flash

4470_02112022.xls

Status: finished
Submission Time: 2022-11-15 12:37:22 +01:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0, Emotet

Comments

Tags

Details

  • Analysis ID:
    746417
  • API (Web) ID:
    1113723
  • Analysis Started:
    2022-11-15 12:42:46 +01:00
  • Analysis Finished:
    2022-11-15 12:52:16 +01:00
  • MD5:
    d3b182de8c99553a9f2b6d0f3f030a4f
  • SHA1:
    d5bd989ffde2f67133b6404f9f234d13e618c206
  • SHA256:
    cd99b899c5a3d6ddb22969605b079375da897362b4d599fc9eebb1e21115a31d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
42/62

malicious
7/22

malicious
21/26

malicious

malicious

IPs

IP Country Detection
114.79.130.68
India
188.165.79.151
France
139.59.80.108
Singapore
Click to see the 46 hidden entries
104.244.79.94
United States
37.44.244.177
Germany
51.75.33.122
France
160.16.143.191
Japan
103.56.149.105
Indonesia
85.25.120.45
Germany
139.196.72.155
China
103.126.216.86
Bangladesh
128.199.217.206
United Kingdom
118.98.72.86
Indonesia
103.224.241.74
India
210.57.209.142
Indonesia
202.28.34.99
Thailand
80.211.107.116
Italy
54.37.228.122
France
218.38.121.17
Korea Republic of
185.148.169.10
Germany
195.77.239.39
Spain
178.62.112.199
European Union
62.171.178.147
United Kingdom
64.227.55.231
United States
178.238.225.252
Germany
196.44.98.190
Ghana
174.138.33.49
United States
36.67.23.59
Indonesia
103.41.204.169
Indonesia
85.214.67.203
Germany
83.229.80.93
United Kingdom
198.199.70.22
United States
93.104.209.107
Germany
186.250.48.5
Brazil
175.126.176.79
Korea Republic of
128.199.242.164
United Kingdom
78.47.204.80
Germany
190.145.8.4
Colombia
46.101.98.60
Netherlands
82.98.180.154
Spain
103.71.99.57
India
87.106.97.83
Germany
103.254.12.236
Viet Nam
103.85.95.4
Indonesia
202.134.4.210
Indonesia
165.22.254.236
United States
163.172.115.127
United Kingdom
163.172.108.69
United Kingdom
47.92.133.65
China

Domains

Name IP Detection
sat7ate.com
0.0.0.0
www.3d-stickers.com
163.172.108.69
www.spinbalence.com
163.172.115.127
Click to see the 1 hidden entries
navylin.com
47.92.133.65

URLs

Name Detection
http://www.3d-stickers.com/Content/Afa1PcRuxh/
https://www.3d-stickers.com/Content/Afa1PcRuxh/
https://218.38.121.17/
Click to see the 14 hidden entries
https://www.3d-stickers.com/page-non-trouvee
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://crl.entrust.net/2048ca.crl0
https://secure.comodo.com/CPS0
http://ocsp.entrust.net0D
https://secure.comodo.coh
http://www.spinbalence.com/Adapter/moycMR/
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://navylin.com/bsavxiv/axHQYKl/
https://www.spinbalence.com/index.php?controller=404
https://www.spinbalence.com/Adapter/moycMR/
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\40hd04O0[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\Desktop\4470_02112022.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed N (…)
#
C:\Users\user\oxnv4.ooccxx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 7 hidden entries
C:\Windows\System32\XXKTOC\CASBb.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\~DF73B80FE68F2FEB1E.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\9X79YCCF.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\D3A8EJJ9.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FJW3SUUT.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\JZYF2U5D.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RLNYM7EL.txt
ASCII text
#