flash

utente_2276.xls

Status: finished
Submission Time: 29.06.2020 13:53:06
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    241988
  • API (Web) ID:
    379696
  • Analysis Started:
    29.06.2020 13:53:07
  • Analysis Finished:
    29.06.2020 14:01:43
  • MD5:
    0f7e1d336a8f88a936d074e5af221821
  • SHA1:
    863e8fbc1af3cc216202fe29757ad2d7264b8b1e
  • SHA256:
    8bcea2f6153fe74abd49c9f36206370c40d004b414b73f1cb99c7e123a485cbc
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
72/100

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Run Condition: Potential for more IOCs and behavior

malicious
68/100

malicious
8/79

malicious

IPs

IP Country Detection
62.173.145.113
Russian Federation

Domains

Name IP Detection
gstat.securityguardlisting.com
62.173.145.113

URLs

Name Detection
http://gstat.securityguardlisting.com/setup.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\ACF20000
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Mon Jun 29 10:54:22 2020, atime=Mon Jun 29 10:54:22 2020, length=8192, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\utente_2276.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:43 2020, mtime=Mon Jun 29 10:54:22 2020, atime=Mon Jun 29 10:54:22 2020, length=215040, window=hide
#
C:\Users\user\Desktop\0EF20000
Applesoft BASIC program data, first line number 16
#