flash

Próxima reunión de finanzas.doc

Status: finished
Submission Time: 02.03.2020 18:05:04
Malicious
E-Banking Trojan
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    212266
  • API (Web) ID:
    321695
  • Analysis Started:
    02.03.2020 18:05:07
  • Analysis Finished:
    02.03.2020 18:12:34
  • MD5:
    e896ed223d2478514373c02ab6275fd4
  • SHA1:
    4513d4a64eefd61bb77889597cca24500f05161e
  • SHA256:
    9a01ff3d7dfa98e7792784ac96b282570daee69e7ed72f2a722e16983b50408d
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
57/72

malicious
28/31

malicious

malicious

IPs

IP Country Detection
45.122.220.220
Viet Nam
42.115.22.145
Viet Nam
145.14.144.203
Netherlands

Domains

Name IP Detection
khomaynhomnhua.vn
45.122.220.220
us-east-1.route-1.000webhost.awex.io
145.14.144.203
luislar68.000webhostapp.com
0.0.0.0

URLs

Name Detection
http://khomaynhomnhua.vn/dup-installer/tyl31xi-nmfh-643542/
http://42.115.22.145/jHnnLdTLu1NRMhUpxrV

Dropped files

Name File Type Hashes Detection
C:\Users\user\633.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F5F071EC.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 1429x714, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0E194969-FE73-46CA-A430-E60FC098C371}.tmp
data
#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{887D2098-5718-408A-81E9-015A2D2A69A9}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E4D01C2E-15A8-400F-B803-F7B1A163D7D3}.tmp
data
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\imgs\cscheme.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\imgs\editdata.mso
data
#
C:\Users\user\AppData\Local\Temp\imgs\filelist.xml
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\imgs\img001.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 1429x714, frames 3
#
C:\Users\user\AppData\Local\Temp\imgs\img002.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 624x312, frames 3
#
C:\Users\user\AppData\Local\Temp\imgs\theme.thm
Microsoft OOXML
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Pr#U00c3#U00b3xima reuni#U00c3#U00b3n de finanzas.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:37 2020, mtime=Tue Jan 28 13:45:37 2020, atime=Mon Mar 2 16:07:52 2020, length=114864, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R8DCNO5EZ7O3GS3YHJ9E.temp
data
#
C:\Users\user\Desktop\~$#U00c3#U00b3xima reuni#U00c3#U00b3n de finanzas.doc
data
#