flash

HHS290620-024.ppt

Status: finished
Submission Time: 29.06.2020 21:28:47
Malicious
Trojan
Exploiter
Evader
AgentTesla

Comments

Tags

Details

  • Analysis ID:
    242119
  • API (Web) ID:
    379953
  • Analysis Started:
    29.06.2020 21:28:49
  • Analysis Finished:
    29.06.2020 21:36:17
  • MD5:
    2e5faf5df0e909aa914717d2c3f62bc4
  • SHA1:
    47795bb3d37270e2882541df837360389b634152
  • SHA256:
    2af288465c8fe02c371ce137c86b8137c3c017e7a9ea94ef0aa6ac5025dca649
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
9/61

IPs

IP Country Detection
67.199.248.16
United States
104.23.99.190
United States
104.23.98.190
United States

Domains

Name IP Detection
j.mp
67.199.248.16
pastebin.com
104.23.98.190

URLs

Name Detection
https://pastebin.com/raw/9nU58ujwhttps://pastebin.com/raw/9nU58ujw
http://pastebin.com/raw/DBMBYsw4o
http://pastebin.com/raw/fAFqQYgZED
Click to see the 54 hidden entries
http://193.56.28.69
http://ocsp.entrust.net03
http://pastebin.com/raw/9Lm52LAJ8axf
http://193.56.28.69x&7k
https://pastebin.com/raw/9nU58ujw9
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
http://pastebin.com/raw/fAFqQYgZnnC:
http://pastebin.com/raw/DBMBYsw4...
http://pastebin.com/raw/9Lm52LAJe:
http://pastebin.com/raw/9Lm52LAJ
http://pastebin.com/raw/DBMBYsw4y
http://j.mp/sdhgas6asdasdgha
http://pastebin.com/raw/9Lm52LAJ...
https://pastebin.com/raw/9nU58ujwdgha
https://pastebin.com/;
http://pastebin.com/raw/z0h2yS0U
http://pastebin.com/raw/fAFqQYgZ...G
http://pastebin.com/raw/9Lm52LAJ%27%3A%27
http://pastebin.com/raw/fAFqQYgZ
http://ocsp.entrust.net0D
http://pastebin.com/raw/9Lm52LAJR
http://pastebin.com/raw/DBMBYsw4http://pastebin.com/raw/DBMBYsw4
http://pastebin.com/raw/DBMBYsw4
http://crl.entrust.net/server1.crl0
http://ocsp.digi
https://pastebin.com/raw/9nU58ujwC:
http://3WRHQYmZll0gveng.com
http://pastebin.com/raw/fAFqQYgZA
https://pastebin.com/raw/9nU58ujwSD
https://pastebin.com/raw/9nU58ujwm52LAJ
http://3WRHQYmZll0gveng.comx)
http://j.mp/sdhgas6asdasdghaeN
http://pastebin.com/raw/fAFqQYgZhttp://pastebin.com/raw/fAFqQYgZ
http://pastebin.com/raw/DBMBYsw4nnC:
https://pastebin.com/raw/9nU58ujwl/
http://pastebin.com/raw/9Lm52LAJnnC:
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://pastebin.com/raw/9Lm52LAJhttp://pastebin.com/raw/9Lm52LAJ
http://pastebin.com/raw/DBMBYsw4Q
http://pastebin.com/raw/fAFqQYgZ...etg
https://pastebin.com/raw/9nU58ujw...
http://pastebin.com/raw/fAFqQYgZrC:
http://j.mp/on
http://pastebin.com/raw/DBMBYsw4G
http://pastebin.com/raw/9Lm52LAJED
https://pastebin.com/raw/9nU58ujw
http://193.56.28.69/webpanel-newking/inc/305e5b961ba2a8.php
https://pastebin.com/
https://secure.comodo.com/CPS0
http://j.mp/
http://crl.entrust.net/2048ca.crl0
http://j.mp/sdhgas6asdasdghanN
http://pastebin.com/raw/DBMBYsw4rC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GE7R1CV\qzJw7hd6[1].txt
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GE7R1CV\qzJw7hd6[2].txt
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6X3LDVL\DBMBYsw4[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6X3LDVL\z0h2yS0U[1].txt
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBECI1WM\9nU58ujw[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBECI1WM\fAFqQYgZ[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWG4GL8S\9Lm52LAJ[1].txt
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWG4GL8S\sdhgas6asdasdgha[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\HHS290620-024.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:44 2020, mtime=Tue Jan 28 13:45:44 2020, atime=Mon Jun 29 18:29:09 2020, length=73216, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\M47LAX3D.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0X7WHTWDWD9WM10EQG8X.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M8NUO08BFVX9JEO9VD0F.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O29CLOEDAL0YOZ2EJN6J.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P7A4I229TNVTIRAHFOJO.temp
data
#