flash

VERDI.doc

Status: finished
Submission Time: 03.12.2019 06:44:48
Malicious
Exploiter

Comments

Tags

Details

  • Analysis ID:
    193292
  • API (Web) ID:
    284716
  • Analysis Started:
    03.12.2019 06:44:51
  • Analysis Finished:
    03.12.2019 07:02:28
  • MD5:
    1304606861c8d05f5bba92d225adc69a
  • SHA1:
    65c3c7a7275a171016d7c9d89a5ac9778eea79a9
  • SHA256:
    5b1aefba63993d6ec0520ed9c482641f6b3caac04c143a065d8c518f89321405
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
84/100

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Run Condition: Potential for more IOCs and behavior

malicious
64/100

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)
Run Condition: Without Instrumentation

malicious
84/100

malicious
27/63

malicious

malicious

IPs

IP Country Detection
192.119.106.235
United States

URLs

Name Detection
http://192.119.106.235/mswordupd.tmp
http://pur/elements/1.1/xmphttp://nsom/xap/1.0/xmpidqhttp://nsom/xmp/Identifier/qual/1.0/shttp://ns.
http://ns.adbe.
Click to see the 1 hidden entries
http://ns.ad

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$VERDI.doc
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\13DA4343.wmf
ms-windows metafont .wmf
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4703E149.jpeg
[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=3, software=Adobe Photoshop CS6 (Windows), datetime=2019:10:18 12:40:39], baseline, precision 8, 620x100, frames 3
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4FF15462.wmf
Targa image data - Map - RLE 65536 x 65536 x 0 "\021"
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8A6D1C68.dat
Targa image data - Map - RLE 17 x 65536 x 0 +4 "\021"
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B831BC34.wmf
Targa image data - Map - RLE 65536 x 65536 x 0 "\021"
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{56AE963E-7F84-4C4D-AB85-0E0AE69A7F2E}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5A0184D2-867C-4D19-9D01-A2038572E237}.tmp
data
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\Word8.0\INKEDLib.exd
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\VERDI.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Sep 24 13:01:36 2017, mtime=Sun Sep 24 13:01:36 2017, atime=Tue Dec 3 04:45:54 2019, length=94161, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#