Register Login

sloganpng

top title background image

xls.xls

Status: finished

Submission Time: 2021-09-28 17:53:47 +02:00

Malicious

Trojan

Exploiter

Evader

Hidden Macro 4.0 Qbot

Comments

Tags

Details

Analysis ID:
492442
API (Web) ID:
860015
Analysis Started:

2021-09-28 17:59:03 +02:00
Analysis Finished:

2021-09-28 18:15:40 +02:00
MD5:
170b6a83db1f64901d186eda31962306
SHA1:
9dedf1b8c2af2ea202b62b8c8a07a314f56ca6d5
SHA256:
7afc98f96efa95af64e356e7857d7db38e9d2eb9a0b8cab36acc7f8b96b7f978
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 18/59

IPs

IP	Country	Detection
185.183.96.67	Netherlands
190.14.37.178	Panama
185.250.148.213	Russian Federation

URLs

Name	Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.178/44467.7495993056.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.7495993056[1].dat	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Drezd.red	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd	data	#