flash

Nuovo documento 1.vbs

Status: finished
Submission Time: 23.04.2020 20:08:22
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    224946
  • API (Web) ID:
    346465
  • Analysis Started:
    23.04.2020 20:11:26
  • Analysis Finished:
    23.04.2020 20:20:28
  • MD5:
    e9c937259a589fa3a30d60e04e8fd11f
  • SHA1:
    0f5d9f45de87ea1b6f136f4c39e269d9e0f46ee4
  • SHA256:
    b99ac573e0a998252441b5f6f5420a75ae4d071675b3feaa2d59b0ba415e1e7c
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
6/59

malicious
6/48

IPs

IP Country Detection
89.191.225.207
Russian Federation
185.22.153.166
Russian Federation

Domains

Name IP Detection
rolandojgarcia.com
89.191.225.207
site-cdn.onenote.net
0.0.0.0
barecao.xyz
185.22.153.166

URLs

Name Detection
http://rolandojgarcia.com/pagigpy75.php:
http://rolandojgarcia.com/pagigpy75.phpO5?
http://rolandojgarcia.com/pagigpy75.php
Click to see the 19 hidden entries
http://rolandojgarcia.com/pagigpy75.php2
http://rolandojgarcia.com/pagigpy75.php_______Set
http://www.nytimes.com/
http://ocsp.sectigo.com0
https://barecao.xyz/index.htmRoot
https://barecao.xyz/index.htmdex.htm
https://barecao.xyz/index.htm
http://www.youtube.com/
https://sectigo.com/CPS0C
http://rolandojgarcia.com/
https://barecao.xyz
http://www.wikipedia.com/
http://www.amazon.com/
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://www.live.com/
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://www.reddit.com/
http://www.twitter.com/
https://barecao.xyz/favicon.ico

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\PaintHelper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\f2oqx0oi.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9ADEEA80-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
Click to see the 45 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9ADEEA82-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{9ADEEA84-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A1AB3841-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A1AB3843-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A7B24F40-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A7B24F42-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A7B24F44-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AFE5959C-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AFE5959E-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B7EEEA77-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B7EEEA79-85D9-11EA-AAE5-44C1B3FB757B}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\r1ckxmj\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KGYEP10B\favicon[1].ico
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\8OJ03BG5\index[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\CSC77BC04006FB247D3A31CB167F1BAF8A.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\Low\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\RES4B18.tmp
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1i32wtml.qzd.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_flcmhvwr.nhc.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\f2oqx0oi.0.cs
C++ source, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Temp\f2oqx0oi.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF04F926A40DCF9D79.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF069FCFF18D3E0F3D.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF3718358378F491A1.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF4563720317568BEC.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF4F1F8F6F4B10894B.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF5AD93B8C40DA7028.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF736A28E4B38D4918.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF76E9C49390A666AE.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF86EAF5CB001B9ECA.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF90D5C70BAC9316A6.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFDA26CBDC1AC8B5F6.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFF5B722616F59DCFA.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QYMSQAA33ZMMHM6PGDYH.temp
data
#
C:\Users\user\Documents\20200423\PowerShell_transcript.367706.c9lL3j2b.20200423201448.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#