Register Login

sloganpng

top title background image

Compensation-1214892625-09272021.xls

Status: finished

Submission Time: 2021-09-28 13:15:00 +02:00

Malicious

Trojan

Exploiter

Evader

Hidden Macro 4.0 Qbot

Comments

Tags

Details

Analysis ID:
492195
API (Web) ID:
859764
Analysis Started:

2021-09-28 13:15:22 +02:00
Analysis Finished:

2021-09-28 13:32:17 +02:00
MD5:
cbf2562df8735334741b3de3ef9a0362
SHA1:
db3bff7a0edc4dd7e3f4915dc36888f3be97c814
SHA256:
1b663952d7fa9e49cd53878bfddf2e2906788cbc7394b081e0fea52efd1fb6d1
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious

Score: 5/45

IPs

IP	Country	Detection
185.183.96.67	Netherlands
190.14.37.178	Panama
185.250.148.213	Russian Federation

URLs

Name	Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.178/44467.5523376157.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.5523376157[1].dat	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Drezd.red	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd	data	#