FILE_915494026923219.xlsm

Status: finished

Submission Time: 2021-12-02 09:39:13 +01:00

Malicious

Trojan

Exploiter

Evader

Hidden Macro 4.0 Emotet

Comments

Details

Analysis ID:
532440
API (Web) ID:
899966
Analysis Started:

2021-12-02 09:39:14 +01:00
Analysis Finished:

2021-12-02 09:47:26 +01:00
MD5:
9eb8e0e5691ff59e86077c878feabc88
SHA1:
5c1c11b3c2abbf960616710cb780ca3489d64809
SHA256:
91c6ece37265eecefed9274abfacb57b4146166628f04f0674d3f14fc6bb4b09
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 6/93

malicious

Score: 10/45

IPs

IP	Country	Detection
46.55.222.11	Bulgaria
104.251.214.46	United States
158.69.222.101	Canada
Click to see the 27 hidden entries
185.184.25.237	Turkey
58.227.42.236	Korea Republic of
210.57.217.132	Indonesia
203.114.109.124	Thailand
45.142.114.231	Germany
212.237.56.116	Italy
207.38.84.195	United States
176.104.106.96	Serbia
212.237.5.209	Italy
178.79.147.66	United Kingdom
103.8.26.103	Malaysia
41.76.108.46	South Africa
195.154.133.20	France
103.8.26.102	Malaysia
62.209.128.105	Uzbekistan
51.68.175.8	France
50.116.54.215	United States
45.118.135.203	Japan
107.182.225.142	United States
216.158.226.206	United States
103.75.201.2	Thailand
45.118.115.99	Indonesia
81.0.236.90	Czech Republic
138.185.72.26	Brazil
104.245.52.73	United States
110.232.117.186	Australia
212.237.17.99	Italy

Domains

Name	IP	Detection
escapelle.uz	62.209.128.105
www.escapelle.uz	0.0.0.0

URLs

Name	Detection
https://www.escapelle.uz/1
https://www.escapelle.uz/wp-includes/n1vS/D
https://www.escapelle.uz/wp-includes/n1
Click to see the 28 hidden entries
https://www.escapelle.uz/wp-in
https://www.escapelle.uz/w
https://www.escapelle.uz/wp-includ$https://www.escapelle.uz/wp-includes
https://www.escapelle.uz/wp-incl
https://www.escapelle.uz/)
https://www.escapelle.uz/wp-includes/n1vS/
https://www.escapelle.uz/wp-includes/n1vS/a
http://investor.msn.com/
http://crl.entrust.net/2048ca.crl0
http://schemas.openformatrg/package/2006/r
http://www.icra.org/vocabulary/.
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
http://www.windows.com/pctv.
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://schemas.open
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://www.escapelle.u
http://schemas.openformatrg/package/2006/content-t
http://ocsp.entrust.net03
http://schemas.openformatrg/drawml/2006/spreadsheetD
http://crl.entrust.net/server1.crl0
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\gb[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\Desktop\~$FILE_915494026923219.xlsm	data	#
C:\Users\user\besta.ocx	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3326FDF8.png	PNG image data, 1714 x 241, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Temp\B960.tmp	Composite Document File V2 Document, Cannot read section info	#
C:\Users\user\AppData\Local\Temp\~DF331C8CD839ED59BF.TMP	data	#

FILE_915494026923219.xlsm

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

FILE_915494026923219.xlsm Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

FILE_915494026923219.xlsm