Edit tour
Windows
Analysis Report
A7GSBA08HBVVDSA_pdf.lnk
Overview
General Information
| Sample name: | A7GSBA08HBVVDSA_pdf.lnk |
| Analysis ID: | 1584796 |
| MD5: | ab6ddf457fa0d864c92b80e75051aeb7 |
| SHA1: | 007aa03e53564322fc7794c76561dea9089e5519 |
| SHA256: | c56a210294acacad6d920a4ac2025d68b34d738f9e4115dc5d249d3014f0574b |
| Tags: | lnkuser-TeamDreier |
 | |
Errors
| |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Classification
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | Classification label: | ||
| Source: | Virustotal: | ||
⊘No Mitre Att&ck techniques found
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 10% | Virustotal | Browse | ||
| 8% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| s-part-0017.t-0009.t-msedge.net | 13.107.246.45 | true | false | high |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1584796 |
| Start date and time: | 2025-01-06 14:31:17 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 10m 40s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Sample name: | A7GSBA08HBVVDSA_pdf.lnk |
| Detection: | MAL |
| Classification: | mal48.winLNK@0/0@0/0 |
| Cookbook Comments: |
|
- No process behavior to analyse as no analysis process or sample was found
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, rundll32.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, VSSVC.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.45, 23.206.229.209, 20.109.210.53, 20.52.64.200
- Excluded domains from analysis (whitelisted): www.bing.com, slscr.update.microsoft.com, otelrules.azureedge.net, self.events.data.microsoft.com, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, mardi-headquarters-electronic-substantial.trycloudflare.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
⊘No simulations
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| s-part-0017.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 3.739682691164694 |
| TrID: |
|
| File name: | A7GSBA08HBVVDSA_pdf.lnk |
| File size: | 1'988 bytes |
| MD5: | ab6ddf457fa0d864c92b80e75051aeb7 |
| SHA1: | 007aa03e53564322fc7794c76561dea9089e5519 |
| SHA256: | c56a210294acacad6d920a4ac2025d68b34d738f9e4115dc5d249d3014f0574b |
| SHA512: | 523abd80c838a473e9f09f8e589b0290248f110a0d549c1103fdad98bd89a5a4ba51b02d152472cff7ba58ca7b9d9da69cf854b3b977122163d82d696f345dc8 |
| SSDEEP: | 24:8c4BfWKyWVY6/wHcmunKoE58+AsCj+7SenpWZ2JQvMz7BHnpWZ2rA1:8J8pWVf0cPbMAs7KZ2JLyZ2rA |
| TLSH: | FC41101153D0033AF3771F75BD76487265337852FA02DA6E1011416B1833A548799F6F |
| File Content Preview: | L..................F.... ....;.F.].....m._.....m._..................................................}...a...................\\MARDI-HEADQUARTERS-ELECTRONIC-SUBSTANTIAL.TRYCLOUDFLARE.COM@SSL\DAVWWWROOT.new.vbs.9.%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.M.i. |
 | |
| Icon Hash: | 72d282828e8d8dd5 |
General | |
|---|---|
| Relative Path: | |
| Command Line Argument: | |
| Icon location: | %ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 6, 2025 14:32:12.132405043 CET | 1.1.1.1 | 192.168.2.9 | 0x7bc | No error (0) | s-part-0017.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Jan 6, 2025 14:32:12.132405043 CET | 1.1.1.1 | 192.168.2.9 | 0x7bc | No error (0) | 13.107.246.45 | A (IP address) | IN (0x0001) | false |
⊘No statistics
⊘No system behavior
⊘No disassembly