TransportLabel_6170453602.xlsx

Status: finished

Submission Time: 2022-05-12 09:11:18 +02:00

Malicious

Trojan

Exploiter

Evader

GuLoader

Comments

Details

Analysis ID:
624947
API (Web) ID:
992441
Analysis Started:

2022-05-12 09:26:39 +02:00
Analysis Finished:

2022-05-12 09:33:40 +02:00
MD5:
1db66b406376f18434e1c02cbcf5c5e5
SHA1:
35741ca39d0d76a00fac1eaa720101d7bfd82cc5
SHA256:
a561efadb6bab1e3d4f5b0cdefaecc0c4afb382bfe3bde81e1dad0aefc76695c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report

malicious

Score: 5/35

malicious

Score: 16/41

malicious

IPs

IP	Country	Detection
103.149.13.182	unknown

URLs

Name	Detection
http://barsam.com.au/bin_QuCucbUMda229.bin
http://103.149.13.182/msdrive10/.svchost.exe
http://103.149.13.182/msdrive10/.svchost.exemmC:
Click to see the 7 hidden entries
http://103.149.13.182/msdrive10/.svchost.exeigh
http://103.149.13.182/msdrive10/.svchost.exej
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://nsis.sf.net/NSIS_ErrorError
http://ocsp.sectigo.com0
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
https://sectigo.com/CPS0C

Dropped files

Name	File Type	Hashes
C:\Users\Public\vbc.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
C:\Users\user\Desktop\~$TransportLabel_6170453602.xlsx	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.svchost[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Temp\AsSQLHelper.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\~DFC28532160E8B0828.TMP	CDFV2 Encrypted	#
C:\Users\user\AppData\Local\Temp\~DFB678E6B782DADFF4.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFA94E90DA021B0F1F.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF05A7AD9DA4C87F9C.TMP	data	#
C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dll	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsf2EB0.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\face-crying.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\emblem-default-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Temp\Strepera.wad	data	#
C:\Users\user\AppData\Local\Temp\CoverDes.exe.manifest	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FE386947.emf	Windows Enhanced Metafile (EMF) image data version 0x10000	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED1C7F83.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D90BABA8.png	PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D082CF0A.png	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B28B50E5.png	PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AABEA29C.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AAB93B7F.png	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\81B469ED.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F64A789.png	PNG image data, 139 x 180, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\48839F74.png	PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1F3E17F6.jpeg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3	#

TransportLabel_6170453602.xlsx

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

TransportLabel_6170453602.xlsx Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

TransportLabel_6170453602.xlsx