flash

7eVENrLX1GeE.vbs

Status: finished
Submission Time: 11.09.2020 17:08:42
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    284552
  • API (Web) ID:
    464293
  • Analysis Started:
    11.09.2020 17:08:43
  • Analysis Finished:
    11.09.2020 17:21:52
  • MD5:
    177109a1b199821bb5e7e75dab4a4816
  • SHA1:
    a7eebb7ea90b735636068a6496f4d831cd9d05ae
  • SHA256:
    7e217649f374af5e3c7dd00c6c41396275c02a40ba6ba1b80732c98d3a68046b
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
18/68

malicious
9/48

malicious

IPs

IP Country Detection
84.38.183.216
Russian Federation

Domains

Name IP Detection
api10.laptok.at
84.38.183.216

URLs

Name Detection
http://api10.laptok.at/api1/upWaCGLm/S85MSamac6qbb2INpqgGCkl/x0HSpogrED/bwSTOfPPSZQPyEc_2/Fj9om_2Btqjb/D8WI0rdtBps/0o6jdfPGCMg4ag/SXJtUdRfKfHmdlvN0zV3d/Y6xo3xNIvr4zhVYf/sNP7WMLosMYF1fN/1olNl7rowOmIDB3D_2/BZZk04ESv/gWvsnqx3_2Fjg_2BDbzW/CMbcAVZgIybxt0ExdgY/8uamwQvYQZyZU9xDBunj0z/W4rjdahIa787f/Lio4vRZ8/6ThZw1_0A_0DSh8ALyIdj2y/5Fs01O4MAo/CfeCfx9DCVClfWD3m/r5nWi2Abl_2F/StC_2BDRL/vklCos2jxGoB/c
http://api10.laptok.at/api1/kQFjCTe9hjGv9K/0AEsNQhxVbh_2Fpe4nmcF/_2FQWh_2FFjL4WTb/8bwJlkgTbqFSag9/UAT5zsenMrnZ8ftHWf/G7_2B4H43/kf7VL5q7PdPr94sQk0ba/Gl3LwyYpu_2FUuCYhfG/zfmI6a3k64Ft_2B_2BCKA3/wWO9v7oTN9XtV/YjscbrVo/7KaV0gavmw_2BXjVA0GEp_2/B_2Fs2Vvq9/8KnwEADW8b241fdPU/n5C2f0JhVR8h/dFKt3i2giAQ/RgSo47gJy4VW7Z/sL6bSKT8FX_0A_0D7HYkG/rbgVwCUaabjkTz3f/KDCet0kmS2LJayy/PzUMQnZJphOSPqSvSA/Fp4U8eAnUP1sj/J
http://api10.laptok.at/api1/mB3sivaqO791a9r5v5w/LSKJirlLU449UUaePmKjQJ/6m8v2raBwVv6N/eA7N24GV/CBGWjdV7nHIifslXd8impAa/DsxdD2XOWT/bVxfl3NHCkETbkYti/K_2FgeViRliJ/mbVx3Vkc5fu/MZ8lDN4AtIS1lM/owqSRf61_2B_2FpsvXufQ/U_2B6v_2FmzVt9JW/8fc3SIJpSvIJC46/IaN1biRr0JX5sS0qr1/0eSa2ZKbV/pdTGSrANdca9jnUB22a9/_2FtoaTNZ8jXAoAx_0A/_0DfITnVyipMK7vID1i9bA/RUydSb_2BZ8bf/JYVUehDL/TRJaoSC7HLkxdPtlCZA2eV5/fb8jqAo
Click to see the 16 hidden entries
http://api10.laptok.at/api1/Y7XZIGaGJG0/wLupXnpFHxVma5/3eKhzdoHCY5ZJsDmGySZF/IIiWfT1ClANXDUFa/TgiqzVt0GNHByaN/96riHIHjMikQueUWNX/Z3h2WQgY0/wqi7SCTJuGGElrJJFzBY/Lh1vQksaYW9gEZXNMgg/1fl5edsGIoC9MLN_2Bfu0J/LsSxlwvNKDABi/fertlMZZ/BA9S7AWmAaPkLkW1EbAgmyR/xWb0jtEwbl/O3IqXrc80otOa_2B1/x_2FQxmQYp7Z/cV1DGzIN4O_/0A_0DkxmZfCbA5/VsQZlxQ1lwotuOV_2Fo6N/iruncSAZY5vnpU68/_2Ftd43_2BBfBsQ/rHPYK4Try0/foK
http://api10.laptok.at/api1/7O35AmY6tmS1J/WAg03NFB/Z_2FlH4xfRTuZCxFsjFflMr/Iq3BrXew61/89gyaKRMQkeKfhgb8/UtwUN8g9hGv5/Nqn92qhni40/4UWKuxazbdAvVg/_2BH9UPCYavseJh7OMNbf/N2uktKq_2BIDCIQ_/2FokiFrp1fwl96K/u6ycp88gy2Ou7Q4JVX/rIxXL4n9x/uPb92XbpGPswYhKynp9C/iDqo27kii_2Bzdrp52u/LaXbQDr6_2FvCHtw7_2BL_/2BZx9706Eo1Ss/oYVw_2B3/8_0A_0Di7JVweaJXbsV1wO8/O1Xo3ab1Qs/4bwJLFxNurEQ/6zVmw1_2/B04
http://api10.laptok.at/api1/xj64N_2FGCYusFc6Gi/z8OlCi_2B/j57YuIw99u3L652qWE0A/_2FD3mdcTy02pHxSZK7/hx6Pg9G7j97sQ2bPGVuIo7/QElrTJ9r6glEb/5FJFMCEc/H2f82CLPBMOE6DIxm1OAlL5/zVhftU1MVs/rNgVN6N0uopNgjBKE/xJkvvXvyKVEm/JKKyyv0zlAV/OyeD0SCLzOn_2B/_2Ba0zGfsPn97326hFFpM/JT10qpseRI5Aegwo/6D5XyaM_2FccZkn/0in3RDgOsM2_2FvAiZ/_0A_0DlpU/pKVPqluUvsApy9FQnn7J/lcvbTXlTKDDOwtp4mgT/qKn5t3LW0G9V5ucgDpanrM/eBwr
http://api10.laptok.at/api1/pOp5pA9QKL7dBdUR6Q/sEboaXZRq/2ndhKMZsST1UcqvV8tPj/p_2FTjln6unNNSAneaE/3zsuNq0vVOv62EqVO_2FH2/20c2CTmFvJZix/kzIzVcKA/4LF3YzDJRtbxsNnY1lK5gXH/oAct3YSYTP/qkBD0O7VZoFmT2Q2N/8EM4GYAMl03h/zAqQEVba9Mj/VRRJBId3iLdOEv/otEQi_2FL3IfwzZKxrj4E/Nh8P8EFoMuex0AYP/aVDurUBNBhS1ZEW/ASDzicF65A_0A_0D4o/dT0ATkuQ4/8YAysDp_2FKJFhqbl26T/ZHzOVqHbuwdDTrjbgjj/RdupVnBK9x/2YZCUzV7J/O
http://api10.laptok.at/api1/AvVrfO29ZFDf3/Q8SpKKq0/X3_2BzAUPR1Uu_2BHGqdWdf/bFXo4xnXkH/hOjFw6vOAAqIa44Sr/3yCUrPQ6DLZ_/2FRb7Iwql6C/uy2opBWkaw73nM/mq6jDrYD9Z8DYhBegauAi/JR_2F7fmqPj19d0U/2uz48Y4Qm88Whl7/5Br_2FIL_2BfLog9gA/ZELDhZpeu/3HlWULhRViY4zQ3PSuFJ/a_2BujjSxGnZJdZEjzc/4q4hTajKceJpmlDDxCiamj/revssdJLQONTu/SGfCw_0A/_0DrP0iXEM4POeijRE9ikCt/SGaBhfXlDj/u6jfPNkjkmV9KCbgY/yOANOzaRjji9EAkW3h/nDl
http://api10.laptok.at/api1/sfMYV_2BhMjcST2svtK9/6_2BTkq1NEVVi9JU_2B/m78Yb7PqxrqlyVPdqnIs0U/7ljcMxg1vdsAJ/F6lhDETu/bdX5Yw3daHxVbzOwqQfJGml/DtdbfdS4ol/EBlmN772iNxjSo34a/3AXtyqzupb9N/HixEEQe2Feg/NHiWxjiIUs5Rsw/h2pYoMKmhjueDiFAbf3Q4/4ZGrDGUXjW7XLn8l/mpeuX4ws_2Fy9hg/kMp_2BPpY_2BZIRzW6/XtANJK3gH/liJxGr9nESxrzYwP_0A_/0Dxro7U4srCwD_2BHMH/Y_2F14TDsx3pXo_2FXdGq8/0GZ9PmC7pfe5f/m1ygywYT/KaZWIzQxf/8eUHI
http://api10.laptok.at/api1/HhOxvvoLng6eW2z_2BsT/_2F4VjiKPE5FUuqWb5G/7n6yt_2B4BuSVC50VRugrY/P8D7JqekOf2Up/uf0otbp9/IUZ8p_2B6wsoF7dpNBLqXxZ/GS6TQkotER/MTcy28DQQds_2BFEb/bBVdIjwSCR8S/BL_2BeIyZTD/K0OU26aPpqEzfD/itUs0WZvg4svKfXGjQymg/dduBc0gET1PPRogv/wqCxAOJ4NAT7uDG/EByAGICBb6vCU9gB9C/e13lSuW24/89L5flGRV2FvguM0_0A_/0DlgPHHAYaJGB1jpoaS/X6x7rLf7otAUkr5i4i4Ig6/YsqpkfLl
http://api10.laptok.at/api1/_2FtzwSIS2a_/2BKhUS_2FYv/Ddeg8qsugl51uI/iXB1a2mdF_2B4mAY5ux9B/eVPR0qPJRs_2FK0m/QVT2RjMFyJlVCPC/EqUcZQo_2BE_2FZPiU/VDhclXNOv/1deJRQVL7xH_2BfC_2FF/W_2BDev1TO5b0UN8ADX/jqt6cG8f1tJy_2Fkjoj7oC/FkNxY0Hl74a0j/SZUKx_2B/RNbC4YfJx3i8EidTLpWNuhV/T_2FjI5JN4/h_2BxFwlWqNYMv8_2/FCdXbP7H3BU_/2BxY3kfbEBn/fxizewAvsSOXO_/0A_0DLzSms6_2BXMOGlKc/DZAA58bWO0FbE5Gx/W0OAC99CnB2GO53/6yCnk17k0IYqW_2BL4/_2BnU2TT/s
http://api10.laptok.at/api1/AGGygRan5npqMjf/aLsQ5yOQj0YTlDv_2B/XYHcIBVX5/OEEz3dBI7KOyt_2F_2Bf/_2BVam3kceynM_2BGTQ/wgd6HQGF83rZkF4oateI0x/lFqH52qPeBap3/01iYvG6B/UTB_2FOiekyyWaEDf_2BvaC/1FZorNpNKY/OgbcB0rtszoHRyg1N/T75SEpnWRHCq/k3_2Fg6JpuG/XWRfLU6ibvGAr7/tIW469Bd1Cg1y_2FY7wUX/w1s9mZtakQnwc10n/xAe9ZTtM5zCtqaM/atpFgNF_0A_0DxcQOQ/_2FlYE_2B/iKNdTMfZJXmk0d_2BPut/ZPbjXTifZcYA0J7gC2s/PPBpXVedTkxG_2BNnlyQ/Jhh
http://www.nytimes.com/
http://www.youtube.com/
http://www.wikipedia.com/
http://www.amazon.com/
http://www.live.com/
http://www.reddit.com/
http://www.twitter.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Wendy.eps
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\alloy.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Lagrangian.rtf
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\prune.m4a
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\similar.wps
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\synchronism.xm
ASCII text, with no line terminators
#