top title background image
flash

fication.exe

Status: finished
Submission Time: 2020-01-22 23:28:47 +01:00
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    202823
  • API (Web) ID:
    303323
  • Analysis Started:
    2020-01-22 23:28:48 +01:00
  • Analysis Finished:
    2020-01-22 23:35:52 +01:00
  • MD5:
    aa34f853ba624fa1b80daa0f890d4755
  • SHA1:
    05c1db3babba6df9a3e0588b819016869ea9a702
  • SHA256:
    6a7337218ca226f33d38bdd80d4937d11b64ea26905f87c3c15706096eb52580
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 60
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 19/70

Domains

Name IP Detection
fpdownload.macromedia.com
0.0.0.0

URLs

Name Detection
http://www.macromedia.comi
http://heserver/story_content/slides/6TCUOBCWA1I.swfa
http://heserver/story_content/data.swf5
Click to see the 91 hidden entries
http://heserver/story_content/slides/6VuNXoQguW1.swf1
http://heserver/story_content/data.swf9
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swf
https://runtime.htmlexe.com/check.php?guid=F60E7A4D-5578-4B51-A7CA-766ED309E580&ver=29100
http://heserver/story_content/slides/5YQEhNdcvDv.swf
https://www.macromedia.com/support/flashplayer/sys/e
http://127.0.0.1
http://heserver/story_content/5ns21pJ6gmu_80_DX496_DY496.swf
http://heserver/story_content/slides/6VuNXoQguW1.swf9
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swfH
http://heserver/story_content/slides/6TCUOBCWA1I.swf
http://heserver/story_content/slides/67loN41KkyG.swfQ
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swf5
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swfz
http://heserver/story_content/5XjSCqg3KQf_80_DX96_DY96.swfG
http://heserver/story.swfs
http://heserver/story_content/5qGRyvyEzWn_80_DX488_DY488.swf/X
http://ocsp.thawte.com0
http://heserver/heintsys/errormsg.htm
https://www.macromedia.com/support/flashplayer/sys/s
https://www.macromedia.com/support/flashplayer/sys/rs
http://heserver/story.swfg
http://www.htmlexe.com0
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swf$
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swfZ
http://heserver/story_content/5qGRyvyEzWn_80_DX488_DY488.swfz
http://heserver/story_content/5ctOJeTvn1D_80_DX488_DY488.swfz
https://www.macromedia.com/support/flashplayer/sys/
http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd
http://heserver/story_content/data.swfW
https://www.htmlexe.comDVarFileInfo$
http://www.htmlexe.com
http://heserver/story_content/slides/6HdrgrxTYbP.swfa
http://heserver/story.html
http://heserver/story_content/5XjSCqg3KQf_80_DX96_DY96.swf
http://www.macromedia.comK
http://heserver/story_content/slides/67loN41KkyG.swfq
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swf)(A
http://heserver/story_content/5ctOJeTvn1D_80_DX488_DY488.swf
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swf7
http://heserver/story_content/slides/6HdrgrxTYbP.swfI
http://heserver/story_content/data.swf
http://bsalsa.com/$DisableErrors.ScriptErrorsSuppressed
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swf7=A
http://heserver/story_content/slides/6TCUOBCWA1I.swfq
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swf
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swfen
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swfO4A
http://heserver/story_content/5ns21pJ6gmu_80_DX496_DY496.swf1
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swfz
http://heserver/story_content/slides/6TCUOBCWA1I.swfi
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swft
http://www.macromedia.com%
http://heserver/story_content/slides/6VuNXoQguW1.swf
http://boxedapp.com/boxedappsdk/order.htmlS:(ML;;NW;;;LW)U
http://heserver/story_content/6naI7SNWWeO_80_DX240_DY240.swfx
http://heserver/story_content/slides/6VuNXoQguW1.swfi
https://fpdownload.macromedia.com/get/flashplayer/update/current/activate/ood.xml
https://www.macromedia.com/support/flashplayer/sys/de
http://heserver/story_content/slides/6TCUOBCWA1I.swfy
http://heserver/story_content/5ctOJeTvn1D_80_DX488_DY488.swfbFA
http://heserver/story_content/5ns21pJ6gmu_80_DX496_DY496.swf$
http://www.articulat.com
http://heserver/story_content/slides/67loN41KkyG.swfy
http://heserver/story_content/5ctOJeTvn1D_80_DX488_DY488.swf/X
http://heserver/story.swfta
http://heserver/story.swf
http://www.macromedia.com
http://heserver/story_content/slides/67loN41KkyG.swf)
http://heserver/story.swfv
http://heserver/story_content/slides/6TCUOBCWA1I.swfA
http://heserver/story_content/slides/67loN41KkyG.swf
http://heserver/story_content/slides/6HdrgrxTYbP.swf
http://heserver/story_content/5ns21pJ6gmu_80_DX496_DY496.swf/X
http://heserver/story_content/slides/67loN41KkyG.swfA
http://bsalsa.com/
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swfg
http://heserver/story_content/5ctOJeTvn1D_80_DX488_DY488.swf:
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swfa
http://heserver/story_content/5qGRyvyEzWn_80_DX488_DY488.swf
http://heserver/story_content/data.swfa
https://www.macromedia.com/support/flashplayer/sys/I
http://heserver/story_content/slides/6VuNXoQguW1.swfY
http://heserver/story_content/5ctOJeTvn1D_80_DX488_DY488.swf1
http://heserver/story_content/6hfRI6eAw45_80_DX488_DY488.swfu2A
http://heserver/story_content/5XjSCqg3KQf_80_DX96_DY96.swffz
https://www.macromedia.com/support/flashplayer/sys/Q
http://www.htmlexe.comDVarFileInfo$
http://heserver/story_content/5ns21pJ6gmu_80_DX496_DY496.swfz
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://heserver/story_content/5qGRyvyEzWn_80_DX488_DY488.swf1

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\5l46j5DQWyj[1].SWF
Macromedia Flash data (compressed), version 10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\6TCUOBCWA1I[1].SWF
Macromedia Flash data (compressed), version 10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\data[1].SWF
Macromedia Flash data (compressed), version 10
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\5XjSCqg3KQf_80_DX96_DY96[1].SWF
Macromedia Flash data, version 9
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\5hxJz23lcB0_80_DX170_DY170[1].SWF
Macromedia Flash data, version 9
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\6cr2LdtRzD3[1].SWF
Macromedia Flash data (compressed), version 10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\fonts[1].SWF
Macromedia Flash data (compressed), version 10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\5ns21pJ6gmu_80_DX496_DY496[1].SWF
Macromedia Flash data, version 9
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\6k0iUWqcshy[1].SWF
Macromedia Flash data (compressed), version 10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\frame[1].XML
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\story[1].SWF
Macromedia Flash data (compressed), version 12
#
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EUT5X7Q5\heserver\story.swf\6pfLZo4ANf9.sxx
data
#
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#heserver\settings.sxx
data
#
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
data
#
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\openssl\cache\RevocationCacheFile.dat
data
#