flash

tripadvisor_hint.xls

Status: finished
Submission Time: 23.07.2020 18:10:04
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    250297
  • API (Web) ID:
    396544
  • Analysis Started:
    23.07.2020 18:14:18
  • Analysis Finished:
    23.07.2020 18:28:19
  • MD5:
    f4020bb7757a09499282a052482009c1
  • SHA1:
    cbdf36ce6c148b2037df4aa5514fc8f03d49ef85
  • SHA256:
    e2e495aede724729169c83f7ad43d71404753372058fd5002818b11386f5980a
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
68/100

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
64/100

malicious
6/60

IPs

IP Country Detection
104.161.32.117
United States

URLs

Name Detection
http://104.161.32.117/qTG6Ap4f3MUls5zq.php

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\96330000
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Jan 28 13:33:37 2020, mtime=Thu Jul 23 15:15:37 2020, atime=Thu Jul 23 15:15:37 2020, length=12288, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\tripadvisor_hint.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jan 28 13:45:47 2020, mtime=Thu Jul 23 15:15:37 2020, atime=Thu Jul 23 15:15:37 2020, length=196608, window=hide
#
C:\Users\user\Desktop\69330000
Applesoft BASIC program data, first line number 16
#