flash

quote#838.pdf.xlsm

Status: finished
Submission Time: 19.06.2020 13:46:22
Malicious
Trojan
Spyware
Exploiter
Evader
FormBook

Comments

Tags

Details

  • Analysis ID:
    239938
  • API (Web) ID:
    375674
  • Analysis Started:
    19.06.2020 13:46:53
  • Analysis Finished:
    19.06.2020 14:01:55
  • MD5:
    454869de3f9b18502d5c536bd0735468
  • SHA1:
    a75f94394c50b3402ba0807dbb75becede3cbba6
  • SHA256:
    93bf6b2da40dee6ccd112f4ea43f35546891691b9b1840579060b8a66c9e5891
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
21/60

malicious

IPs

IP Country Detection
52.58.78.16
United States
161.97.70.6
United States
23.236.62.147
United States
Click to see the 1 hidden entries
5.206.224.211
Portugal

Domains

Name IP Detection
mesary.com
52.58.78.16
lisamariejewels.com
23.236.62.147
catilossubway.com
161.97.70.6
Click to see the 1 hidden entries
parlored.com
0.0.0.0

URLs

Name Detection
http://lisamariejewels.com/private/?1bE0N=zszBOyvtWvJbCV5D1ljvsdz+F/9lI6zHvTLHEapj84LzDmktawc3/JGdOUSn79B9W6puKQ==&q2nL=rfQl6tfPgVE4
http://mesary.com/private/?1bE0N=clNua2RRlaazfypNws5NPxRM0LZhzCCVUJ5p9i1eqWGEmgRElgCzdVuHkrh0MEdBwn2/ug==&q2nL=rfQl6tfPgVE4&sql=1
http://catilossubway.com/private/?1bE0N=Q/zvJeo5eUF6bY8NqTqaiT5dz+FlUlOM5g2bD0b9WPkaSRx5bxiy0wOpL/54KfXiGQLA7Q==&q2nL=rfQl6tfPgVE4
Click to see the 75 hidden entries
http://5.206.224.211/snap/snayp.exe(u
http://5.206.224.211/snap/snayp.exe)
http://5.206.224.211/snap/snayp.exejdk.NodeTypedValuet
http://mesary.com/private/
http://catilossubway.com/private/
http://5.206.224.211/snap/snayp.exe
http://catilossubway.com/private/shannonlyon.com
http://specialty-tree.com
http://parlored.comReferer:
http://osmanliparts.com/private/
http://venepro.net/private/itluxurysedanway.live
http://mommingtomiracles.com
http://lisamariejewels.com/private/
http://mesary.comReferer:
http://toddohanian.com
http://www.mozilla.com0
http://specialty-tree.com/private/
http://itluxurysedanway.live/private/
http://puhzkb.com
http://golegol84.comReferer:
http://itluxurysedanway.live
http://osmanliparts.com
http://mesary.com
http://lisamariejewels.com
http://shannonlyon.com/private/
http://xn--hgbq9ekv.comReferer:
http://mommingtomiracles.comReferer:
http://venepro.netReferer:
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://puhzkb.com/private/toddohanian.com
http://tabistudio.com/private/
http://shannonlyon.com
http://thenflshoponline.com/private/
http://lisamariejewels.comReferer:
http://puhzkb.com/private/
http://specialty-tree.com/private/puhzkb.com
http://www.%s.comPA
http://lisamariejewels.com/private/mesary.com
http://golegol84.com/private/
http://toddohanian.comReferer:
http://xn--hgbq9ekv.com/private/osmanliparts.com
http://parlored.com/private/lisamariejewels.com
http://xn--hgbq9ekv.com
http://catilossubway.comReferer:
http://tabistudio.comReferer:
http://osmanliparts.comReferer:
http://wellformedweb.org/CommentAPI/
http://itluxurysedanway.liveReferer:
https://crash-reports.mozilla.com/submit?id=
http://thenflshoponline.com
http://tabistudio.com/private/venepro.net
http://ocsp.thawte.com0
http://catilossubway.com
http://toddohanian.com/private/
http://specialty-tree.comReferer:
http://shannonlyon.comReferer:
http://tabistudio.com
http://puhzkb.comReferer:
http://shannonlyon.com/private/specialty-tree.com
http://itluxurysedanway.live/private/mommingtomiracles.com
http://mesary.com/private/catilossubway.com
http://golegol84.com/private/thenflshoponline.com
http://golegol84.com
http://mommingtomiracles.com/private/golegol84.com
http://thenflshoponline.comReferer:
http://venepro.net
http://venepro.net/private/
http://parlored.com/private/
http://parlored.com
http://osmanliparts.com/private/tabistudio.com
http://xn--hgbq9ekv.com/private/
http://mommingtomiracles.com/private/
http://toddohanian.com/private/xn--hgbq9ekv.com
http://mesary.com/
http://browsehappy.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$quote#838.pdf.xlsm
data
#
C:\Users\user\AppData\Roaming\J55MN7DA\J55logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\J55MN7DA\J55logrf.ini
empty
#
Click to see the 7 hidden entries
C:\Users\user\AppData\Roaming\J55MN7DA\J55logri.ini
empty
#
C:\Users\user\AppData\Roaming\J55MN7DA\J55logrv.ini
empty
#
C:\Program Files\R2dxtwbm\mswtql.exe
empty
#
C:\ProgramData\snayp.exe
empty
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D2A8AAD3.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso22E0.tmp
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Temp\R2dxtwbm\mswtql.exe
empty
#