flash

GnPS5qD6et8h.vbs

Status: finished
Submission Time: 08.09.2020 16:31:19
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    283043
  • API (Web) ID:
    461278
  • Analysis Started:
    08.09.2020 16:31:20
  • Analysis Finished:
    08.09.2020 16:37:45
  • MD5:
    5fba699119c2f87ba7236901f9e05dd3
  • SHA1:
    2c439c95b867087d2f6f7d7b8678cce9af671071
  • SHA256:
    14b3380105c6096dce3c4ead191c2ed2173fc472d02a869c09cbfa475476de7d
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
38/65

malicious
23/47

malicious

IPs

IP Country Detection
84.38.180.12
Russian Federation

Domains

Name IP Detection
api10.laptok.at
84.38.180.12

URLs

Name Detection
http://www.wikipedia.com/
http://www.amazon.com/
http://www.nytimes.com/
Click to see the 8 hidden entries
http://www.live.com/
http://api10.laptok.at/api1/Lpu1ITYXXHm1_2B_2FbZwsX/XeqddyyTJe/PZTCDn9EnX43Byyo4/N2IlCzHBV8S1/bUhPMvppe3y/qpNOWKOXF_2FrD/5rPR1eKwmziGDYCUOZsTh/_2BEB_2BcwB3a1mH/BvhU12owic9vcc_/2FTiLKpcLartJLN4VS/BK_2B67wK/1vEEjN_2FZER4dmd7Irp/YQUo4SE8_2BcQNhhcEV/Jg38bn7xcPl2BJe1Gbh7bK/YM7R7J42nGfu5/YsNpMi7l/9wmWuduCMX43FFkFg5PaXI_/0A_0D9ELOi/G4G4fqAKEpEBerhvV/SxH2mo2Adk45/gVQFSvDcuEf/wQUhb07SJd25MLANb8hJM/QC
http://api10.laptok.at/api1/JBgTZQjP/Bjk9jJFlJReRI3l1ERcwKtv/Djm647cu_2/B1GnkDLlGg1sOmJWV/1sFYQQFq5tnu/UNKQAIj0i8B/TRjGj5YheVE3tz/091W8CaR3WOkJ63Yi4WzO/6BsHqAjzF599Lbbs/Q6drtGW2VUIcmNR/r5_2BrmFg5BOF8kW59/oQYYzo3l9/oF8N83xjOJRq0uLYQtM6/Hq1_2Fq3tvbTdo0mfpu/5Q1edUy9Sqp6oVnI0m8JfM/YG1Blv2ggAprN/O4FTcVh1/6O_0A_0DX8gavnKlwaf8dbA/ZElLBVqQia/UgRvcGilkZJ3_2FSr/Or7yvoYwoBaG/I9CyLc1rLFJ/J2f1G
http://www.reddit.com/
http://www.twitter.com/
http://api10.laptok.at/api1/kbI5HEcnGy5/Obrn9Ns9Xlc_2B/SFnqkOhApFzqLMoHMd04x/IJVrFxSBZ91yqJIo/prHWbKEgFW954dL/tH_2BRMNZezB3GOSa1/GMCLmKQ4i/Oyve6u6Pn2acBUU_2B5i/IP1Sll1FJZgild2DVPA/lw1AZNOvxeXttGajVThZR2/eSPIHUT3H3Bni/F6FqU_2B/6sPsN6LybJ_2FByQXfUbMNo/X_2F8mjuzd/33W4GBUFYNaoSjuB_/2BZmXZaiL2F1/TTZeMUrc8p3/Vw3bOvI_0A_0Dj/tnAVmDgOtjzKnM0H2ug5_/2BVQOS7L7Svyg782/klQSFzTXyU/z
http://www.youtube.com/
http://api10.laptok.at/api1/SxN14BgG/QdNur1IFqozQBTDjdkWdcHW/kHhGVOd2xn/gcTAgcmA6CQmxZMqW/Bwl6xrVJnU5v/_2BcZ2rRi8_/2FfDqgM8hXmjz5/MTaXdT2B0TN_2Br3dznA5/nA9mGU2qhqLxqzCz/FycET99IadarRvC/fqjs4nHhaxCI6gYagR/P_2F7g4SX/bjvu6ISg2ZhgCizkVJLO/jQuKPoDWvMssiF1LdhJ/0urjDxstgrYvBo_2BtjWy8/9EkLCr1mtIcNU/RiAedONO/KWXFQC_0A_0Dn9pVyCPrfpK/DTCD_2Bcgv/CcbR0W4ugH53j4Atz/wZQeUFP3irX_/2Fy3EcSEEGDcBwmmQq820/h

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\bog.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Temp\obscure.mov
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\broaden.it
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\oocyte.gpx
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\pang.svg
ASCII text, with no line terminators
#