Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

DOC_MDR0307_019.doc

Status: finished
Submission Time: 2022-01-24 16:35:46 +01:00
Malicious
Trojan
Exploiter
Evader
Nanocore

Comments

Tags

Details

  • Analysis ID:
    558912
  • API (Web) ID:
    926439
  • Analysis Started:
    2022-01-24 16:36:28 +01:00
  • Analysis Finished:
    2022-01-24 16:49:05 +01:00
  • MD5:
    0f99f373718685c0235b20df7624b00c
  • SHA1:
    1ed1e0a6b306bf8bee39628cfcfa2f8e683bec77
  • SHA256:
    adc82a58d8c890881cc7781be8e831b948dc06757664946ca302f2ef5200bd38
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 15/58
malicious
Score: 17/43
malicious
malicious

IPs

IP Country Detection
103.153.78.234
 unknown
2.58.149.41
 Netherlands

Domains

Name IP Detection
paxz.tk
 2.58.149.41
vijayikohli1.bounceme.net
 103.153.78.234

URLs

Name Detection
http://paxz.tk/plugmanzx.exe
4,0,403183674,0000000000138000,00000002,00000001,01000000,00000003,3,2C678C69C60A9225
vijayikohli1.bounceme.net
Click to see the 2 hidden entries
127.0.0.1
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\plugmanzx[1].exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\plugmancdht5461.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\AppData\Roaming\ZdNnwVcb.exe
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
 #
Click to see the 16 hidden entries
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
 Non-ISO extended-ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\tmp90FA.tmp
 XML 1.0 document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{31EE4F20-8102-4B92-84BC-9897A1B6A0AD}.tmp
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{67E7F9AB-C509-437A-87CC-02623FAC39E8}.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\tmpBC45.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\tmpCAE4.tmp
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{389992DD-2DC9-4AE9-A20A-17842FFF7D86}.tmp
 data
 #
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\DOC_MDR0307_019.LNK
 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:56 2021, mtime=Mon Aug 30 20:08:56 2021, atime=Mon Jan 24 23:37:13 2022, length=445364, window=hide
 #
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CC3LSTOKK0VB6393QYBO.temp
 data
 #
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
 data
 #
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
 PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
 #
C:\Users\user\Desktop\~$C_MDR0307_019.doc
 data
 #