flash

RechX2022.11.11_1045X.xls

Status: finished
Submission Time: 2022-11-14 08:04:15 +01:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0, Emotet

Comments

Tags

  • xls

Details

  • Analysis ID:
    745330
  • API (Web) ID:
    1112638
  • Analysis Started:
    2022-11-14 08:04:36 +01:00
  • Analysis Finished:
    2022-11-14 08:17:56 +01:00
  • MD5:
    c3746ff14c90cef7b9f4478cebe79b79
  • SHA1:
    de7ecf4c76f3753342f7fc0129b7ac32fb3c55c3
  • SHA256:
    81574070b47944ba4904a6e419a25eb1825a3a6cba5b8be896f0144e11802d31
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
38/62

malicious

IPs

IP Country Detection
103.43.75.120
Japan
110.232.117.186
Australia
213.239.212.5
Germany
Click to see the 55 hidden entries
5.135.159.50
France
173.255.211.88
United States
212.24.98.99
Lithuania
186.194.240.217
Brazil
91.187.140.35
Serbia
119.59.103.152
Thailand
159.89.202.34
United States
201.94.166.162
Brazil
160.16.142.56
Japan
103.75.201.2
Thailand
91.207.28.33
Kyrgyzstan
164.90.222.65
United States
188.44.20.25
Macedonia
45.235.8.30
Brazil
153.126.146.25
Japan
72.15.201.15
United States
82.223.21.224
Spain
173.212.193.249
Germany
95.217.221.146
Germany
149.56.131.28
Canada
209.97.163.214
United States
182.162.143.56
Korea Republic of
1.234.2.232
Korea Republic of
129.232.188.93
South Africa
94.23.45.86
France
185.4.135.165
Greece
103.132.242.26
India
104.168.155.143
United States
79.137.35.198
France
45.118.115.99
Indonesia
172.104.251.154
United States
115.68.227.76
Korea Republic of
163.44.196.120
Singapore
206.189.28.199
United States
45.63.99.23
United States
107.170.39.149
United States
197.242.150.244
South Africa
172.105.226.75
United States
183.111.227.137
Korea Republic of
45.176.232.124
Colombia
139.59.56.73
Singapore
169.57.156.166
United States
164.68.99.3
Germany
139.59.126.41
Singapore
167.172.253.162
United States
147.139.166.154
United States
202.129.205.3
Thailand
167.172.199.165
United States
153.92.5.27
Germany
159.65.140.115
United States
159.65.88.10
United States
175.98.167.165
Taiwan; Republic of China (ROC)
47.92.35.35
China
81.68.152.197
China
41.63.0.22
Zambia

Domains

Name IP Detection
sbm.xinmoshiwang.com
47.92.35.35
datie-tw.com
175.98.167.165
copunupo.ac.zm
41.63.0.22
Click to see the 1 hidden entries
ly.yjlianyi.top
81.68.152.197

URLs

Name Detection
https://182.162.143.56/qhecxbnpzjg/
http://sbm.xinmoshiwang.com/upload/VaOfWEb3pW76UO/
https://182.162.143.56/boiplpwswxcuxnjh/uinwb/ubppn/lupq/
Click to see the 18 hidden entries
https://182.162.143.56/urupsapzfmrxqv/
https://182.162.143.56/foelwwmtkdwehjqr/njwmpsxnqsxod/rlwwfo/
https://182.162.143.56/acqrviy/djjybechrofav/
http://crl.entrust.net/2048ca.crl0
https://182.162.
https://secure.comodo.com/CPS0
http://ocsp.entrust.net0D
https://182.162.143.56/urupsapzfmrxqv/zW
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://182.162.143.56/boiplpwswxcuxnjh/uinwb/ubppn/lupq/B
https://copunupo.ac.zm/cgi-bin/WFFcGx/
https://173.255.211.88/owewlpmufrqxtxj/
http://ocsp.entrust.net03
https://datie-tw.com/img/O8G0RDZj7MYCuJyPoP/
http://crl.entrust.net/server1.crl0
http://ly.yjlianyi.top/wp-admin/4cChao/
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\o0oHPECmC0WPIXcvQPJOXzFOO7w00z7mkDO[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\EvvmhfKiKFhKrSuHfBq[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\2yXcjy57oZTTUNweDidCGUY[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 14 hidden entries
C:\Users\user\elv4.ooocccxxx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\elv3.ooocccxxx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\elv2.ooocccxxx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\Desktop\RechX2022.11.11_1045X.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu N (…)
#
C:\Windows\System32\YsDsgPDHHUIQoh\TzrBJWzmduQmnx.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\LxJhBpIGuQtuqLqlk\rgLdvmpYAAMw.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Windows\System32\HXVNCiWla\DkEI.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\Desktop\BD680000:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\BD680000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Gydar, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Mon Nov (…)
#
C:\Users\user\Desktop\6B247BB0.tmp (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu N (…)
#
C:\Users\user\AppData\Local\Temp\~DF8A90DB7077A13DA6.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF32588C8EB2A3FE52.TMP
data
#
C:\Users\user\AppData\Local\Temp\D116.tmp (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\AAA2.tmp (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#