Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

yeni teklif talebi.xlsx

Status: finished
Submission Time: 2022-05-14 15:08:15 +02:00
Malicious
Trojan
Exploiter
Evader
GuLoader

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    626603
  • API (Web) ID:
    994100
  • Analysis Started:
    2022-05-14 15:21:20 +02:00
  • Analysis Finished:
    2022-05-14 15:27:56 +02:00
  • MD5:
    b32d7bac7fb9b903ea73a041f13d3b61
  • SHA1:
    359458f03b700820c3b4f5fc1838ef7ea0d3cd14
  • SHA256:
    35bfba75e0bc2a473ee9964f138acd21381ddf6fd196b35127a304fa61b87826
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

Open Full Report
malicious
Score: 26/68
malicious
Score: 10/41

IPs

IP Country Detection
23.95.34.9
 United States

URLs

Name Detection
http://23.95.34.9/zaki/Komiten6.exe
http://23.95.34.9/zaki/Komiten6.exej
http://nsis.sf.net/NSIS_ErrorError
Click to see the 1 hidden entries
http://23.95.34.9/zaki/Komiten6.exemmC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Komiten6[1].exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
C:\Users\user\Desktop\~$yeni teklif talebi.xlsx
 data
 #
C:\Users\Public\vbc.exe
 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
 #
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\189C2737.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3E1683BB.emf
 Windows Enhanced Metafile (EMF) image data version 0x10000
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\80E4BC8E.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2359081.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FCE43280.wmf
 ms-windows metafont .wmf
 #
C:\Users\user\AppData\Local\Temp\KONDEMNATIONERS.Heg
 data
 #
C:\Users\user\AppData\Local\Temp\Overliggedagene225.ini
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\nshD0AF.tmp\System.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\~DF3EBA8DC817904F49.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF8EEDDA710CFA1BC5.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFD156472CF2DDFD4C.TMP
 CDFV2 Encrypted
 #
C:\Users\user\AppData\Local\Temp\~DFFFED7F195E4B8B5F.TMP
 data
 #