Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

OR17233976_00019489_20170619154218.xlsx

Status: finished
Submission Time: 2022-05-10 22:06:13 +02:00
Malicious
Trojan
Exploiter
Evader
GuLoader

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    623901
  • API (Web) ID:
    991400
  • Analysis Started:
    2022-05-10 22:15:36 +02:00
  • Analysis Finished:
    2022-05-10 22:22:15 +02:00
  • MD5:
    06f4851cbdc105cc140818b42f000b0e
  • SHA1:
    40ac7c31fd3e2f3524bd82200491741f02f9a1ef
  • SHA256:
    3844f8a2b3657d0141d505373f74beb01b6c2150c6931670bc241d600dca89eb
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 24/59
malicious
Score: 10/41
malicious

IPs

IP Country Detection
103.149.13.182
 unknown

URLs

Name Detection
http://103.149.13.182/365space/.svchost.exej
http://103.149.13.182/365space/.svchost.exe
http://103.149.13.182/365space/.svchost.exemmC:
Click to see the 8 hidden entries
http://ocsp2.globals)
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://nsis.sf.net/NSIS_ErrorError
http://ocsp.sectigo.com0
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://crl.globalsig
https://www.globalsign.9
https://sectigo.com/CPS0C

Dropped files

Name File Type Hashes Detection
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
C:\Users\user\Desktop\~$OR17233976_00019489_20170619154218.xlsx
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.svchost[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Temp\AsSQLHelper.dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\~DFEBF9B8A93FED7DB2.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFE089B71C9CC2CAF5.TMP
 CDFV2 Encrypted
 #
C:\Users\user\AppData\Local\Temp\~DF6D478D5B0CAAFC00.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF356FB6003FFB313F.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dll
 PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Local\Temp\nszEA61.tmp\System.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\face-crying.png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\emblem-default-symbolic.symbolic.png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\Uforholdsvises7.wad
 data
 #
C:\Users\user\AppData\Local\Temp\CoverDes.exe.manifest
 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dll
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E4EC5B6C.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CFB87244.png
 PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CE13C646.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C49C905A.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9F9AC7D.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9050978.png
 PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B4D6F58F.jpeg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\90EF2157.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\76413093.png
 PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\53BF4B19.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3288E575.png
 PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
 #