flash

AD_loc_cl_6627815.xls

Status: finished
Submission Time: 26.06.2020 16:37:37
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    241741
  • API (Web) ID:
    379204
  • Analysis Started:
    26.06.2020 16:37:38
  • Analysis Finished:
    26.06.2020 16:46:28
  • MD5:
    d9e421a165315d2d99f7e827a0384b37
  • SHA1:
    1e4d68ce830115798f8164d182d3d47b1c60f441
  • SHA256:
    d09dbd794c373acc722abcff3df66acb8aa0260f099278a271cdf8febb30fce9
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
8/80

IPs

IP Country Detection
104.27.154.5
United States
172.67.205.79
United States

Domains

Name IP Detection
activediscounts.club
104.27.154.5
hackcheatsonline.club
172.67.205.79

URLs

Name Detection
https://hackcheatsonline.club/wp-data.php
https://activediscounts.club/wp-data.php
https://github.com/TimDavenport.png?size=32
Click to see the 9 hidden entries
https://github.com/v-ralewa.png?size=32
https://github.com/cynlau2020.png?size=32
http://schema.org/BreadcrumbList
https://github.com/MicrosoftDocs/OfficeDocs-OfficeUpdates/issues
http://schema.org/Organization
https://aka.ms/sitefeedback
https://github.com/MicrosoftDocs/OfficeDocs-OfficeUpdates-pr/blob/live/OfficeUpdates/office-MSI-non-
https://support.office.com/article/2ab296f3-7f03-43a2-8e50-46de917611c5
https://github.com/MicrosoftDocs/OfficeDocs-OfficeUpdates-pr/blob/ea2f2ee497d74222046b66bd2655f085da

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P1DBY5YH\office-msi-non-security-updates[1].htm
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Temp\DDF20000
data
#
C:\Users\user\AppData\Local\Temp\REGA78E.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\AD_loc_cl_6627815.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:44 2020, mtime=Fri Jun 26 13:38:22 2020, atime=Fri Jun 26 13:38:22 2020, length=252416, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Fri Jun 26 13:38:22 2020, atime=Fri Jun 26 13:38:22 2020, length=12288, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\83VOYWWA.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\DJ56G7R4.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\MVQKM0CS.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ON60LM65.txt
ASCII text
#
C:\Users\user\Desktop\1FF20000
Applesoft BASIC program data, first line number 16
#
C:\Users\Public\6bpD9.reg
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\Public\zGocdFZ.html
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
#