Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 84
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
malicious
Score: 92
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
IP | Country | Detection |
---|---|---|
190.14.37.101 | Panama | |
185.138.164.244 | Germany | |
185.81.114.236 | United Kingdom |
Name | Detection |
---|---|
http://185.138.164.244/ | |
https://substrate.office.comc | |
https://login.windows.net/common/oauth2/authorizeb | |
Click to see the 97 hidden entries | |
https://outlook.office.comR87 | |
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml | |
https://onedrive.live.com/embed?Z | |
https://outlook.office365.com/autodiscover/autodiscover.jsonsP | |
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios | |
https://substrate.office.comP | |
http://weather.service.msn.com/data.aspx | |
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingMBI_SSL_SHORTssl. | |
http://190.14.37.101/A | |
https://ncus.contentsync. | |
https://login.windows.net/common/oauth2/authorized | |
https://login.windows.net/common/oauth2/authorizeize) | |
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json | |
https://login.microsoftonline.com/z | |
https://management.azure.comh | |
https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord? | |
http://190.14.37.101/53321935-2125563209-4053062332-1002y | |
https://api.addins.store.officeppe.com/addinstemplatebW | |
https://graph.windows.net | |
https://api.addins.store.officeppe.com/addinstemplate | |
https://web.microsoftstream.com/video/ | |
https://api.powerbi.com/v1.0/myorg/groups | |
https://clients.config.office.net/user/v1.0/android/policies | |
https://sr.outlook.office.net/ws/speech/recognize/assistant/workU | |
https://login.windows.net/common/oauth2/authorizeK | |
https://outlook.office.com/ | |
https://login.windows.net/common/oauth2/authorizeI | |
https://login.mcro | |
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json | |
https://login.windows.net/common/oauth2/authorizeH | |
https://login.windows.net/common/oauth2/authorizeW | |
https://login.windows.net/common/oauth2/authorizeV | |
https://entitlement.diagnostics.office.com | |
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json$ | |
https://login.windows.net/common/oauth2/authorizeS | |
https://wus2.contentsync. | |
https://login.windows.net/common/oauth2/authorizeQ | |
https://login.windows.net/common/oauth2/authorizeP | |
https://api.addins.omex.office.net/appstate/queryEX | |
https://outlook.office365.com/api/v1.0/me/Activities | |
https://o365auditrealtimeingestion.manage.office.com | |
https://analysis.windows.net/powerbi/api8 | |
https://login.windows.net/common/oauth2/authorizeX | |
https://login.windows.net/common/oauth2/authorizeg | |
https://sr.outlook.office.net/ws/speech/recognize/assistant/workO | |
https://clients.config.office.net/user/v1.0/ios | |
https://www.odwebp.svc.ms | |
http://185.81.114.236/5563209-4053062332-1002 | |
https://login.windows.net/common/oauth2/authorizeRZ | |
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeform | |
https://login.windows.net/common/oauth2/authorize:UL | |
http://185.81.114.236/44532.8765170139.dat_ | |
https://clients.config.office.net/Aj | |
https://login.wind | |
https://api.aadrm.com/ | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrMBI_SSL_SHORTssl. | |
http://190.14.37.101/44532.8765170139.datc | |
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy | |
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile | |
http://schemas.open | |
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies | |
https://login.windows.net/common/oauth2/authorizerX | |
https://lookup.onenote.com/lookup/geolocation/v1 | |
https://rpsticket.partnerservices.getmicrosoftkey.com | |
https://login.m | |
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/ | |
https://cdn.entity. | |
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspee | |
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr | |
https://graph.ppe.windows.net/w6 | |
https://autodiscover-s.outlook.com/ | |
https://substrate.office.comI9 | |
https://tasks.office.com | |
https://substrate.office.coml | |
https://loki.delve.office.com/api/v1/configuration/officewin32/% | |
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech | |
https://outlook.office365.com/B | |
https://graph.windows.net/ee | |
https://login.windows.net/common/oauth2/authorizepZ | |
https://login.windows.net/common/oauth2/authorize& | |
https://store.office.cn/addinstemplate | |
https://login.windows.net/common/oauth2/authorize# | |
https://api.microsoftstream.com/api/Wk | |
https://officeci.azurewebsites.net/api/ | |
https://shell.suite.office.com:1443 | |
https://res.getmicrosoftkey.com/api/redemptionevents | |
https://login.windows.net/common/oauth2/authorizecome | |
https://login.windows.net/common/oauth2/authorizesY | |
http://190.14.37.101/44532.8765170139.datO | |
https://login.windows.net/common/oauth2/authorize;Vs | |
https://api.powerbi.com/v1.0/myorg/groupsH | |
https://cr.office.com | |
http://190.14.37.101/44532.8765170139.datS | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive | |
https://api.microsoftstream.com/api/ | |
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\Desktop\ComplaintDetails-1244065104-Nov-17.xlsb (copy) |
Microsoft Excel 2007+ | # | |
C:\Users\user\Desktop\~$ComplaintDetails-1244065104-Nov-17.xlsb |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\630E636C-6B0C-44EA-BF33-295CC8DCC16C |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
Click to see the 3 hidden entries | |||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\227F60C2.jpg |
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1098x988, frames 3 | # | |
C:\Users\user\Desktop\74E50000 |
Microsoft Excel 2007+ | # | |
C:\Users\user\Desktop\74E50000:Zone.Identifier |
ASCII text, with CRLF line terminators | # |