flash

MIL0001742828.xls

Status: finished
Submission Time: 09.12.2019 17:28:47
Malicious
E-Banking Trojan
Trojan
Exploiter
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    194688
  • API (Web) ID:
    287432
  • Analysis Started:
    09.12.2019 17:28:51
  • Analysis Finished:
    09.12.2019 17:39:40
  • MD5:
    c5e1106f9654a23320132cbc61b3f29d
  • SHA1:
    c7c29ff4f0b36bd5618fec2eb0da25cf4daaca3f
  • SHA256:
    81a1fca7a1fb97fe021a1f2cf0bf9011dd2e72a5864aad674f8fea4ef009417b
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
10/60

IPs

IP Country Detection
89.249.65.189
United Kingdom
216.58.201.101
United States
94.100.28.184
Netherlands

Domains

Name IP Detection
udatapost.red
0.0.0.0
marvellstudio.online
0.0.0.0
abrakam.site
0.0.0.0
Click to see the 7 hidden entries
sdkscontrol.pw
0.0.0.0
hiteronak.icu
0.0.0.0
ublaznze.online
0.0.0.0
laddloanalao.xyz
89.249.65.189
gmail.com
216.58.201.101
makretplaise.xyz
192.64.119.156
sutsyiekha.casa
94.100.28.184

URLs

Name Detection
http://www.asharqalawsat.com/
http://busca.orange.es/
http://cnweb.search.live.com/results.aspx?q=
Click to see the 97 hidden entries
http://auto.search.msn.com/response.asp?MT=
http://search.yahoo.co.jp
http://www.target.com/
http://buscador.terra.es/
http://search.orange.co.uk/favicon.ico
http://www.iask.com/
http://www.tesco.com/
http://cgi.search.biglobe.ne.jp/
http://search.seznam.cz/favicon.ico
http://suche.freenet.de/favicon.ico
http://laddloanalao.xyz/images/New4cJoQvo6XtZauz/hyuqnQVHdttc/Y2fQhP_2Bvp/SwIcLle_2BgVQD/gNevLmBadoM
http://search.interpark.com/
http://search.ipop.co.kr/favicon.ico
http://search.espn.go.com/
http://www.myspace.com/favicon.ico
http://search.centrum.cz/favicon.ico
http://p.zhongsou.com/favicon.ico
http://service2.bfast.com/
http://www.%s.comPA
http://ariadna.elmundo.es/
http://www.news.com.au/favicon.ico
http://www.cdiscount.com/
http://www.tiscali.it/favicon.ico
http://search.chol.com/favicon.ico
http://www.mercadolivre.com.br/
http://www.merlin.com.pl/favicon.ico
http://search.ebay.de/
http://www.mtv.com/
http://www.rambler.ru/
http://www.nifty.com/favicon.ico
http://www.dailymail.co.uk/
http://www3.fnac.com/favicon.ico
http://buscar.ya.com/
http://search.yahoo.com/favicon.ico
https://download-installer.cdn.mozilla.net/pub/firefox/releases/54.0.1/win32/en-US/Firefox%20Setup%2
http://www.sogou.com/favicon.ico
http://asp.usatoday.com/
http://fr.search.yahoo.com/
http://rover.ebay.com
http://in.search.yahoo.com/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://search.ebay.in/
http://image.excite.co.jp/jp/favicon/lep.ico
http://%s.com
http://msk.afisha.ru/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://search.rediff.com/
http://www.ya.com/favicon.ico
http://www.etmall.com.tw/favicon.ico
http://it.search.dada.net/favicon.ico
http://search.naver.com/
http://www.google.ru/
http://search.hanafos.com/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico
http://www.abril.com.br/favicon.ico
http://search.daum.net/
http://search.naver.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://www.clarin.com/favicon.ico
http://buscar.ozu.es/
http://kr.search.yahoo.com/
http://search.about.com/
http://www.msn.com/?ocid=iehpS
http://busca.igbusca.com.br/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://www.ask.com/
http://www.priceminister.com/favicon.ico
http://www.cjmall.com/
http://search.centrum.cz/
http://suche.t-online.de/
http://www.google.it/
http://search.auction.co.kr/
http://www.ceneo.pl/
http://www.amazon.de/
http://sads.myspace.com/
http://busca.buscape.com.br/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://browse.guardian.co.uk/favicon.ico
http://google.pchome.com.tw/
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://www.rambler.ru/favicon.ico
http://uk.search.yahoo.com/
http://espanol.search.yahoo.com/
http://www.ozu.es/favicon.ico
http://search.sify.com/
http://openimage.interpark.com/interpark.ico
http://search.yahoo.co.jp/favicon.ico
http://search.ebay.com/
http://www.gmarket.co.kr/
http://search.nifty.com/
http://searchresults.news.com.au/
http://www.google.si/
http://www.google.cz/
http://www.soso.com/
http://www.univision.com/
http://search.ebay.it/
http://images.joins.com/ui_c/fvc_joins.ico

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\W
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\ygdsonvv.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
Click to see the 45 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
PNG image data, 16 x 16, 4-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5A5B55D1-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7436F611-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75AD5701-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C1C9B21-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A5B55D3-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7436F613-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75AD5703-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C1C9B23-1AA1-11EA-B7AC-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\fb4mf11\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\favicon[1].ico
PNG image data, 16 x 16, 4-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\XXEf[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\favicon[1].ico
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\hBVHp[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\robot[1].png
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\urlblockindex[1].bin
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\97AC40E5.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABF789A2.png
PNG image data, 426 x 305, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Temp\CSC7436.tmp
MSVC .res
#
C:\Users\user\AppData\Local\Temp\CSC9006.tmp
MSVC .res
#
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\RES74FF.tmp
data
#
C:\Users\user\AppData\Local\Temp\RES9007.tmp
data
#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.out
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\v0kgxdqm.pdb
data
#
C:\Users\user\AppData\Local\Temp\ygdsonvv.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\ygdsonvv.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ygdsonvv.out
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\ygdsonvv.pdb
data
#
C:\Users\user\AppData\Local\Temp\~DF00A1094E21FFE937.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF26328438DCE709C5.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF423E474A1C6DC840.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF57A74C65F84816A7.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF6DDC0C8057C653B9.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF881119748BF62D6C.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFB451A12262FF19FB.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFBB85AEECFADB7B4E.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\W9U88JM6.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HZPS4FI3NXVBGXIUPGCH.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KJ92N8DPS0W7KCC8YM6Q.temp
data
#