Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

waff.xls

Status: finished
Submission Time: 2021-09-27 14:00:05 +02:00
Malicious
Trojan
Exploiter
Evader
CobaltStrike Metasploit

Comments

Tags

  • xls

Details

  • Analysis ID:
    491358
  • API (Web) ID:
    858927
  • Analysis Started:
    2021-09-27 14:06:04 +02:00
  • Analysis Finished:
    2021-09-27 14:21:25 +02:00
  • MD5:
    15950554dbc4a843ef439b46d31fe341
  • SHA1:
    e91c0e7f7cfe1034fe1a3d861334fdb34f2bb691
  • SHA256:
    2915591ef479332f179e26a3f6e4a63c35049569f5ca42d067f64dbdae681df9
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Third Party Analysis Engines

malicious

IPs

IP Country Detection
162.214.157.176
 United States
173.231.245.32
 United States
23.82.140.206
 United States
Click to see the 3 hidden entries
192.185.143.195
 United States
31.131.26.197
 Ukraine
204.11.59.34
 United States

Domains

Name IP Detection
tuxsecuritybiness.com
 23.82.140.206
erogholding.com
 173.231.245.32
sjgrand.lk
 162.214.157.176
Click to see the 3 hidden entries
turnipshop.com
 31.131.26.197
maxdigitizing.com
 192.185.143.195
dynamiclifts.co.in
 204.11.59.34

URLs

Name Detection
http://erogholding.com/GFM1QcCFk/cwsCBX9zQ3p1fWV7fXRheWR5fg==
http://sjgrand.lk/zvMYuQqEZj/HiYFeTpyPng4KCF4Pzk8EQgqOQkgOA0PBUJ7cn5henxzYn1leHk=
http://sjgrand.lk/zvMYuQqEZj/ES1CfXZ5ZHp6d2V4ZX59
Click to see the 97 hidden entries
http://sjgrand.lk/zvMYuQqEZj/H0N6dX1le310YXlkeX4=
http://erogholding.com/GFM1QcCFk/CHoveXt4Ph4VAyEJexQZBz86dQwqDQEkNxwhI0V+cnhlfXlzZHlifXk=
http://sjgrand.lk/zvMYuQqEZj/fxgDNT4yEngregozMnp+J0N6dX1le310YXlkeX4=
http://sjgrand.lk/zvMYuQqEZj/enl4GDYcBgIOewx5OBp/MiEbKDx8AkJ9dnlkenp3ZXhlfn0=
http://sjgrand.lk/zvMYuQqEZj/PA8IAXYfekJ9dnlkenp3ZXhlfn0=
http://erogholding.com/GFM1QcCFk/KgUKfiUpewUIDBN5PRx9e0N6dX1le310YXlkeX4=
http://sjgrand.lk/zvMYuQqEZj/eiIKJxsgHw06Agp6BB8ucnsudSg6HAUOKix7e0V+cnhlfXlzZHlifXk=
http://sjgrand.lk/zvMYuQqEZj/eyU+JSclAQELJSA8KhwYJCYxLyceGSYGRnpzeWJ+fXJlfmF5eA==
http://sjgrand.lk/zvMYuQqEZj/DRs5e3gJAw4gNkJ7cn5henxzYn1leHk=
http://sjgrand.lk/zvMYuQqEZj/ICguHncbARsgBD8NCSA2Bx8nL0Z6c3lifn1yZX5heXg=
http://sjgrand.lk/zvMYuQqEZj/B0N6dX1le310YXlkeX4=
http://sjgrand.lk/zvMYuQqEZj/LDhzdH4lGnwaNw4PfworLCkHdSkEGjIvdnMoAkV+cnhlfXlzZHlifXk=
http://erogholding.com/GFM1QcCFk/B34GDSoaEiwrAiUkfHUXQntyfmF6fHNifWV4eQ==
http://erogholding.com/GFM1QcCFk/GyY/RX5yeGV9eXNkeWJ9eQ==
http://sjgrand.lk/zvMYuQqEZj/EgwECwQhMhk+BQkuH38nHQUtIy4GLwpFfnJ4ZX15c2R5Yn15
http://sjgrand.lk/zvMYuQqEZj/Gzk8CR0kCUJ9dnlkenp3ZXhlfn0=
http://erogholding.com/GFM1QcCFk/PyM9GiM9IQJ/HHodGDQ1MT5CfXZ5ZHp6d2V4ZX59
http://sjgrand.lk/zvMYuQqEZj/MyYYFB8/BgEuIANyGHgkPAMsGDcYQ3p1fWV7fXRheWR5fg==
http://erogholding.com/GFM1QcCFk/HwQCKiQ+JjspBywuejQWKD4ZdR0NeRI0RnpzeWJ+fXJlfmF5eA==
http://erogholding.com/GFM1QcCFk/EwIhOC4lMBwbPwgnLQApcyIsASwdBTMheA5DenV9ZXt9dGF5ZHl+
http://sjgrand.lk/zvMYuQqEZj/EQsPOCI9HT0CfXsGCQQcIA59PT18Q3p1fWV7fXRheWR5fg==
http://sjgrand.lk/zvMYuQqEZj/ACA4KhwTDH8VH3MrOQp8GAYHIjZ4egBFfnJ4ZX15c2R5Yn15
http://sjgrand.lk/zvMYuQqEZj/fTB4IBwfOiwYPxk6GRosPCV9BAJzPwp0C3IvDkV+cnhlfXlzZHlifXk=
http://sjgrand.lk/zvMYuQqEZj/DClzfTsJDgA/AicrERgXCHsERX5yeGV9eXNkeWJ9eQ==
http://erogholding.com/GFM1QcCFk/JSYFABYMeX4fPh8NPyUpGxgDRX5yeGV9eXNkeWJ9eQ==
http://sjgrand.lk/zvMYuQqEZj/EQ4vO0Z6c3lifn1yZX5heXg=
http://sjgrand.lk/zvMYuQqEZj/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXl4
http://sjgrand.lk/zvMYuQqEZj/eX0ALgEICTI4BRlyQn12eWR6endleGV+fQ==
tuxsecuritybiness.com
http://sjgrand.lk/zvMYuQqEZj/In19HiAhAiA8DHJzAh58HDkCASt4IAA5GEJ7cn5henxzYn1leHk=
http://sjgrand.lk/zvMYuQqEZj/Hh4hIBsEGSF/JgN9ARgdOCgSRX5yeGV9eXNkeWJ9eQ==
http://sjgrand.lk/zvMYuQqEZj/DCwZNSYnBRJFfnJ4ZX15c2R5Yn15
http://erogholding.com/GFM1QcCFk/PQUmKB0TEgU/Ng5+BQQdIEN6dX1le310YXlkeX4=
http://sjgrand.lk/zvMYuQqEZj/HBh5OS4KPhEaDX4zInUmIRkKJg0aICwiFRgJQn12eWR6endleGV+fQ==
http://sjgrand.lk/zvMYuQqEZj/HiQBOhomAh0dCDgeJjoHLj8YCUZ6c3lifn1yZX5heXg=
http://erogholding.com/GFM1QcCFk/JA05KwQ6fAYuRnpzeWJ+fXJlfmF5eA==
http://sjgrand.lk/zvMYuQqEZj/cjsfHAk/MzgAfhp+DBgAGz0PeyQgQ3p1fWV7fXRheWR5fg==
http://erogholding.com/GFM1QcCFk/KHMMGS5zJ300PjoPEX0KBSsaHAkAJBgGOkJ7cn5henxzYn1leHk=
http://sjgrand.lk/zvMYuQqEZj/GB0tLyckQ3p1fWV7fXRheWR5fg==
http://erogholding.com/GFM1QcCFk/EQkJICsCISkfGjF4IHgXL0N6dX1le310YXlkeX4=
http://sjgrand.lk/zvMYuQqEZj/Hh8fPwgIJRkuIzgrOjp5HjovOkZ6c3lifn1yZX5heXg=
http://sjgrand.lk/zvMYuQqEZj/LjI+JSoqJQ4lBiwyAhR7KngvHgopKBhFfnJ4ZX15c2R5Yn15
http://erogholding.com/GFM1QcCFk/DRM6CwovIR08KgAtAy0Ffhp6RX5yeGV9eXNkeWJ9eQ==
http://sjgrand.lk/zvMYuQqEZj/E30FFQogECw2GiUzekV+cnhlfXlzZHlifXk=
http://erogholding.com/GFM1QcCFk/MjwbIQIkBgkPHTI6ez0VQntyfmF6fHNifWV4eQ==
http://erogholding.com/GFM1QcCFk/DnIfACIKED4/Fx0AO0V+cnhlfXlzZHlifXk=
http://erogholding.com/GFM1QcCFk/EgV4KAUtCD4PID17LglGenN5Yn59cmV+YXl4
http://sjgrand.lk/zvMYuQqEZj/OSdCfXZ5ZHp6d2V4ZX59
http://erogholding.com/GFM1QcCFk/HQAZPjV6PwkoLTkrGToMfyNCfXZ5ZHp6d2V4ZX59
http://sjgrand.lk/zvMYuQqEZj/ITIYRX5yeGV9eXNkeWJ9eQ==
http://erogholding.com/GFM1QcCFk/AhIaKCwxEn8qPXsYQn12eWR6endleGV+fQ==
http://sjgrand.lk/zvMYuQqEZj/JQ97PA4nI3IBJH06MhYrCggCC0Z6c3lifn1yZX5heXg=
http://erogholding.com/GFM1QcCFk/eih9CzkYex8lRnpzeWJ+fXJlfmF5eA==
http://sjgrand.lk/zvMYuQqEZj/ICYbCzstHxl+BhF4Jg5+GH0FRX5yeGV9eXNkeWJ9eQ==
http://sjgrand.lk/zvMYuQqEZj/BhkbJH0afC8dDiEzQn12eWR6endleGV+fQ==
http://sjgrand.lk/zvMYuQqEZj/P34KJnkbASUWPzEYIgcWQntyfmF6fHNifWV4eQ==
http://sjgrand.lk/zvMYuQqEZj/HQUsCCQkQ3p1fWV7fXRheWR5fg==
http://sjgrand.lk/zvMYuQqEZj/JS4leCwTGiojLgAhfiAeJXl4JCkFHUJ9dnlkenp3ZXhlfn0=
http://sjgrand.lk/zvMYuQqEZj/eDkkAA0bInx9RnpzeWJ+fXJlfmF5eA==
http://sjgrand.lk/zvMYuQqEZj/fSkCegETcg8VKw95Qn12eWR6endleGV+fQ==
http://sjgrand.lk/zvMYuQqEZj/CAsZDz1/MEJ9dnlkenp3ZXhlfn0=
http://erogholding.com/GFM1QcCFk/chwzH0Z6c3lifn1yZX5heXg=
http://erogholding.com/GFM1QcCFk/BhoIPS4pMD87egB7Lgh9cwEiInsmBzMnLAUQJUV+cnhlfXlzZHlifXk=
http://erogholding.com/GFM1QcCFk/exkIDX8xAQ0WKxgBGi96Lh4ZOTkyIUJ9dnlkenp3ZXhlfn0=
http://sjgrand.lk/zvMYuQqEZj/AjlCfXZ5ZHp6d2V4ZX59
http://sjgrand.lk/zvMYuQqEZj/O0N6dX1le310YXlkeX4=
http://erogholding.com/GFM1QcCFk/JQ0uHDszfz1/KBIBKQ4kO31CfXZ5ZHp6d2V4ZX59
https://tuxsecuritybiness.com/h
http://sjgrand.lk/zvMYuQqEZj/DxMffwwOHXMHeXJDenV9ZXt9dGF5ZHl+
http://sjgrand.lk/zvMYuQqEZj/BEN6dX1le310YXlkeX4=
http://sjgrand.lk/zvMYuQqEZj/AD0jNh4yPXMuNjMDDTsAGiwzChYyejo5Oik6Qn12eWR6endleGV+fQ==
http://erogholding.com/GFM1QcCFk/cxMTCDUBQ3p1fWV7fXRheWR5fg==
http://erogholding.com/GFM1QcCFk/Egw7CQknICw7PAp7CiIqPSAbRX5yeGV9eXNkeWJ9eQ==
http://sjgrand.lk/zvMYuQqEZj/CXwgNgIIIXMeeQkPPhYCOUN6dX1le310YXlkeX4=
https://23.82.140.206/jquery-3.3.1.slim.min.js
https://tuxsecuritybiness.com/w
http://sjgrand.lk/zvMYuQqEZj/BjgzCn0nPhkcGCpDenV9ZXt9dGF5ZHl+
http://sjgrand.lk/zvMYuQqEZj/EgwSFkZ6c3lifn1yZX5heXg=
http://erogholding.com/GFM1QcCFk/BhkNKwsmJC0BOCosGDgCIilCfXZ5ZHp6d2V4ZX59
http://sjgrand.lk/zvMYuQqEZj/ew0TDR8RAgoIfT0bIEV+cnhlfXlzZHlifXk=
http://erogholding.com/GFM1QcCFk/OnpzfCgTHXM2GH48fT0MGgQ8Gy4OOEJ9dnlkenp3ZXhlfn0=
http://ocsp.entrust.net03
http://crl.entrust.net/2048ca.crl0
https://23.82.140.206/
http://www.msnbc.com/news/ticker.txt
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://code.jquery.com/
https://23.82.140.206/jquery-3.3.1.min.js2
http://www.icra.org/vocabulary/.
https://turnipshop.com/ihiRzoi1/pp.html
https://23.82.140.206/jquery-3.3.1.slim.min.js0C
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://maxdigitizing.com/wAbCNMUm/pp.html
http://www.windows.com/pctv.
http://www.diginotar.nl/cps/pkioverheid0
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Datop\test1.test
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Datop\test2.test
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\pp[1].htm
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\pp[1].htm
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #