flash

Invoice_7892_18Oct.html

Status: finished
Submission Time: 2022-10-18 21:42:10 +02:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • 5000
  • html
  • Ursnif

Details

  • Analysis ID:
    725636
  • API (Web) ID:
    1093014
  • Analysis Started:
    2022-10-18 21:42:11 +02:00
  • Analysis Finished:
    2022-10-18 21:52:39 +02:00
  • MD5:
    381a9e7c191245cc7e014e19a2c19442
  • SHA1:
    f748050e061bb407d06a38009b7669783a1e0936
  • SHA256:
    7d04f52af134980eef9544350ee216457910e7531a60c88ec9fa80daae59c2d3
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
31.41.44.194
Russian Federation
62.173.145.183
Russian Federation
142.250.203.100
United States
Click to see the 3 hidden entries
142.250.203.110
United States
239.255.255.250
Reserved
142.250.203.109
United States

Domains

Name IP Detection
onlinetwork.top
31.41.44.194
accounts.google.com
142.250.203.109
www.google.com
142.250.203.100
Click to see the 3 hidden entries
clients.l.google.com
142.250.203.110
linetwork.top
62.173.145.183
clients2.google.com
0.0.0.0

URLs

Name Detection
http://onlinetwork.top/drew/9HjvFMPL_/2BodLadHv2Ij_2BnGRof/O5HwRn2RgD6rqZ1SvG5/VMrxgkKm7ed8PnDV4333Df/zIgAPypmoxSLi/8BFA8aIq/BD3jcPWLpFftdB57Hvs_2Bt/pdv8XCmdY6/t4jYCo1nX0gAaeZmr/b90Tdg7fzlxH/cqhZiWRACEm/b39xMwhhk6CBY5/vAnGlr5gQfe7832Po6dgp/kFDd8JW_2BQt2yuf/g3y_2BsnEgcapzm/FqXLCXTc0ul_2Fu7dh/W1oq_2BeZ/dlpTOTrr2A44rzvoNR9t/Ed7vICgSqP/MZk6s.jlk
file:///C:/Users/user/Desktop/Invoice_7892_18Oct.html
http://onlinetwork.top/drew/UogjlH55j3MBdVW7Zgv8/7VAIAiwJ_2FicnQxfIo/vdYsidWojPlxWiOLycfrCH/0jMFVE77apOpr/yiV9EWj6/4LmIXy_2FzHYZsf_2BzbbER/6LftEOfnlg/Uzke2V7qIbQmNXXHb/tnLubrQ7fIkI/GL44ItzX_2B/5weW8TeiFRMx3R/0FalNtY_2FOlb5Arb_2Fa/ayhw4EzvdF98V_2F/QvfDYcXOi_2FxiR/FUnDGyMWNFOFvK99Tq/AboGOqHpH/FFIxlK22ZxSjYALa3Nyd/r2bY6gbX_2BKLnqSzWK/N5bQl56P/1.jlk
Click to see the 4 hidden entries
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
http://linetwork.top/drew/0J0YP9e_2BE7jjAw7XL/AjrHr6NCwO_2Fgj3xqU8HO/e5KwJWvAPxhz7/Er8_2FGw/w6mbMJPoDfQgM_2F5q_2BTA/2EWmrv1LcM/HkHdywibkWgZEZttV/CVVHNFdmhCzK/32gECX5_2BF/KHHudCe_2FBTtm/7PKDpa0dUHWbR_2B1kpX9/AWYTWzr3Mrqxmvg2/b3_2B3bUAXRAtbT/lS0IcV4DbS6jYYG_2F/Ohgp0G9Gj/CtOwH_2BiEVt378VRySb/pgZSH7eC_2Bee3HXiCJ/BjrtGyiuFj_2Fduvn85Qkm/9VcCSZNN/bQ6ATZ6.jlk
http://linetwork.top/drew/TVgVtfJMME1TQDqbWdYo/ezMinaihuLtBtHa0yLo/29N_2BdcUX8GiKCW_2FFcH/G2EEXMAEzocHs/1j0yJOR1/eGMTPdpRhncWUghvDrmpfdi/eKYCLFtVRB/CVYtk9exYzeSrEd9o/r1M5RtNeelrL/BOq3WhytwH0/LSHm7cB7uN0f_2/BOF5OriNbSGHY_2Bu3zcM/HQrJ_2FDizJQq2kU/CdUDwQJw3ybpG6w/prA2XAjnZImMTnv_2B/y35swvqbW/8ll_2FkkiqSxdgXsTIPh/ZgYm_2BBwbPVDYoRfa8/RjAv97g.jlk
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\xxl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pzjcafpy.yij.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqznpzps.wxr.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\krjmempf.vdz\5353.iso
ISO 9660 CD-ROM filesystem data 'CD_ROM'
#
C:\Users\user\AppData\Local\Temp\unarchiver.log
ASCII text, with CRLF line terminators
#
C:\Users\user\Downloads\4b10409d-3549-47cf-a702-af843c5f693a.tmp
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\8fa2db5f-d558-4ee3-8a83-68f3e15e482f.zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#
C:\Users\user\Downloads\8fa2db5f-d558-4ee3-8a83-68f3e15e482f.zip.crdownload (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
#