d
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 8/66

IPs

IP	Country	Detection
185.183.96.67	Netherlands
190.14.37.178	Panama
185.250.148.213	Russian Federation

URLs

Name	Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.178/44467.4314974537.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.4314974537[1].dat	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Drezd.red	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd	data	#