top title background image
flash

HME AG PO 2091.xlsx

Status: finished
Submission Time: 2022-01-14 08:00:24 +01:00
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • xlsx

Details

  • Analysis ID:
    553050
  • API (Web) ID:
    920572
  • Analysis Started:
    2022-01-14 08:03:53 +01:00
  • Analysis Finished:
    2022-01-14 08:14:43 +01:00
  • MD5:
    29ee298412e6d2cb968a883563837cbe
  • SHA1:
    7ed1c5713ba7ff23e36fecdedb0f0c012f6c647b
  • SHA256:
    22355ce0bfc092836a0d62f6cbb54d03aa6fb26091ecd1907922fb9f6e0d0880
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 26/61
malicious
Score: 18/43
malicious

IPs

IP Country Detection
23.227.38.74
Canada
91.203.68.162
Latvia
198.54.117.212
United States

Domains

Name IP Detection
rfr.lt
91.203.68.162
shops.myshopify.com
23.227.38.74
www.hydrogendatapower.com
0.0.0.0
Click to see the 2 hidden entries
www.ponto-bras.space
0.0.0.0
parkingpage.namecheap.com
198.54.117.212

URLs

Name Detection
http://www.ponto-bras.space/nk6l/?f4=dUEi0UXeDjZ3satn024Wp6SV8B9ayfLzJlVAsh/H0s9uKTFfRfoB4Zp7QfR2IB/+as7LEQ==&9r7t=5jSPntk89D
www.rthearts.com/nk6l/
http://rfr.lt/ctf.exe
Click to see the 26 hidden entries
http://www.hydrogendatapower.com/nk6l/?f4=mG3MZX+V/2vUvLkm+jLYc6BPCVMMOHSbAyziOVKuBi9N3RYpJJdcI8Zb3DbFfMMicqDibw==&9r7t=5jSPntk89D
http://java.sun.com
http://servername/isapibackend.dll
https://support.mozilla.org
http://www.autoitscript.com/autoit3
http://www.%s.comPA
http://computername/printers/printername/.printer
http://www.piriform.com/ccleaner
http://investor.msn.com/
http://www.piriform.com/ccleanerK
http://www.piriform.com/ccleanerhttp://www.piriform.com/cclea
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://nsis.sf.net/NSIS_Error
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.icra.org/vocabulary/.
http://www.windows.com/pctv.
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://treyresearch.net
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://nsis.sf.net/NSIS_ErrorError
http://www.mozilla.com0
http://www.iis.fhg.de/audioPA
http://wellformedweb.org/CommentAPI/
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ctf[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\AppData\Local\Temp\nskF75C.tmp\mtmmtvzho.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\word.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
Click to see the 6 hidden entries
C:\Users\user\Desktop\~$HME AG PO 2091.xlsx
data
#
C:\Users\user\AppData\Local\Temp\5C24.tmp
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Temp\nskF75B.tmp
data
#
C:\Users\user\AppData\Local\Temp\pawgjsvu
data
#
C:\Users\user\AppData\Local\Temp\zn2eyxxq9ww5zrdhr
data
#
C:\Users\user\AppData\Local\Temp\~DFAA19AC2D561A69CF.TMP
data
#