flash

Scan emco Bautechni specification.pps

Status: finished
Submission Time: 22.06.2020 17:49:30
Malicious
Trojan
Adware
Spyware
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    240525
  • API (Web) ID:
    376793
  • Analysis Started:
    22.06.2020 17:55:02
  • Analysis Finished:
    22.06.2020 18:03:14
  • MD5:
    d46764d26e05e9056d0a410ae2f9d077
  • SHA1:
    a5e439de27ad3a594bae78fd4bbd4743f9f9acfa
  • SHA256:
    7eafb57e7fc301fabb0ce3b98092860aaac47b7118804bb8d84ddb89b9ee38f3
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
43/62

malicious
21/31

IPs

IP Country Detection
67.199.248.16
United States
104.23.99.190
United States
104.23.98.190
United States
Click to see the 1 hidden entries
3.21.149.255
United States

Domains

Name IP Detection
j.mp
67.199.248.16
pastebin.com
104.23.99.190

URLs

Name Detection
http://j.mp/dmdmcrcrcryctcgufyguhmd
http://3.21.149.255/webpanel/5/inc/1771f778463597.php
https://pastebin.com/raw/Bnv7ruYpd
Click to see the 23 hidden entries
http://crl.entrust.net/server1.crl0
https://pastebin.com/raw/Bnv7ruYp...
http://ocsp.entrust.net03
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://pastebin.com/raw/Bnv7ruYp....p
http://www.diginotar.nl/cps/pkioverheid0
https://FVGmXuB4VHYmlkm6XZpF.com
http://3.21.149.255
https://pastebin.com/raw/Bnv7ruYphttps://pastebin.com/raw/Bnv7ruYp
https://FVGmXuB4VHYmlkm6XZpF.comP
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://pastebin.com/raw/Bnv7ruYprC:
https://pastebin.com/raw/Bnv7ruYpcku)
https://report-uri.cloudfl
http://3.21.149.255x&7k
https://pastebin.com/raw/Bnv7ruYpWebKit/536.5
https://pastebin.com/raw/Bnv7ruYpu
https://pastebin.com/
http://ocsp.entrust.net0D
https://pastebin.com/raw/Bnv7ruYp
https://secure.comodo.com/CPS0
http://j.mp/
http://crl.entrust.net/2048ca.crl0

Dropped files

Name File Type Hashes Detection
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I6IND5M\2=M=M=S=A=6=e=y[1].txt
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66DPUJOA\2=M=M=S=A=6=e=y[1].txt
ASCII text, with very long lines, with no line terminators
#
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B18OHZEN\dmdmcrcrcryctcgufyguhmd[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHQILT6X\Bnv7ruYp[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Scan emco Bautechni specification.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:43 2020, mtime=Tue Jan 28 13:45:43 2020, atime=Mon Jun 22 14:56:09 2020, length=76800, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\13F1PGNM.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VKWLQZTN5Q11QHJ9HNF9.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X29XB6ENBFGPHN6DC33P.temp
data
#
C:\Users\user\AppData\Roaming\df1lwf5w.hng\Chrome\Default\Cookies
SQLite 3.x database, last written using SQLite version 3017000
#
C:\Users\user\AppData\Roaming\df1lwf5w.hng\Firefox\Profiles\477lumc2.default\cookies.sqlite
SQLite 3.x database, user version 8, last written using SQLite version 3017000
#