flash

451796267.xls

Status: finished
Submission Time: 09.04.2020 06:20:40
Malicious
E-Banking Trojan
Trojan
Exploiter
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    221391
  • API (Web) ID:
    339515
  • Analysis Started:
    09.04.2020 06:20:41
  • Analysis Finished:
    09.04.2020 06:28:21
  • MD5:
    02403364e60ab29d5ffa86acb3d2a913
  • SHA1:
    cf3aa8c526a33add9b97c16a0a20716538d8265c
  • SHA256:
    966669eea02cf10fd1de0b99919b5f2ec57a83485a5026404a7dabf80aca1fd6
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
43/72

malicious
30/47

malicious

IPs

IP Country Detection
89.46.107.12
Italy

Domains

Name IP Detection
www.slgroupsrl.com
89.46.107.12
triomigratio.xyz
0.0.0.0

URLs

Name Detection
https://triomigratio.xyz/index.htmavelLog
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
https://triomigratio.xyz/index.htms://triomigratio.xyz/index.htm
Click to see the 8 hidden entries
https://triomigratio.xyz/index.htmRoot
http://ocsp.sectigo.com0
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
https://triomigratio.xyz/index.htm
https://triomigratio.xyz/index.htm7o
https://triomigratio.xyz
https://sectigo.com/CPS0C
https://triomigratio.xyz/index.htmyz/index.htm

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\1406202d00s408s1[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\JEsNEuI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
Click to see the 55 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZHP2WVI\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G84V1BJ0\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\NewErrorPageTemplate[2]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\dnserror[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\errorPageStrings[2]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SND2QUFX\httpErrorPagesScripts[2]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZQLJM6K\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\CabF903.tmp
Microsoft Cabinet archive data, 57416 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\TarF904.tmp
data
#
C:\Users\user\AppData\Local\Temp\www4504.tmp
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\www450F.tmp
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\www451A.tmp
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF2723DC0E7E6E865A.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF382A425126811CD7.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF70CC944DA3F6A87B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF7CE58A7F1DDFD27B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF8883CB702F959531.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF8FA3423CEBF710A8.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFAB737005D1B53E7C.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFBC68425D41F21F32.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFF45FBCD31A25367A.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFFAF70B682F39A9B8.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFFE5606D051A8B10F.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Aug 7 11:48:48 2017, mtime=Mon Aug 7 11:48:48 2017, atime=Wed May 31 02:32:40 2017, length (…)
#
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\Favorites\Links\Suggested Sites.url
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 57416 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
data
#
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C00F02E1-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D70EB051-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E4445241-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F179F431-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FEBBCFA1-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C00F02E3-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C00F02EE-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D70EB053-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4445243-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F179F433-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FEBBCFA3-7A19-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#