flash

look_presentation_84275.vbs

Status: finished
Submission Time: 17.09.2020 15:51:07
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    286986
  • API (Web) ID:
    469126
  • Analysis Started:
    17.09.2020 15:51:08
  • Analysis Finished:
    17.09.2020 15:57:31
  • MD5:
    30c60df7f7febee8404ef1ca2c1fac0a
  • SHA1:
    1acc068ef95e1b4378f752f839a1c9dcc5c58b2d
  • SHA256:
    18d6ba48ce77fd70ba56dc0e6dc2c2f5b45614f181974b3ed8c646164e197af6
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
7/56

malicious

IPs

IP Country Detection
8.208.101.13
Singapore

Domains

Name IP Detection
api10.laptok.at
8.208.101.13

URLs

Name Detection
http://api10.laptok.at/api1/m0nTTmquy9C65rQ4tn/qQCDRAZlN/q1ZwoMEB0ubMQVoh5n7V/WtESt0Z5hctG6G_2Bjz/bU
http://api10.laptok.at/favicon.ico
http://api10.laptok.at/api1/w_2FoTeexQyD/Fghyn08znyt/1WysawwP7aPlBF/GV3Z_2B1tmX6SKWu5Mi_2/F42kIzQgtwmx9mfr/7nEyUwwGqXrpuGi/8QMa318Mn5f5FJtuDo/NlIjbbeHf/3xbZB4jP46e1hv_2Fv1Y/KPjnvo7YujU4NzmZHqM/vabinagUfyButwYTDG_2FM/kOBGLkWRYTYcT/ixq5z9Q2/Pe6HFdq4V12ZLUrTtHBn_2F/iqkLK8Ok2w/qwZzMenqB_2FFI3nB/bfP7_2F9kcOb/_2Fm48HYkA_/0A_0DNPM980PgR/luzZbO4_2BK4_2FRbwgPc/jnmJbgz4m_2Bjwnb/XYfjDn7PLlZKfKI/Z7O26GDhR/O82a
Click to see the 2 hidden entries
http://api10.laptok.at/api1/m0nTTmquy9C65rQ4tn/qQCDRAZlN/q1ZwoMEB0ubMQVoh5n7V/WtESt0Z5hctG6G_2Bjz/bU1rZac12CzT2CcifnlH5H/FCAR8LLB8T2KF/nPngZxIW/d8PFvGKxutD7aErRf1uwxEb/n7wTAc12MP/oAHF9p0YLtepeBrgS/1XWdHfH5G1NW/1Axl3h8e7ww/oZMeb_2ByvvRUa/qEVVRjZolFjr_2B9kgn0_/2FXNj0N02u_2B31X/GmB42bPxMUpEmkd/_2FrVeYtO34cmwwh_0/A_0DhpcMr/3FGCUEXMhEcTmB2S4PBD/kRVwj5PJkj5VtaTz67D/CED
http://api10.laptok.at/api1/w_2FoTeexQyD/Fghyn08znyt/1WysawwP7aPlBF/GV3Z_2B1tmX6SKWu5Mi_2/F42kIzQgtw

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Greenbelt.iso
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\hosiery.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9BB46AC9-F938-11EA-90E3-ECF4BB570DC9}.dat
Microsoft Word Document
#
Click to see the 14 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9BB46ACB-F938-11EA-90E3-ECF4BB570DC9}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9BB46ACD-F938-11EA-90E3-ECF4BB570DC9}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\O82a[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\CED[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\Euclid.rs
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\fest.js
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\macrostructure.iso
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\quackery.mxf
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\vacant.mp3
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\~DF6470B281BA2D7249.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFBE698B02FCA68207.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFE0E8DCCB111DAFA9.TMP
data
#