flash

Untitled-09112022.xls

Status: finished
Submission Time: 2022-11-16 05:42:17 +01:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0, Emotet

Comments

Tags

Details

  • Analysis ID:
    747191
  • API (Web) ID:
    1114495
  • Analysis Started:
    2022-11-16 05:42:19 +01:00
  • Analysis Finished:
    2022-11-16 05:49:31 +01:00
  • MD5:
    8079b54a0c76ba1fec822059aa22ea31
  • SHA1:
    c71c6fd2c68cc8746e778e907984927458a13ab8
  • SHA256:
    9d0827721715ca365e0138d9a0bbef43bf209005605793b35e3e9b73337426a6
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
38/62

malicious
27/39

malicious

IPs

IP Country Detection
114.79.130.68
India
172.105.115.71
United States
139.59.80.108
Singapore
Click to see the 50 hidden entries
104.244.79.94
United States
37.44.244.177
Germany
51.75.33.122
France
160.16.143.191
Japan
103.56.149.105
Indonesia
85.25.120.45
Germany
139.196.72.155
China
115.178.55.22
Indonesia
103.126.216.86
Bangladesh
128.199.217.206
United Kingdom
118.98.72.86
Indonesia
103.224.241.74
India
210.57.209.142
Indonesia
202.28.34.99
Thailand
80.211.107.116
Italy
54.37.228.122
France
218.38.121.17
Korea Republic of
185.148.169.10
Germany
195.77.239.39
Spain
178.62.112.199
European Union
62.171.178.147
United Kingdom
64.227.55.231
United States
175.126.176.79
Korea Republic of
174.138.33.49
United States
196.44.98.190
Ghana
36.67.23.59
Indonesia
103.41.204.169
Indonesia
188.165.79.151
France
85.214.67.203
Germany
83.229.80.93
United Kingdom
198.199.70.22
United States
93.104.209.107
Germany
186.250.48.5
Brazil
78.47.204.80
Germany
209.239.112.82
United States
128.199.242.164
United Kingdom
178.238.225.252
Germany
46.101.98.60
Netherlands
190.145.8.4
Colombia
82.98.180.154
Spain
103.71.99.57
India
87.106.97.83
Germany
103.254.12.236
Viet Nam
103.85.95.4
Indonesia
202.134.4.210
Indonesia
165.22.254.236
United States
187.1.136.16
Brazil
185.23.117.132
United Kingdom
163.172.108.69
United Kingdom
45.207.116.88
Seychelles

Domains

Name IP Detection
www.cecambrils.cat
0.0.0.0
www.hsweixintp.com
45.207.116.88
cecambrils.cat
185.23.117.132
Click to see the 4 hidden entries
www.stickers-et-deco.com
163.172.108.69
web15f04.uni5.net
187.1.136.16
www.clinicaportalpsicologia.com.br
0.0.0.0
hsweixintp.com
0.0.0.0

URLs

Name Detection
http://www.cecambrils.cat/wp-content/cXEhHssszV/
https://218.38.121.17/kwxkonang/
https://218.38.121.17/tfvz/aazuhijovhmgjyf/frsdlxdmvshfvd/
Click to see the 15 hidden entries
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://115.178.55.22:80/tfvz/aazuhijovhmgjyf/frsdlxdmvshfvd/
http://crl.entrust.net/2048ca.crl0
https://secure.comodo.com/CPS0
http://ocsp.entrust.net0D
http://www.stickers-et-deco.com/admin002vqimbe/hRFZkkzLIl/
https://172.105.115.71:8080/tfvz/aazuhijovhmgjyf/frsdlxdmvshfvd/
http://hsweixintp.com/wp-admin/4m1WxDxza6D8SVrfF/
http://www.diginotar.nl/cps/pkioverheid0
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://115.178.55.22:80/kwxkonang/
http://ocsp.entrust.net03
http://crl.entrust.net/server1.crl0
https://172.105.115.71:8080/kwxkonang/
http://www.clinicaportalpsicologia.com.br/wp-includes/d6tkyFFBNwY/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Ji8QgmpX3lS3yT[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\Desktop\Untitled-09112022.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Tue N (…)
#
C:\Users\user\elv1.ooocccxxx
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
Click to see the 7 hidden entries
C:\Windows\System32\FgEHLIiiJRN\xoEOackyxDExhQ.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\~DF4B3CBD39C4A4F2CA.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF68E42B49200ACDE5.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3H9RKW7J.txt
ASCII text
#
C:\Users\user\Desktop\41778653.tmp (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Tue N (…)
#
C:\Users\user\Desktop\4DF60000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Gydar, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Nov (…)
#
C:\Users\user\Desktop\4DF60000:Zone.Identifier
ASCII text, with CRLF line terminators
#