flash

form.doc

Status: finished
Submission Time: 17.02.2020 20:10:17
Malicious
E-Banking Trojan
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    208880
  • API (Web) ID:
    315109
  • Analysis Started:
    17.02.2020 20:10:21
  • Analysis Finished:
    17.02.2020 20:18:36
  • MD5:
    5b101da4ee2714a73444b8c8b62307b2
  • SHA1:
    ae4e0491b2d256266892aafa58d02c341625bfcd
  • SHA256:
    05b0cccc569850310ab912b52a3b9d37fe0f32029c5b5443b4aca76184224bd1
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
39/62

malicious

malicious

IPs

IP Country Detection
98.239.119.52
United States
104.236.28.47
United States
205.144.171.44
United States
Click to see the 4 hidden entries
71.126.247.90
United States
13.85.72.129
United States
80.86.91.91
Germany
104.31.68.30
United States

Domains

Name IP Detection
thebluebearyhillproject.com
205.144.171.44
sportnal.azurewebsites.net
0.0.0.0
teeo.highoninfo.com
104.31.68.30
Click to see the 1 hidden entries
waws-prod-sn1-081.cloudapp.net
13.85.72.129

URLs

Name Detection
http://sportnal.azurewebsites.net/calendar/Xzoo/
http://thebluebearyhillproject.com/wp-admin/q07/
http://teeo.highoninfo.com/wp-admin/1tx/
Click to see the 2 hidden entries
http://98.239.119.52/VgwZzucbO28XwD/OLIsQLqeqyzclLWVv/dDqe/wmOuSU/6FaQefiFlRcfZlz/
https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer

Dropped files

Name File Type Hashes Detection
C:\Users\user\317.exe
data
#
C:\Users\user\Desktop\~$form.doc
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D32B9406-F01F-40D8-83CD-7625E857602F}.tmp
data
#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\imgs\cscheme.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\imgs\editdata.mso
data
#
C:\Users\user\AppData\Local\Temp\imgs\filelist.xml
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\imgs\img001.jpg
[TIFF image data, little-endian, direntries=1, copyright=AoohbvdsjsiVargvdubnLssuhpdt], baseline, precision 8, 2000x1000, frames 3
#
C:\Users\user\AppData\Local\Temp\imgs\img002.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 624x312, frames 3
#
C:\Users\user\AppData\Local\Temp\imgs\theme.thm
Microsoft OOXML
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\form.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:39 2020, mtime=Tue Jan 28 13:45:39 2020, atime=Mon Feb 17 18:13:23 2020, length=282112, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KJZZRJ5YE23ETZMNYK5Z.temp
data
#