=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

EmergencyContact.xlsm

Status: finished
Submission Time: 2020-03-27 18:26:19 +01:00
Malicious
Trojan
Exploiter
Evader

Comments

Tags

Details

  • Analysis ID:
    218575
  • API (Web) ID:
    334054
  • Analysis Started:
    2020-03-27 18:28:17 +01:00
  • Analysis Finished:
    2020-03-27 18:36:10 +01:00
  • MD5:
    54515bed8a73f41aad6b75d7fd4fec5f
  • SHA1:
    c5b151edcd96c966fd8cd7c9c6a500186485fd7b
  • SHA256:
    f4ac9d3d03ba1b812ab00a141b054d8e5e719fcbd55f2955353ec402c08534aa
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

IPs

IP Country Detection
119.28.234.224
China
170.106.11.8
Singapore

Domains

Name IP Detection
march262020.com
119.28.234.224
march262020.club
170.106.11.8
march262020.live
162.255.119.36
Click to see the 3 hidden entries
parkingpage.namecheap.com
198.54.117.216
march262020.best
0.0.0.0
www.march262020.live
0.0.0.0

URLs

Name Detection
http://march262020.site/post.php
http://www.march262020.live/post.phpAS
http://march262020.club/post.php
Click to see the 13 hidden entries
http://march262020.live/post.phpcs
http://march262020.store/post.php
http://www.march262020.live/post.php
http://www.march262020.live/post.phph
http://march262020.club/files/app.bin
http://www.march262020.live/post.php-
http://march262020.live/post.php
http://march262020.com/post.php
http://march262020.best/post.php
http://march262020.network/post.php
http://march262020.tech/post.php
http://march262020.online/post.php
http://march262020.live/post.phpU

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KEOF6EJ\app[1].bin
empty
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C257964.jpeg
empty
#
C:\Users\user\AppData\Roaming\Imed\tufi.exe
empty
#
Click to see the 2 hidden entries
C:\Users\user\Desktop\~$EmergencyContact.xlsm
empty
#
C:\cYNhYPc\mVVJuWs\FTBSEIi.exe
empty
#