flash

14B2jmdWSduQ.vbs

Status: finished
Submission Time: 21.09.2020 16:21:28
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    288090
  • API (Web) ID:
    471314
  • Analysis Started:
    21.09.2020 16:21:42
  • Analysis Finished:
    21.09.2020 16:28:44
  • MD5:
    a8a61d5607fd78cc3fdddc74cbadbe21
  • SHA1:
    a8350689782928a7146ca14e25f6f5a26bcaa786
  • SHA256:
    b0f90bcff9a972235fc762093ef286a351b57a89eb218a631f11a7efd51b9ee1
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
10/55

malicious

malicious

IPs

IP Country Detection
8.208.101.13
Singapore

Domains

Name IP Detection
api10.laptok.at
8.208.101.13

URLs

Name Detection
http://api10.laptok.at/api1/bEYqdWquhr_/2F7iA7AfXq51C3/IVwsWdUaXD9bsH1vjUjT8/H0qFsYzfJ2y11mbX/Mff_2F
http://api10.laptok.at/api1/bEYqdWquhr_/2F7iA7AfXq51C3/IVwsWdUaXD9bsH1vjUjT8/H0qFsYzfJ2y11mbX/Mff_2FnypSlZ4pU/wEraG5wNUIgLJu_2Fh/M_2F4nk_2/FP5hiIUmtwoGlFrc0MaU/9BhyWQgLD59k7XGlxYx/j8J_2FzqV9srG7_2F_2BiK/oAuK6PZsP_2Bg/tCY5LViu/Q6ENt6GsXAfHO0DbIUiY5I8/hgreu2X1Ug/PI2sGhyPxO63QCh13/7PAFa08vPLZi/smc1LDZrE7b/ECdxq4aP_2FTr_/0A_0DX9icmKfGG6JMS1Rc/s2_2BvnAHbKCOS6E/up8d9gyuwBgcfSH/suQgQzmQNYXjl7avTV06M7/b
http://api10.laptok.at/api1/NjiDcnwvRl/nY10bqejxXhya4lzX/QDj_2F5rVlSU/BokhPlb5Qws/Dv1EYSf0wmFVXD/sU7_2BJPqeD9tT5id1l1e/_2Fijpr_2BtBUQ8E/EM2vJqRGVBQTUve/85MKE1tkKxa4urkDGQ/kpY2ByxSU/29XHvEuQ9WYX9QqtUfxg/RX5QKTcitJDGBfwUZNn/GLQP7e1D6GIf3FRSxrPkXi/Y1fr_2BA0VaHW/2NRU_2Bm/rQJwpXojTFI_2Bj8hx0qU_2/FZkO_2BWAt/6FFBUZ7_2FWAvs_0A/_0Dsw16sCOYL/fk6I4_2BWMG/7sgHBx7UUDxGxh/FHT2Oj9_2Fjo3LVkYJc_2/BP35BjnNtv9m/X9I83Ug
Click to see the 7 hidden entries
http://www.wikipedia.com/
http://www.amazon.com/
http://www.nytimes.com/
http://www.live.com/
http://www.reddit.com/
http://www.twitter.com/
http://www.youtube.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\Mardi.rm
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\irresistible.zip
Zip archive data, at least v2.0 to extract
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A24E000-FC61-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 25 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A24E002-FC61-11EA-90E8-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http_404[1]
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\Tallahassee.tiff
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\uproar.c
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\~DF7E255964632D7B28.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF88DE9B2C6CF617B6.TMP
data
#