Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

Documento.xlsm

Status: finished
Submission Time: 2022-02-24 13:34:26 +01:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Emotet

Comments

Tags

  • xlsm

Details

  • Analysis ID:
    578182
  • API (Web) ID:
    945694
  • Analysis Started:
    2022-02-24 13:53:10 +01:00
  • Analysis Finished:
    2022-02-24 14:06:18 +01:00
  • MD5:
    5acc6f1ff8366ddc895392da4e6a50e3
  • SHA1:
    45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643
  • SHA256:
    0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 25/62
malicious
Score: 17/43
malicious

IPs

IP Country Detection
207.38.84.195
 United States
50.116.54.215
 United States
131.100.24.231
 Brazil
Click to see the 42 hidden entries
135.148.121.246
 United States
46.55.222.11
 Bulgaria
173.212.193.249
 Germany
178.79.147.66
 United Kingdom
45.176.232.124
 Colombia
162.243.175.63
 United States
176.104.106.96
 Serbia
31.24.158.56
 Spain
50.30.40.196
 United States
45.118.135.203
 Japan
164.68.99.3
 Germany
103.134.85.85
 Indonesia
212.237.56.116
 Italy
45.142.114.231
 Germany
203.114.109.124
 Thailand
129.232.188.93
 South Africa
159.8.59.82
 United States
58.227.42.236
 Korea Republic of
158.69.222.101
 Canada
178.128.83.165
 Netherlands
81.0.236.90
 Czech Republic
185.157.82.211
 Poland
79.172.212.216
 Hungary
212.237.17.99
 Italy
110.232.117.186
 Australia
51.254.140.238
 France
119.235.255.201
 Indonesia
212.24.98.99
 Lithuania
213.190.4.223
 Germany
138.185.72.26
 Brazil
153.126.203.229
 Japan
195.154.133.20
 France
216.158.226.206
 United States
45.118.115.99
 Indonesia
103.75.201.2
 Thailand
103.75.201.4
 Thailand
209.126.98.206
 United States
156.67.219.84
 Cyprus
175.107.196.192
 Pakistan
217.182.143.207
 France
82.165.152.127
 Germany
107.182.225.142
 United States

Domains

Name IP Detection
www.swaong.com
 0.0.0.0

URLs

Name Detection
https://135.148.121.246/j
https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwiccH~A
https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwot~H
Click to see the 9 hidden entries
https://135.148.121.246/b
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://www.diginotar.nl/cps/pkioverheid0
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net0D
http://ocsp.entrust.net03
https://secure.comodo.com/CPS0
http://crl.entrust.net/2048ca.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\Desktop\~$Documento.xlsm
 data
 #
C:\Users\user\xxw1.ocx
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
Click to see the 8 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
 Microsoft Cabinet archive data, 61414 bytes, 1 file
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3429A7BE.jpeg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 2418x1051, frames 3
 #
C:\Users\user\AppData\Local\Temp\8833.tmp
 Composite Document File V2 Document, Cannot read section info
 #
C:\Users\user\AppData\Local\Temp\Cab38BB.tmp
 Microsoft Cabinet archive data, 61414 bytes, 1 file
 #
C:\Users\user\AppData\Local\Temp\Tar38BC.tmp
 data
 #
C:\Users\user\AppData\Local\Temp\~DF214DADA29E525B4F.TMP
 data
 #
C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj (copy)
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #