flash

http://dropbox.com/s/2l0ep7yboohz83e/SWIFT%20MT203%20DOKUMENT%20EUR27000%20ORDER%202020.7z?dl=1

Status: finished
Submission Time: 28.05.2020 08:47:46
Malicious
Trojan
Evader
Nanocore

Comments

Tags

Details

  • Analysis ID:
    233725
  • API (Web) ID:
    363603
  • Analysis Started:
    28.05.2020 08:47:46
  • Analysis Finished:
    28.05.2020 08:52:37
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
96/100

malicious
48/73

malicious
26/48

IPs

IP Country Detection
79.134.225.11
Switzerland
162.125.69.6
United States
162.125.8.1
United States
Click to see the 1 hidden entries
162.125.248.1
United States

Domains

Name IP Detection
wilpap321.ddns.net
79.134.225.11
dropbox.com
162.125.248.1
papaw456.serveftp.com
79.134.225.11
Click to see the 6 hidden entries
www.dropbox-dns.com
162.125.8.1
edge-block-www.dropbox-dns.com
162.125.69.6
onedrive.live.com
0.0.0.0
www.dropbox.com
0.0.0.0
uc9c3b3bb917cdb4d4342a1b65ce.dl.dropboxusercontent.com
0.0.0.0
i4irzw.ch.files.1drv.com
0.0.0.0

URLs

Name Detection
http://www.w3.
https://i4irzw.ch.files.1drv.com/y4ml1Q01tCRlfaCV-OLWZQ03k3ARTvfojHWkYgT1zV5l5oS0whsbm9x74IXOkou2CzD
https://i4irzw.ch.files.1drv.com/
Click to see the 2 hidden entries
https://onedrive.live.com/download?cid=F191CCC6E999117D&resid=F191CCC6E999117D%21207&authkey=AKOuWEK
https://onedrive.live.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\x4vz0vwg.gpu\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat
data
#
C:\Users\user\subfolder1\filename1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 11 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1055416-A0FA-11EA-AADD-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1055418-A0FA-11EA-AADD-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\SWIFT%20MT203%20DOKUMENT%20EUR27000%20ORDER%202020[1].htm
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.7z.u1u7zwy.partial
7-zip archive data, version 0.4
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.7z.u1u7zwy.partial:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\SWIFT MT203 DOKUMENT EUR27000 ORDER 2020.7z:Zone.Identifier
very short file (no magic)
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\SWIFT%20MT203%20DOKUMENT%20EUR27000%20ORDER%202020[1].7z
7-zip archive data, version 0.4
#
C:\Users\user\AppData\Local\Temp\1rx3jsee.zoo\unarchiver.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF706DBA5C421E7CAE.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFFFC7077C101F1532.TMP
data
#