flash

covid-19 preventive measures.pps

Status: finished
Submission Time: 23.06.2020 08:08:24
Malicious
Trojan
Spyware
Exploiter
Evader
Lokibot

Comments

Tags

Details

  • Analysis ID:
    240724
  • API (Web) ID:
    377190
  • Analysis Started:
    23.06.2020 08:08:28
  • Analysis Finished:
    23.06.2020 08:17:38
  • MD5:
    cc17a31bb6d2ce8d57d3a108782b6796
  • SHA1:
    4f996c5df95fdde1662c76238760f6f585732b28
  • SHA256:
    63dd9c2279f0a416634a20224e9e8e015c7f8fab93e1147212ead6867cb7e68f
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
9/62

IPs

IP Country Detection
67.199.248.17
United States
77.105.36.109
Serbia
104.23.99.190
United States
Click to see the 1 hidden entries
104.23.98.190
United States

Domains

Name IP Detection
j.mp
67.199.248.17
visina-centar.com
77.105.36.109
pastebin.com
104.23.98.190

URLs

Name Detection
https://visina-centar.com/glsx/btls/fre.php
http://visina-centar.com/glsx/btls/fre.php
https://pastebin.com/raw/SHWX0snh
Click to see the 55 hidden entries
https://j.mp/ddddjxdsadasdasidjaisd
https://pastebin.com/raw/eYgN0VQJTC:
http://ocsp.entrust.net03
https://pastebin.com/raw/eYgN0VQJ
http://www.ibsensoftware.com/
https://pastebin.com/raw/Y9J7y39n...
https://pastebin.com/raw/YLq8icC2rC:
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
https://report-uri.cloudflare.com/cdn-cg
https://pastebin.com/raw/NPPve1Q3
https://pastebin.com/raw/SHWX0snh:
https://pastebin.com/raw/Y9J7y39nC:
https://pastebin.com/raw/eYgN0VQJ...ws
https://pastebin.com/D
https://pastebin.com/raw/NPPve1Q33
http://ocsp.entrust.net0D
https://pastebin.com/raw/Y9J7y39nVb
https://pastebin.com/raw/eYgN0VQJrC:
https://pastebin.com/raw/eYgN0VQJv80
https://pastebin.com/raw/Y9J7y39n
https://j.mp/U
https://pastebin.com/raw/SHWX0snh...emp
https://pastebin.com/raw/YLq8icC2dx
https://pastebin.com/d
https://pastebin.com/ul
https://pastebin.com/raw/YLq8icC2sidjaisdB1
http://crl.entrust.net/server1.crl0
https://pastebin.com/raw/eYgN0VQJ...
https://pastebin.com/raw/YLq8icC2aths
https://pastebin.com/raw/YLq8icC2...emp
http://crl.comod
https://pastebin.com/raw/SHWX0snhe
https://pastebin.com/raw/YLq8icC2https://pastebin.com/raw/YLq8icC2
https://j.mp/D
https://pastebin.com/raw/YLq8icC2sidjaisd
https://pastebin.com/eZ
https://pastebin.com/raw/NPPve1Q38y
https://pastebin.com/raw/eYgN0VQJl80
https://j.mp/ddddjxdsada$
https://pastebin.com/raw/NPPve1Q3...
https://pastebin.com/raw/NPPve1Q3C:
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
https://pastebin.com/raw/YLq8icC2d
Https://pastebin.com/raw/Y9J7y39n1
https://pastebin.com/raw/eYgN0VQJ=P
https://pastebin.com/raw/YLq8icC2
https://pastebin.com/raw/Y9J7y39ncrosoft
https://pastebin.com/raw/eYgN0VQJnnC:
https://pastebin.com/
https://pastebin.com/raw/SHWX0snhWX0snh14;ipt
https://secure.comodo.com/CPS0
https://pastebin.com/raw/SHWX0snhCo
http://crl.entrust.net/2048ca.crl0
https://pastebin.com/raw/YLq8icC2...UStc

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H42I2P1\QHsa4nmq[1].txt
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H42I2P1\SHWX0snh[1].txt
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H42I2P1\eYgN0VQJ[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2XU27E\NPPve1Q3[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2XU27E\NPPve1Q3[2].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QB2XU27E\QHsa4nmq[1].txt
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1BTMO6D\QHsa4nmq[1].txt
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1BTMO6D\ddddjxdsadasdasidjaisd[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1BTMO6D\eYgN0VQJ[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3P09LTC\Y9J7y39n[1].txt
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3P09LTC\YLq8icC2[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\85CB65\5E97AF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\85CB65\5E97AF.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-290172400-2828352916-2832973385-1004\ce1d9ab061b5b7ff17c765603e761dae_0f4f5130-48fa-4204-b1c4-585fbb81cd25
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\covid-19 preventive measures.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:51 2020, mtime=Tue Jan 28 13:45:51 2020, atime=Tue Jun 23 05:09:24 2020, length=63488, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\U8X73K0Z.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\50SH6GFS8XMV8KYA3NR9.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\61A9WQLGV448WCAQJ7I6.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JT40GSET393NIFIJ02BR.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L59T7T8BGYNJRKUEEVFV.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RQTHY2LGCNQ9IJ2EYDVU.temp
data
#