flash

my_presentation_o6y.js

Status: finished
Submission Time: 06.04.2020 22:06:56
Malicious
E-Banking Trojan
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    220655
  • API (Web) ID:
    338085
  • Analysis Started:
    06.04.2020 22:07:09
  • Analysis Finished:
    06.04.2020 22:26:46
  • MD5:
    780082207026faabb8381f780fc9d462
  • SHA1:
    573f12e0a23eccd91a82b9a14fa0c5753ad05149
  • SHA256:
    1a3891253e423f0fbc89be4014a2c1cd4389ffd8982829d859f8a6a955dad959
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

unknowndetection
0/100

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Run Condition: Without Instrumentation

malicious
100/100

malicious
11/71

IPs

IP Country Detection
5.101.51.143
Russian Federation

Domains

Name IP Detection
f1.pipen.at
5.101.51.143
api10.dianer.at
5.101.51.143

URLs

Name Detection
http://f1.pipen.at/api1/8iQXGwCpzdKMz8g3/vR1Bs0PsJjWOKd0/CgIrsJRd_2BvCvUxkm/EXOKfEHNo/sYKGsI3cQNMqIc2s8Lkt/2WJiM46ejLxs3iANNJ9/h0d_2F80v8eQI71I9xW1ix/X25fj7vexiZHH/25toGcJ2/4qCC4KWagf38YJweMGTX2yy/g2VE2_2FE4/qml86HUU6i7BR1mLC/EYgG2gZ_2BJv/tirHghlS6iC/oeDlpjoTA6Q2pQ/XDM2St3rAcudiIsIc_2B9/FXw73bdttSLdvg_0/A_0DzW3gUjl_2Fr/YsYX0XolzoV8_2Fstv/ZS_2BgcF_/2FGwEtDMf1jKkxNFe920/LlyrF9mJyINdvtY/9G_2F
http://https://file://USER.ID%lu.exe/upd
http://f1.pipen.at/favicon.ico
Click to see the 29 hidden entries
http://f1.pipen.at/api1/olUj7VUg1W3_2B/Cm5em_2FIcoskF811yIlL/i5nyfJyOrsWaXAKa/wBuJs4wlgM_2BIy/t7o6sF4_2BEpb09e9D/e5ZukIG8o/FlemDlH5hm_2F_2BFN0s/2ZhIljtSaDFHSFEhyew/jBOrkKF_2FTTlaXJ3G7bcb/cK8SP8_2BRVIR/lu4YunYb/C7Y1WSSkLn2bCWF59L8cx45/SfuRwGoB6R/TJl48VgwKcXEC54Kl/Bzq0fT7_2FF_/2FQVuwY6mBp/UM3AQAfl6p2rLp/cMcs9TfWup_0A_0DRyv7X/E31Y4NNdfiq4NT8k/Gaeagtq3m74H3qK/lt2GxcKXxzzH0ftWw1/79Q1BmnDc/bht_2FB
http://f1.pipen.at/api1/fwo7DZYH_2BAKA9AO/nNoc7nnjpHEi/npqhf3GSHBr/v2V9gDEMWaip2f/WTZSyEKW70I6E_2BOGX8L/f1xas9w9a_2BQrc8/WmdaxoK73Rm87LL/JhJ_2FMMtqKcQxmhgf/S7RjNE9eu/brt07Jz86RaM4rk_2FBt/CORp_2BglkCLtmgMfGz/3bxYiCsOxAX38PGGPweCXx/7WraUC1th8DcB/U9IobK90/F0x_2BxxLQ9nLPSso3T1SD7/nbI9FZzdKq/iEddMW90JucsG5r6S/H_0A_0D7xk8S/3WhzWfKfGKz/j7q36j_2BqTV5s/7J_2FLYZ_2B1aW7EqQErh/D89Stq2I/FqlBS0nYVsijuN/m
http://f1.pipen.at/api1/fwo7DZYH_2BAKA9AO/nNoc7nnjpHEi/npqhf3GSHBr/v2V9gDEMWaip2f/WTZSyEKW70I6E
http://www.autoitscript.com/autoit3/J
http://www.apache.org/licenses/LICENSE-2.0
http://www.nytimes.com/
http://www.founder.com.cn/cn/bThe
http://constitution.org/usdeclar.txtC:
http://www.tiro.com
http://www.amazon.com/
http://api10.dianer.at/jvassets/xI/t64.dat
http://www.goodfont.co.kr
http://www.twitter.com/
http://www.carterandcone.coml
http://www.sajatypeworks.com
http://www.typography.netD
http://www.founder.com.cn/cn/cThe
http://fontfabrik.com
http://www.founder.com.cn/cn
http://constitution.org/usdeclar.txt
http://www.youtube.com/
http://www.jiyu-kobo.co.jp/
http://www.wikipedia.com/
http://www.fonts.com
http://www.sandoll.co.kr
http://www.live.com/
http://www.zhongyicts.com.cn
http://www.reddit.com/
http://www.sakkal.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\TAvvi.txt
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\BMV.MdUZxGc
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dnestjxp.m12.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lddzxr40.g2z.ps1
ASCII text, with no line terminators
#
C:\Users\user\Documents\20200406\PowerShell_transcript.376483.g09j5lcv.20200406222154.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#