top title background image
flash

Attachment-2801.xls

Status: finished
Submission Time: 2022-01-28 20:57:17 +01:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Emotet

Comments

Tags

  • SilentBuilder
  • xls

Details

  • Analysis ID:
    562421
  • API (Web) ID:
    929928
  • Analysis Started:
    2022-01-28 21:20:38 +01:00
  • Analysis Finished:
    2022-01-28 21:35:39 +01:00
  • MD5:
    1ebbc323e2e777140566b017623d9ca0
  • SHA1:
    c7474a397a858cc68f2d83940af82fdedd8181d7
  • SHA256:
    24100d1dff5dd7cee8e8c738570665f7882dd9be8f836ccca24abb7876a15661
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 5/93
malicious
Score: 11/43
malicious

IPs

IP Country Detection
54.38.242.185
France
207.148.81.119
United States
78.46.73.125
Germany
Click to see the 33 hidden entries
210.57.209.142
Indonesia
185.148.168.220
Germany
54.37.228.122
France
185.168.130.138
Ukraine
190.90.233.66
Colombia
142.4.219.173
Canada
37.59.209.141
France
89.184.68.240
Ukraine
195.154.146.35
France
195.77.239.39
Spain
78.47.204.80
Germany
118.98.72.86
Indonesia
37.44.244.177
Germany
62.171.178.147
United Kingdom
128.199.192.135
United Kingdom
168.197.250.14
Argentina
104.131.62.48
United States
198.199.98.78
United States
194.9.172.107
unknown
59.148.253.194
Hong Kong
74.207.230.120
United States
103.41.204.169
Indonesia
85.214.67.203
Germany
191.252.103.16
Brazil
116.124.128.206
Korea Republic of
185.148.168.15
Germany
66.42.57.149
United States
91.240.118.168
unknown
139.196.72.155
China
217.182.143.207
France
203.153.216.46
Indonesia
159.69.237.188
Germany
107.190.142.107
United States

Domains

Name IP Detection
farmmash.com
89.184.68.240
karensgardentips.com
107.190.142.107

URLs

Name Detection
http://karensgardentips.com
http://vldispatch.com/licenses/JE6Ol2dfhrk/PE3
http://vldispatch.com/licenses/JE6Ol2dfhrk/
Click to see the 69 hidden entries
http://vldispatch.com/licenses/J
http://91.240.118.168/oo/aa/se.htmlmshta
http://91.240.118.168/oo/aa/se.png
http://centrobilinguelospinos.com/wp-admin/w8528qkQnMPLDUc/
http://hardstonecap.com/well-known/ps9kNMgc6/
http://tastedonline.com/cgi-bin/
http://tombet.net/jmaruk/fd8sVaiAcwcsfMdONH/
http://karensgardentips.com/cgi-bin/hfpv/
http://farmmash.com
http://baldcover.com/wp-admin/oRwkRUWpbJ55/PE3
http://tombet.net/jmaruk/fd8sVai
http://farmmash.com/edh2fa/g2Q7Qbgs/PE3
http://91.240.118.168/oo/aa/se.htmlfunction
http://baldcover.com/wp-admin/oRwkRUWpbJ55/
http://karensgardentips.com/cgi-
http://wencollection.com/wp-admin/pY6t2bVC0QWEpk7Q/PE3
http://farmmash.com/edh2fa/g2Q7Q
http://hardstonecap.com/well-known/ps9kNMgc6/PE3
http://91.240.118.168/oo/aa/se.htmlngs
http://hardstonecap.com/well-kno
http://wencollection.com/wp-admi
http://tombet.net/jmaruk/fd8sVaiAcwcsfMdONH/PE3
http://91.240.118.168/oo/aa/se.html?
http://il-piccolo-principe.com/w
http://91.240.118.168
http://unitedhorus.com/wp-content/m3oxVSV2uYW2rbh/
http://91.240.118.168/oo/aa/se.html
http://91.240.118.168/oo/aa/se.htmlt
http://il-piccolo-principe.com/wp-content/Ua9GvD7acXnDz/PE3
http://unitedhorus.com/wp-content/m3oxVSV2uYW2rbh/PE3
http://3-fasen.com/wp-content/3Bl0hBbW/PE3
http://91.240.11
http://91.240.118.168/oo/aa/se.htmld
http://tastedonline.com/cgi-bin/GOHSO621KlmM6m/PE3
http://farmmash.com/edh2fa/g2Q7Qbgs/
http://unitedhorus.com/wp-conten
http://91.240.118.168/oo/aa/se.p
http://tastedonline.com/cgi-bin/GOHSO621KlmM6m/
http://91.240.118.168/oo/aa/se.htmlY
http://centrobilinguelospinos.com/wp-admin/w8528qkQnMPLDUc/PE3
http://91.240.118.168/oo/aa/se.htmlhttp://91.240.118.168/oo/aa/se.html
http://91.2
http://wencollection.com/wp-admin/pY6t2bVC0QWEpk7Q/
http://il-piccolo-principe.com/wp-content/Ua9GvD7acXnDz/
http://3-fasen.com/wp-content/3B
http://karensgardentips.com/cgi-bin/hfpv/PE3
http://3-fasen.com/wp-content/3Bl0hBbW/
http://91.240.118.168/oo/aa/se.pngPE3
http://91.240.118.168/oo/aa/se.htmlWinSta0
http://www.msnbc.com/news/ticker.txt
http://www.protware.com/3x
http://www.piriform.com/ccleaner
http://centrobilinguelospinos.co
http://www.protware.com/ll
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://www.windows.com/pctv.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.protware.com
http://www.protware.com/
http://www.icra.org/vocabulary/.
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://tombet.ne
http://investor.msn.com/
http://www.%s.comPA
http://baldcover.com/wp-admin/oR
http://3-fasen.c
http://investor.msn.com

Dropped files

Name File Type Hashes Detection
C:\ProgramData\QWER.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\Attachment-2801.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 20:50:39 2022, Last Saved Time/Date: Thu Jan 2 (…)
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htm
data
#
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Temp\3F51.tmp
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Temp\~DF0B22ABD164080AB0.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFF68DB415B8D4D7E2.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LGH7QAGDLRBP4BYUSLSY.temp
data
#
C:\Windows\SysWOW64\Zefya\nybbbfj.sgf (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#