flash

Client Contact REGISTRATION Sheet.xlsx

Status: finished
Submission Time: 18.05.2020 10:12:04
Malicious
Trojan
Spyware
Exploiter
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    230970
  • API (Web) ID:
    358258
  • Analysis Started:
    18.05.2020 10:12:05
  • Analysis Finished:
    18.05.2020 10:22:27
  • MD5:
    c0cef36cc1f8970f9635a234a643f4a4
  • SHA1:
    e8628695c7dce1d840af14f409696893734ef822
  • SHA256:
    5adb3a044fea3386a1772545c446cd01467e0094ef9c1ad36a75947f09dd93a3
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
31/60

malicious
9/37

malicious
11/30

malicious

malicious

IPs

IP Country Detection
134.73.55.67
United States
151.101.1.195
United States

Domains

Name IP Detection
letsdindin.com
151.101.1.195
detafa.com
134.73.55.67
www.letsdindin.com
0.0.0.0
Click to see the 1 hidden entries
www.migrainefixnow.rocks
0.0.0.0

URLs

Name Detection
http://detafa.com/cps/nass.exe
http://www.paintogain.life/mnf3/
http://www.paintogain.life
Click to see the 65 hidden entries
http://www.paintogain.lifeReferer:
http://www.paintogain.life/mnf3/www.mysundaymornings.com
http://www.letsdindin.com/mnf3/?9rTpeFt0=G6fRyfWpf4em3a5PxYoprh6KPSSsHaeEr4x3W3Pvzp31VBrhmksxwaIIwF2fZ05EyJsOCg==&rj9L_=qpnTHjlx
http://www.eastcoastwesterners.com/mnf3/www.xn--289aw8k.com
http://www.fm776.comReferer:
http://www.xn--289aw8k.com/mnf3/www.fm776.com
http://www.csssecurity.net
http://www.goodkarmamke.com/mnf3/www.cnqr-global-master.com
http://www.cnqr-global-master.com/mnf3/www.bigdatacd.com
http://www.topfoundationrepairhouston.com/mnf3/
http://www.mansiobok2.info
http://www.migrainefixnow.rocks/mnf3/
http://www.hochschulmarketing.online/mnf3/
http://www.letsdindin.com/mnf3/
http://www.cnqr-global-master.com
http://www.topfoundationrepairhouston.com/mnf3/www.hochschulmarketing.online
http://www.mysundaymornings.com
http://www.jemployee.comReferer:
http://www.csssecurity.net/mnf3/www.goodkarmamke.com
http://www.csssecurity.net/mnf3/
http://www.insightsforchurch.comReferer:
http://www.mansiobok2.info/mnf3/
http://www.csssecurity.netReferer:
http://www.fm776.com/mnf3/www.insightsforchurch.com
http://www.insightsforchurch.com
http://www.xn--289aw8k.com
http://www.hochschulmarketing.online/mnf3/www.mansiobok2.info
http://www.hochschulmarketing.onlineReferer:
http://www.jemployee.com/mnf3/
http://www.%s.comPA
http://www.fm776.com/mnf3/
http://www.mysundaymornings.com/mnf3/
http://www.goodkarmamke.comReferer:
http://www.fm776.com
http://www.goodkarmamke.com/mnf3/
http://www.letsdindin.com
http://wellformedweb.org/CommentAPI/
http://www.cnqr-global-master.comReferer:
http://www.topfoundationrepairhouston.com
http://www.xn--289aw8k.comReferer:
http://www.bigdatacd.comReferer:
http://www.hochschulmarketing.online
http://www.letsdindin.comReferer:
https://www.letsdindin.com/mnf3/?9rTpeFt0=G6fRyfWpf4em3a5PxYoprh6KPSSsHaeEr4x3W3Pvzp31VBrhmksxwaIIwF
http://www.letsdindin.com/mnf3/www.topfoundationrepairhouston.com
http://www.eastcoastwesterners.comReferer:
http://www.migrainefixnow.rocks/mnf3/www.letsdindin.com
http://www.insightsforchurch.com/mnf3/
http://www.eastcoastwesterners.com
http://www.bigdatacd.com
http://www.jemployee.com
http://www.cnqr-global-master.com/mnf3/
http://www.migrainefixnow.rocks
http://www.bigdatacd.com/mnf3/www.jemployee.com
http://www.bigdatacd.com/mnf3/
http://www.topfoundationrepairhouston.comReferer:
http://www.mysundaymornings.com/mnf3/www.csssecurity.net
http://www.goodkarmamke.com
http://www.mansiobok2.infoReferer:
http://www.eastcoastwesterners.com/mnf3/
http://www.insightsforchurch.com/mnf3/www.paintogain.life
http://www.xn--289aw8k.com/mnf3/
http://www.mansiobok2.info/mnf3/www.eastcoastwesterners.com
http://www.migrainefixnow.rocksReferer:
http://www.mysundaymornings.comReferer:

Dropped files

Name File Type Hashes Detection
C:\Program Files\U5jm\userr0fttv_.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52W1LUXM\nass[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\06391C1V\063logri.ini
data
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Roaming\06391C1V\063logrv.ini
data
#
C:\Users\user\AppData\Roaming\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$Client Contact REGISTRATION Sheet.xlsx
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\836B325A.jpeg
[TIFF image data, big-endian, direntries=1], baseline, precision 8, 965x543, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF92047C.png
PNG image data, 999 x 505, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E287BAA7.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~$RD0003.docm
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~$RO0000.doc
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0004.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRO0000.doc
Microsoft Word 2007+
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3DEBE09B-7F16-4D4C-BD4B-18F1877A5B29}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BD2D56E8-2AB4-44BC-BACD-94EE536E0686}.tmp
data
#
C:\Users\user\AppData\Local\Temp\U5jm\userr0fttv_.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#