Vecchio debito_SKTGH_465585484754.xlsx

Status: finished

Submission Time: 2022-01-28 22:26:20 +01:00

Malicious

Trojan

Exploiter

Evader

FormBook

Comments

Details

Analysis ID:
562488
API (Web) ID:
929994
Analysis Started:

2022-01-28 22:46:19 +01:00
Analysis Finished:

2022-01-28 22:59:31 +01:00
MD5:
3ecca47c8fd3d3fe23e3de46298b346c
SHA1:
0bed1382da7ffeaf9aa0aa28e9143cffc0ec606d
SHA256:
6f401d7546fc2bd85b659a1d30a89bf21451e327e2712ab86f1a3dec421b7e64
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 23/58

malicious

Score: 14/43

malicious

IPs

IP	Country	Detection
162.241.244.46	United States
206.188.192.2	United States
216.177.167.5	United States
Click to see the 1 hidden entries
103.167.92.57	unknown

Domains

Name	IP	Detection
www.laqueenbeautybar.supplies	206.188.192.2
dairatwsl.com	162.241.244.46
www.hevenorfeed.com	216.177.167.5
Click to see the 2 hidden entries
www.vacoveco.com	0.0.0.0
www.dairatwsl.com	0.0.0.0

URLs

Name	Detection
http://www.hevenorfeed.com/yrcy/?jdfhnl=EvxTDFUPJ2-xUnMP&aN=H+0J8LIoM8xANCuc1KZRmbjixQokhoGpIPkQBETMRHrzrLtxV7SOMJUbaHNEQWxSCcCQ4A==
http://www.laqueenbeautybar.supplies/yrcy/?jdfhnl=EvxTDFUPJ2-xUnMP&aN=v3r6hW97z/ZOf9TDdHCkxkGayxrL9igaQBwyCSAaMVPNp+0Lw1V9xr9SflbU5XGqGaZNIw==
http://103.167.92.57/CRC/vbc.exe
Click to see the 20 hidden entries
http://www.dairatwsl.com/yrcy/?aN=e/RF5Wkvcu2kD6Q92hYVOLL0JiY85m+wPQ7mJBVhAbkMJKQBASQfBcFHsaVDtw323W8DmA==&jdfhnl=EvxTDFUPJ2-xUnMP
www.drmichaelirvine.com/yrcy/
http://servername/isapibackend.dll
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.hotmail.com/oe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
https://support.mozilla.org
http://www.autoitscript.com/autoit3
http://www.%s.comPA
http://www.piriform.com/ccleaner
http://blog.iandreev.com
http://investor.msn.com/
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.icra.org/vocabulary/.
http://blog.iandreev.com/
http://www.msnbc.com/news/ticker.txt
http://investor.msn.com
http://java.sun.com
http://www.windows.com/pctv.

Dropped files

Name	File Type	Hashes
C:\Users\Public\vbc.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\Desktop\~$Vecchio debito_SKTGH_465585484754.xlsx	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
Click to see the 17 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A0578845.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Temp\~DFFC2F894EABD35FFF.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF89B48201BCEFC563.TMP	CDFV2 Encrypted	#
C:\Users\user\AppData\Local\Temp\~DF4803FEB401DB7C3E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0F29F80801BE30A4.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EA49F3DF.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E50395A7.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC1E237C.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\974DCA88.png	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74ED78E9.png	PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5CFCF9D6.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5BDF62EA.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\549B41E3.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\537A6982.png	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\50F3279B.png	PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\36C7354D.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2DB33C54.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#

Vecchio debito_SKTGH_465585484754.xlsx

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Vecchio debito_SKTGH_465585484754.xlsx Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

Vecchio debito_SKTGH_465585484754.xlsx