Try VMRay Platform
Malicious
Classifications

-

Threat Names

-

Dynamic Analysis Report

Created on 2024-11-21T06:57:58+00:00

ORDER-2411210684CAV.XLS.js

JScript
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "10 minutes, 12 seconds" to "20 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 17 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\ORDER-2411210684CAV.XLS.js Sample File JavaScript
Malicious
...
»
Also Known As C:\Users\KEECFM~1\Desktop\ORDER-2411210684CAV.XLS.js (Accessed File)
MIME Type text/javascript
File Size 5.77 MB
MD5 0e9a4efd656e8f726c99639a15b46afa Copy to Clipboard
SHA1 83c3929d2d526e96b6eab13dbeca60511720ccac Copy to Clipboard
SHA256 17c8a2339fd77b428d7802f12bb967d6bef393b0c16da336126506c8f83c750e Copy to Clipboard
SSDeep 49152:fyW+X3Bcfv+0oelkeQ74+Tey2Gxj7ReW+q4HXZhCrtwzXltdHRe:8 Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\temp\czqi.exe Dropped File Binary
Suspicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 429.50 KB
MD5 3fd6653902c9fe6829c2ff418415bd5c Copy to Clipboard
SHA1 10db3132f7ecc3cb40c6b2d9ed7752212321d43b Copy to Clipboard
SHA256 ef08c45261e6f6007826942a2b772217d0318d89ba9ca9674ae9f5a3e514d6ae Copy to Clipboard
SSDeep 12288:RtAgFdnLL4+QKIRVhz+bwq60LgiJuYrb:PAgnLL4NZhj0RbX Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0046C962
Size Of Code 0x0006AA00
Size Of Initialized Data 0x00000A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2103-04-14 10:52 (UTC)
Version Information (11)
»
Comments -
CompanyName Microsoft Corporation.
FileDescription RPC Ping Utility
FileVersion 1.0.0.0
InternalName smJT.exe
LegalCopyright Copyright © Microsoft Corporation. All rights reserved.
LegalTrademarks -
OriginalFilename smJT.exe
ProductName RPC Ping Utility
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x0006A968 0x0006AA00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.97
.rsrc 0x0046E000 0x00000634 0x00000800 0x0006AC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.48
.reloc 0x00470000 0x0000000C 0x00000200 0x0006B400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x0006C937 0x0006AB37 0x00000000
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
czqi.exe 4 0x00CA0000 0x00D11FFF Relevant Image False 32-bit - False
...
C:\Users\KEECFM~1\AppData\Local\Temp\adobe.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 595.40 KB
MD5 ce87d990a20f13f79269cb9801a2b09a Copy to Clipboard
SHA1 11ddbe5f5dfc13ee9a7052937504475ce61d3132 Copy to Clipboard
SHA256 8844902f3cbcc50fceb46c6d0006ec59e728abbe63ca732e185fa57e37f337bf Copy to Clipboard
SSDeep 12288:7GrUR6OdDfXA/0zJlQu99xJ0DF9BvteFUcuCVlNfmhjQk3De6aM:yUkOdbxxJ0p9BUFU5cl9en Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\word.js Dropped File Text
Clean
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\word.js (Accessed File)
C:\Users\kEecfMwgj\AppData\Roaming\word.js (Accessed File)
MIME Type text/plain
File Size 283.98 KB
MD5 805074ef02a61e38a12780b74148345e Copy to Clipboard
SHA1 d9c8120e315b8792902f213081403e7a627cd194 Copy to Clipboard
SHA256 ae62fbf751ed2dd1cb21ee7bcf2005664f5d1302c9f98b504425444f85f4ee75 Copy to Clipboard
SSDeep 384:jWu+G3BRY2siUYvLFBpecAepCjtQ11+O8nJGN8mbc/DJvKhcZJ1StjoobDE8CJEn:B Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 2402c0986b9e3725e68c045cf71c89b3 Copy to Clipboard
SHA1 23f7a1888595ed030340d68d0021ba312ee16768 Copy to Clipboard
SHA256 bcace01200693bf98ec16079d184c4f56eed0ee5e8358bd929ffac0fb6f456af Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
c:\users\keecfmwgj\appdata\local\microsoft\windows\history\history.ie5\index.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 64.00 KB
MD5 85717a29622d96701121c3e7fdad19ca Copy to Clipboard
SHA1 9bc962fcf03c5e282def57d6e8d66acf2080c1ce Copy to Clipboard
SHA256 bc7f725c016efb24c4276a9cd3a380f6c7d8f1fe54569acc33600f1d440ac0a8 Copy to Clipboard
SSDeep 96:qUCKaUkBKUuKwG73Z9Gf2zY1G02GLa5GLa5FfUePay1v9rDtDPPiFjfQqn0ZZVNY:nNkjAgyfVkmBWp9rD4zWZHHf6UACK Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 64.00 KB
MD5 41c405d88f47a93c867992e72d342250 Copy to Clipboard
SHA1 30673f4dfb514912592f12160dfca3533e76adc1 Copy to Clipboard
SHA256 07e2f7c011eab3663c90fbab1e3a39eaf2915684374ed79f8e89a48c2e9414ea Copy to Clipboard
SSDeep 384:0MqFgV6CurSmH0aKLPuJxRKMJIiplH1EQDJ5R8WXGZtvNH:0MqSV6CurSmHyLPuJxRRlFJ5R1XytVH Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\cookies\index.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 32.00 KB
MD5 ba0beedb26c9a1dcbb30b1a63098b3e5 Copy to Clipboard
SHA1 a7e1994e6b7002394bcaaab228b98ca5d7ffd4c6 Copy to Clipboard
SHA256 0c5cceba5c416d5424387794429f89a2456b5326e2c7e5d8d2bd67f34bb616ec Copy to Clipboard
SSDeep 48:qGV+sobrV+sQ232Qbr2s29a2ptTQbrTAV+sobrV+sQ:qFsobosUQbKxFXQbnfsobos Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image