top title background image
flash

SecuriteInfo.com.Exploit.Siggen3.32567.15846.xls

Status: finished
Submission Time: 2022-05-23 11:36:06 +02:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0, Emotet

Comments

Tags

  • SilentBuilder
  • xlsx

Details

  • Analysis ID:
    632157
  • API (Web) ID:
    999661
  • Analysis Started:
    2022-05-23 11:37:33 +02:00
  • Analysis Finished:
    2022-05-23 11:48:36 +02:00
  • MD5:
    8b2f1d8c5189b9a97624243d30d6ff36
  • SHA1:
    c2dcb3ea640cae6e974dd32cf12af400ceac46f9
  • SHA256:
    2f10704047062f616e82e6ab4000864a7cde802b5bdef760da79a9204771bcb2
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious
Score: 10/92
malicious
Score: 13/35
malicious
Score: 17/26
malicious

IPs

IP Country Detection
173.82.82.196
United States
138.219.41.210
Argentina
128.199.252.32
United Kingdom
Click to see the 2 hidden entries
212.98.224.29
Turkey
66.84.31.11
United States

Domains

Name IP Detection
jr-software-web.net
138.219.41.210
elamurray.com
66.84.31.11
masyuk.com
128.199.252.32
Click to see the 2 hidden entries
melisetotoaksesuar.com
212.98.224.29
www.melisetotoaksesuar.com
0.0.0.0

URLs

Name Detection
https://173.82.82.196:8080/
https://173.82.82.196:8080/;j
https://173.82.82.196/
Click to see the 16 hidden entries
http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
https://173.82.82.196:8080/P5
http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
https://173.82.82.196/t5
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net03
http://ocsp.comodoc
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://secure.comodo.co
http://www.diginotar.nl/cps/pkioverheid0
http://crl.com
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
http://crl.entrust.net/2048ca.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\LjSKxP[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\CPZby9k8xhW2TaPgwsAagxTpGuhIkFrK[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\F3DOS06hLF1rUq3s6XOB[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 12 hidden entries
C:\Users\user\Desktop\SecuriteInfo.com.Exploit.Siggen3.32567.15846.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Fri (…)
#
C:\Users\user\uxevr1.ocx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\uxevr2.ocx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\uxevr4.ocx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\FUVVPG\TGCY.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\JQSPcFGJSVOMPtFX\ZXsHFctgkSbxp.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\VrLOhrB\szFRUu.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61480 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Temp\Cab3444.tmp
Microsoft Cabinet archive data, 61480 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\Tar3445.tmp
data
#
C:\Users\user\AppData\Local\Temp\~DFA61A33ED8C15AF6F.TMP
data
#