flash

Test_spam.xls

Status: finished
Submission Time: 21.05.2020 07:53:14
Malicious
E-Banking Trojan
Trojan
Exploiter
Evader
Hidden Macro 4.0 Ursnif

Comments

Tags

Details

  • Analysis ID:
    232009
  • API (Web) ID:
    360290
  • Analysis Started:
    21.05.2020 07:53:15
  • Analysis Finished:
    21.05.2020 08:01:18
  • MD5:
    d64dfd3bbf9e3d7784a83a11e253dedc
  • SHA1:
    307b1fe7b9632b86fedb3075346268b72b0662e7
  • SHA256:
    ec762ef169fdab5fcb002d635ea7e4cc5e575ee73f50dedf2e864883f6071527
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious

IPs

IP Country Detection
202.47.1.59
Australia
91.211.246.48
Lithuania

Domains

Name IP Detection
bespokemerchandises.com
202.47.1.59
worldwidebars.xyz
91.211.246.48

URLs

Name Detection
https://worldwidebars.xyz/index.htm
https://sectigo.com/CPS0
http://crl.entrust.net/server1.crl0
Click to see the 22 hidden entries
http://ocsp.sectigo.com0
http://cps.letsencrypt.org0
http://ocsp.entrust.net03
http://ocsp.int-x3.letsencrypt.org0/
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://worldwidebars.xyz/index.ht
http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
http://www.diginotar.nl/cps/pkioverheid0
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://sectigo.com/CPS0B
http://cert.int-x3.letsencrypt.org/0
https://worldwidebars.xyz/index.htmRoot
https://worldwidebars.xyz/index.htmxyz/index.htm
http://ocsp.entrust.net0D
https://secure.comodo.com/CPS0
http://crl.entrust.net/2048ca.crl0
http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
http://cps.root-x1.letsencrypt.org0
https://worldwidebars.xyz
https://worldwidebars.xyz6

Dropped files

Name File Type Hashes Detection
C:\LttgTtQ\drYpcgG\BwkGvmB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\374B7Ai1[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\~$Test_spam.xls
data
#
Click to see the 75 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 57243 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
data
#
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B3E59231-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEFD8241-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DEC5BE01-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE87DD01-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3E59233-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3E5923E-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CEFD8243-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DEC5BE03-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE87DD03-9B27-11EA-B813-B2C276BF9C88}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\http_404[1]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BALWKT9\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\http_404[1]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0RG3V0B\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\ErrorPageTemplate[2]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\errorPageStrings[2]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\httpErrorPagesScripts[2]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\http_404[1]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\http_404[2]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4H0PHGM\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\http_404[1]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMFKJH42\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Temp\CabFEC4.tmp
Microsoft Cabinet archive data, 57243 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\F3F30000
data
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\TarFEC5.tmp
data
#
C:\Users\user\AppData\Local\Temp\www535F.tmp
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\www536A.tmp
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\www5375.tmp
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF065374345AEBF165.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF06865E5D1696E570.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF06BF3EB0A933A2DA.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF3203796BAE214E59.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF4ED6F6533819B27F.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF4EFA18E5DA79C34C.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFA21454485C882D9C.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFAE526A3A41A83060.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFEECD7278DBC2243D.TMP
data
#
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Aug 7 11:48:48 2017, mtime=Mon Aug 7 11:48:48 2017, atime=Wed May 31 02:32:40 2017, length (…)
#
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Thu May 21 04:55:25 2020, atime=Thu May 21 04:55:25 2020, length=12288, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Test_spam.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:45 2020, mtime=Thu May 21 04:55:25 2020, atime=Thu May 21 04:55:25 2020, length=750430, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\55F30000
data
#
C:\Users\user\Favorites\Links\Suggested Sites.url
MS Windows 95 Internet shortcut text (URL=<https://ieonline.microsoft.com/#ieslice>), ASCII text, with CRLF line terminators
#