Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

7009.xlsx

Status: finished
Submission Time: 2021-12-02 18:57:31 +01:00
Malicious
Trojan
Exploiter
Evader
DBatLoader FormBook

Comments

Tags

  • Formbook
  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    532894
  • API (Web) ID:
    900388
  • Analysis Started:
    2021-12-02 19:32:36 +01:00
  • Analysis Finished:
    2021-12-02 19:47:11 +01:00
  • MD5:
    8305dc6702f80d7ebe34cd8c63297561
  • SHA1:
    db055cce075213d510de5ca9044ea76036dbcd07
  • SHA256:
    9eae576f7ecc05f106a7cfa605b1ca5bcd02c8d1c2c926920c0d7f0cb605b345
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 20/57
malicious
Score: 18/45
malicious

IPs

IP Country Detection
13.250.31.113
 United States
87.98.234.164
 France

Domains

Name IP Detection
urzeczenie.com
 87.98.234.164
www.voucheraja.com
 0.0.0.0
onedrive.live.com
 0.0.0.0
Click to see the 2 hidden entries
www.urzeczenie.com
 0.0.0.0
prigmg.am.files.1drv.com
 0.0.0.0

URLs

Name Detection
http://www.urzeczenie.com/hno0/?mhcd=MR-LdRqXxT7p86&g6A06=gtNg4Bp0cFA4pVLeRD7vodntk6HewgsZ+AnpdRhteKnDm7bsVUj6fD8/RHuCSiZlcACYig==
www.heidecide.xyz/hno0/
http://13.250.31.113/7009/binso.exe
Click to see the 28 hidden entries
https://onedrive.live.com/
https://onedrive.live.com/download?cid=019F6FABB02B7788&resid=19F6FABB02B7788%21112&authkey=AE1p912K
http://crl.entrust.net/2048ca.crl0
https://secure.comodo.com/CPS0
http://ocsp.entrust.net0D
https://prigmg.am.files.1drv.com/y4mwh1Q_kqHdVkzavMrAxJ1wAVvTumvDrRTyon4A-0Nej1qBpoUH6im7VZQh8GfsFzJ
http://www.%s.comPA
http://www.piriform.com/ccleaner
http://investor.msn.com/
https://prigmg.am.files.1drv.com/y4mqjjzWO8S-4gOMPNZjROyLuecmLMO_yUlIbF8EkCZOGaN9ucABdXCb_4exrao8vW7
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.icra.org/vocabulary/.
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
https://prigmg.am.files.1drv.com/
http://treyresearch.net
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.diginotar.nl/cps/pkioverheid0
https://prigmg.am.files.1drv.com/y4mfRNWO7SrNuAYoryEOMK_9RlPbjHtMV-Ced5E-MYQaa4drd6L19k6a-_ziTYMgTYz
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://onedrive.live.com/h
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0
http://wellformedweb.org/CommentAPI/
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com

Dropped files

Name File Type Hashes Detection
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\binso[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\Odhbljup.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
Click to see the 30 hidden entries
C:\Users\user\Desktop\~$7009.xlsx
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF4CA1E5.png
 PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D3862C4C.png
 PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\~DF6138EF3239C89CAA.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFDD0AA16FA1AF46B3.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFEF1C1027FB9769E7.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFFB7AE34A177A8EA8.TMP
 CDFV2 Encrypted
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\1020B0BE.txt
 ASCII text
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\NPAI0NCY.txt
 Unknown
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\OG4AVE13.txt
 Unknown
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SKCEWK32.txt
 ASCII text
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\TMLQ6DN1.txt
 ASCII text
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZVY3IDY2.txt
 ASCII text
 #
C:\Users\user\pujlbhdO.url
 MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\user\\Odhbljup.exe">), ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB79A47F.png
 PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Odhbljupmsgjmlbgxyicvyabvfcycds[1]
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AD1EF474.png
 PNG image data, 338 x 143, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A766E4F6.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A05E2D0E.png
 PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86E287DD.png
 PNG image data, 600 x 306, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7D082F3.png
 PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\628BEF00.png
 PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6037F43A.png
 PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4EC276A2.png
 PNG image data, 600 x 306, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\437E7858.png
 PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\19552301.png
 PNG image data, 130 x 176, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1119DDB7.png
 PNG image data, 338 x 143, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\10F6923B.png
 PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Odhbljupmsgjmlbgxyicvyabvfcycds[1]
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Odhbljupmsgjmlbgxyicvyabvfcycds[2]
 Unknown
 #