top title background image
flash

qd_34768.xlsm

Status: finished
Submission Time: 2022-03-31 22:51:05 +02:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Emotet

Comments

Tags

  • xlsm

Details

  • Analysis ID:
    601134
  • API (Web) ID:
    968647
  • Analysis Started:
    2022-03-31 22:51:07 +02:00
  • Analysis Finished:
    2022-03-31 22:59:15 +02:00
  • MD5:
    07f30f1fa5420f050ea5929af0f95265
  • SHA1:
    6310b51fca4003fb36252367f058c2e990ba5734
  • SHA256:
    48f3ef54ff2ed0b44d5e4836c56a3a8f3214d7214278172ef84166f6d42cc067
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 10/93
malicious
Score: 17/42
malicious

IPs

IP Country Detection
68.183.94.239
United States
185.46.40.47
Turkey

Domains

Name IP Detection
eles-tech.com
185.46.40.47

URLs

Name Detection
http://eles-tech.com/css/KzMysMqFMs/
https://68.183.94.239:80/DiyTlQGJuLlFIgtBpxSntEnJrcPFhzwChyUaMhMLcrifUxIxXlgWcSSxyKnurar
https://68.183.94.239/
Click to see the 9 hidden entries
https://68.183.94.239:80/DiyTlQGJuLlFIgtBpxSntEnJrcPFhzwChyUaMhMLcrifUxIxXlgWcSSxyKnural
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://www.diginotar.nl/cps/pkioverheid0
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net0D
http://ocsp.entrust.net03
https://secure.comodo.com/CPS0
http://crl.entrust.net/2048ca.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eVzUZ7dv5zBAXa5[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\~$qd_34768.xlsm
data
#
C:\Users\user\xewn.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
Click to see the 6 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 60992 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F230AC8.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 2159x57, frames 3
#
C:\Users\user\AppData\Local\Temp\Cab3198.tmp
Microsoft Cabinet archive data, 60992 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\Tar3199.tmp
data
#
C:\Windows\SysWOW64\Onodwrlgmyciiaw\qayqfx.jrd (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#