flash

XYmX3bLQJ9.xls

Status: finished
Submission Time: 22.07.2020 09:41:23
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    249180
  • API (Web) ID:
    394606
  • Analysis Started:
    22.07.2020 09:41:47
  • Analysis Finished:
    22.07.2020 09:50:51
  • MD5:
    dad32a78abd37223ce875f0158c0568c
  • SHA1:
    9b98b597bb5f9f626d24742b8a26ae4ecd09fa8d
  • SHA256:
    59a3abc511325483d1bf7afc1b97d78d608ca754796b330e025dc6c4a03e5ae0
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
7/60

malicious
6/31

IPs

IP Country Detection
66.147.238.141
United States
87.236.16.114
Russian Federation
31.186.8.166
Turkey
Click to see the 1 hidden entries
104.27.181.83
United States

Domains

Name IP Detection
current9.com.ng
66.147.238.141
australian-boots.nl
104.27.181.83
kinostanbulfilm.com
31.186.8.166
Click to see the 1 hidden entries
hotel-city.net
87.236.16.114

URLs

Name Detection
https://use.fontawesome.com/releases/v5.2.0/css/solid.css
https://cp.beget.com/img/icons/new_alert/alert.svg)
https://cp.beget.com/shared/ff268c78b70d486538ecede196a9c1f2/yandex3.png
Click to see the 56 hidden entries
https://cp.beget.com/shared/a41c785d3b44adcba2e1b90db2b77a37/firefox4.png
https://cp.beget.com/shared/a4f7c26338626b94ead39246a91aa4b3/firefox5.png
https://cp.beget.com/shared/12096cc377f80dda5798cfe745bb66ec/yandex32x.png
https://cp.beget.com/img/icons/new_alert/domain.svg)
https://join.skype.com/bot/ceda3526-d09b-4157-b6f0-91a646073c7e?add
https://cp.beget.com/i/logo.png
https://cp.beget.com/img/icons/new_alert/backup.svg)
https://cp.beget.com/shared/87421068ec6d6013cade7cc6a37e9566/safari3.png
https://cp.beget.com/img/icons/new_alert/mail.svg)
https://cp.beget.com/img/icons/new_alert/card.svg)
https://cp.beget.com/shared/80e7ada09ac4b7da555a5119237ff108/yandex4.png
https://cp.beget.com/shared/d336439cc49a04a1885186dc1930c02c/opera2.png
https://cp.beget.com/shared/6b5c3dfee3602b060a644965f11eabed/firefox3.png
https://cp.beget.com/shared/daa75ad57baee73ff347e589e11fc90f/yandex42x.png
https://cp.beget.com/shared/6d6888aac8d3896da5cd201e8d31670b/opera22x.png
https://cp.beget.com/shared/f38d02735868ba6f0f0f6d0056fcb600/chrome2.png
https://cp.beget.com/shared/f72a61de7929ef3236d54a7eda5f27e2/opera12x.png
https://cp.beget.com/img/icons/new_alert/check.svg)
https://cp.beget.com/img/icons/new_alert/setup.svg)
https://cp.beget.com/shared/82ed82f2d8ca8099998398f34f6aa01a/chrome3.png
https://cp.beget.com/shared/cfb3606fa62fb6a2f951d3e7cd24a8d9/opera1.png
https://cp.beget.com/img/icons/new_alert/support.svg)
https://cp.beget.com/img/icons/new_alert/delete.svg)
https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js
https://cp.beget.com/shared/80113015aafa3f261ff2fe54ebd6508d/safari1.png
https://cp.beget.com/shared/80ce1ee88a6a1cec9f2c7620f08a58c2/yandex2.png
https://cp.beget.com
https://beget.com/en/domain-register
https://cp.beget.com/shared/3c7ced0b4d09861e1884f5661f239fc0/chrome22x.png
https://cp.beget.com/img/icons/new_alert/locked.svg)
https://beget.com/ru/virtual-hosting
https://cp.beget.com/shared/138c05f2803ea0b167a7f975265ce43b/safari22x.png
https://cp.beget.com/shared/5fc2dd546f53e0902e15a3a70e4fe653/firefox22x.png
https://cp.beget.com/shared/1f93b61fdeeed1161d5ff5aa36e76dc4/firefox32x.png
https://beget.com/en/virtual-hosting
https://cp.beget.com/img/icons/new_alert/phone.svg)
https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css
https://beget.com/ru/domain-register
https://cp.beget.com/shared/f8f7096f67c0e3d82446d0ce6217b27d/safari12x.png
https://cp.beget.com/shared/13520f6e24d62a88aa7c54519eb1a647/safari32x.png
https://cp.beget.com/img/icons/new_alert/redis.svg)
https://cp.beget.com/img/icons/new_alert/php.svg)
https://cp.beget.com/img/icons/new_alert/alarm.svg)
https://cp.beget.com/shared/0693faca5588f69ca7da9fe4212cdc97/yandex22x.png
https://cp.beget.com/shared/1a512f91bcc8975205f979acf71d7d29/firefox42x.png
https://use.fontawesome.com/releases/v5.2.0/css/fontawesome.css
https://cp.beget.com/shared/745b3450fc1f4471ff21f6d64fc737b1/firefox52x.png
https://cp.beget.com/shared/1193ae0503f94daafb5dd14c87a1ddde/safari2.png
https://cp.beget.com/img/icons/new_alert/database.svg)
https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.10/lodash.min.js
https://code.jquery.com/jquery-3.3.1.min.js
https://cp.beget.com/img/octo/octo_rkn.png
https://cp.beget.com/shared/5433ccd2ab6359de9db5b621c3a0b633/chrome32x.png
https://cp.beget.com/shared/9fc46578a3f3beebbc6e3058537a3fcf/firefox2.png
https://cp.beget.com/img/icons/new_alert/info.svg)
http://beget.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Ioy.vbs
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\kLdSWz.html
HTML document, UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58367 bytes, 1 file
#
Click to see the 14 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O5J7R7O\wp-keys[1].htm
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXNNX5SF\wp-keys[1].htm
HTML document, UTF-8 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\1A430000
data
#
C:\Users\user\AppData\Local\Temp\Cab1982.tmp
Microsoft Cabinet archive data, 58367 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\Tar1983.tmp
data
#
C:\Users\user\AppData\Local\Temp\pb3.txt
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Wed Jul 22 06:42:41 2020, atime=Wed Jul 22 06:42:41 2020, length=8192, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\XYmX3bLQJ9.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:48 2020, mtime=Wed Jul 22 06:42:41 2020, atime=Wed Jul 22 06:42:42 2020, length=237056, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C1E5JWNL.txt
ASCII text
#
C:\Users\user\Desktop\4B430000
Applesoft BASIC program data, first line number 16
#