top title background image
flash

Results12232021.xls

Status: finished
Submission Time: 2021-12-23 16:58:36 +01:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Dridex

Comments

Tags

  • xls

Details

  • Analysis ID:
    544578
  • API (Web) ID:
    912101
  • Analysis Started:
    2021-12-23 16:58:39 +01:00
  • Analysis Finished:
    2021-12-23 17:09:57 +01:00
  • MD5:
    8d1d1df2277e8730eee7de7fe28f60e1
  • SHA1:
    773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
  • SHA256:
    4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 9/43

IPs

IP Country Detection
185.4.135.27
Greece
85.10.248.28
Germany
80.211.3.13
Italy
Click to see the 2 hidden entries
144.91.122.102
Germany
162.159.135.233
United States

Domains

Name IP Detection
cdn.discordapp.com
162.159.135.233

URLs

Name Detection
https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfri
http://crl.entrust.net/2048ca.crl0
http://servername/isapibackend.dll
Click to see the 22 hidden entries
https://secure.comodo.com/CPS0
http://ocsp.entrust.net0D
http://www.%s.comPA
http://www.baxleystamps.comDVarFileInfo$
https://cdn.discordapp.com/attachments/914827690882781237/923509168294461500/rebXcmuhammadismyfriend
https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.bin
http://investor.msn.com/
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.icra.org/vocabulary/.
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://www.windows.com/pctv.
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
https://cdn.discordapp.com/
https://cdn.discordapp.com/attachments/914827690882781237/923509241996795935/iivKjRymuhammadismyfrie
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com

Dropped files

Name File Type Hashes Detection
C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\Desktop\Results12232021.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1200, Author: Use, Last Saved By: use, Name of Creating Application: Microsof, Create Time/Date: Thu Dec 16 12:07:56 2021, Last Saved Time/Date: Thu Dec 23 11:26: (…)
#
C:\ProgramData\fvfnigger.bin
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\WIvRRHIemuhammadismyfriend[1].bin
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\649C.tmp
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Temp\~DFA61A9980BD8D1A08.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFB260A50E17C248B1.TMP
data
#