Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

NCR2025-000455.docx.doc

Status: finished
Submission Time: 2025-02-16 20:59:16 +01:00
Malicious
Evader
Exploiter

Comments

Tags

  • doc
  • UKR

Details

  • Analysis ID:
    1616494
  • API (Web) ID:
    1616494
  • Analysis Started:
    2025-02-16 20:59:17 +01:00
  • Analysis Finished:
    2025-02-16 21:10:55 +01:00
  • MD5:
    bc0ab291694ec67aad2ef22cb680df22
  • SHA1:
    aa0ee7bbb4f883bfe7b6f824181609f309d83ba1
  • SHA256:
    cc46628096b1c48f36accd498026b5080b7714de6081359af69503583023eaf7
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 60
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 64
Error: Incomplete analysis, please check the report for detailed error information
System: Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Run Condition: Potential for more IOCs and behavior

Third Party Analysis Engines

Open Full Report
malicious
Score: 27/66
malicious
Score: 13/37

IPs

IP Country Detection
67.217.247.193
 United States
142.132.211.198
 Canada
2.22.242.9
 European Union

Domains

Name IP Detection
woki.me
 142.132.211.198
a726.dscd.akamai.net
 2.22.242.9
s-0005.dual-s-msedge.net
 52.123.129.14
Click to see the 1 hidden entries
198.187.3.20.in-addr.arpa
 0.0.0.0

URLs

Name Detection
https://woki.me/DQaKj
https://templates.office.com/templates-for-powerpoint?ocid=oo_toc_client_app_MARVEL_UPS_templates_go
https://login.windows.net/common/oauth2/authorizesgic
Click to see the 97 hidden entries
https://insertmedia.bing.office.net/odc/insertmediaupdP
https://account.box.com/api/wopibootstrapperem4vekradyd8j4setf04baizn2np7btjhttps://www.box.com/offi
https://notification.m365.svc.cloud.microsoft/api/v1/registertfreeformspeech
https://incidents.diagnostics.office.comom
https://login.windows.net/common/oauth2/authorizeX
https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2on
https://clients.config.office.net/user/v1.0/ios
https://directory.services.live.com/profile/Profile.asmx.asmxg
https://substrate.office.com#T
https://mss.office.com
https://templates.office.com/templates-for-word?ocid=oo_toc_client_app_MARVEL_UPS_templates_gopremiu
https://www.office.com/8KR
https://clients.config.office.net/user/v1.0/android/policies)~
https://docs.live.net/SharingService.svcvice.svcr
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
https://support.office.com/client/results?fullframe=yes
https://d.docs.live.net
https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
https://outlook.office365.com/tasks?app&hostApp=metaOSHubivityFeedStateytK
https://substrate.office.com/recommended/api/v1.0/edgeworthPqg
https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechech
https://woki.me/DQaKj/
https://clients.config.office.net/user/v1.0/macj
https://login.windows.net/common/oauth2/authorize8
https://substrate.office.com/search/api/v1/
https://realtimesync.onenote.com/realtimechannel/v1.0/signalr/hubv1.0/signalr/hubE
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectorybpQ
https://login.windows.net/common/oauth2/authorizetinfo
https://login.microsoftonline.com
https://api.powerbi.com/v1.0/myorg/importsspxt
https://outlook.office.comS.DLL
https://cr.office.comF
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeeche
https://storage.live.com/clientlogs/uploadlocation
https://officepyservice.office.net/&
https://outlook.office.com/
https://api.onedrive.com/v1.0/v1.0
https://woki.me/qakj
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
https://login.windows.net/common/oauth2/authorizeH
http://schemas.micro
https://outlook.live.com/owa/wopibootstrapperNA
https://login.windows.net/common/oauth2/authorizeW
https://templates.office.com/templates-for-excel?ocid=oo_toc_client_app_MARVEL_UPS_templates_gopremi
https://clients.config.office.net/user/v1.0/android/policies
https://dataservice.prot
https://prod.support.office.com/InAppHelp1001o
https://woki.me/QaKj
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://d.docs.live.netz
https://www.yammer.com
https://api.aadrm.come
https://substrate.office.com/M365.Accesspxspx
https://woki.me/DQaKj/Desktop
https://entitlement.diagnostics.office.com17Dh0
https://api.aadrm.com/
https://forms.office.com/Pages/DesignPageV2.aspx?lang=
https://prod.support.office.com/InAppHelp1001
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
https://api.microsoftstream.com/api/
https://substrate.office.com/imageB2/v1.0/me/image/resize%28width%3D384%2Cheight%3D384%2CallowResize
https://login.windows.net/common/oauth2/authorizeredir
https://prod.support.office.com/InAppHelpev=3J
https://pagecontentsync.onenote.com/pagecontentsync/attachment/v1nc/attachment/v1
https://prod.support.office.com/InAppHelps=3
https://cdn.entity.
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://autodiscover-s.outlook.com/
https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeechse
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveAppicT
https://analysis.windows.net/powerbi/apit~
https://augloop.office.comared
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileUwg
https://contacts.msn.com/ABService/ABService.asmx.asmx
https://login.windows.net/common/oauth2/authorizeog
https://graph.windows.net
https://login.windows.net/common/oauth2/authorize6ic
https://web.microsoftstream.com/video/
https://api.powerbi.com/v1.0/myorg/groups
https://wus2.pagecontentsync.onenote.com/pagecontentsync/attachment/v1nc/attachment/v1Uah
https://cr.office.comv
https://cortana.aitlf
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeduV
https://substrate.office.com/Notes-Internal.ReadWritex
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonPvb
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFilevr
https://cortana.aib
https://api.aadrm.comR
https://res.getmicrosoftkey.com/api/redemptionevents
https://api.microsoftstream.com/api/he
https://api.powerbi.com/v1.0/myorg/importsE
https://o365auditrealtimeingestion.manage.office.com/api/userauditrecordeechquC
https://login.windows.net/common/oauth2/authorizethme
https://webshell.suite.office.comTgh
https://substrate.office.com_TU

Dropped files

No malicious files found. See full and IOC report for all dropped files.