flash

September invoice.doc

Status: finished
Submission Time: 24.09.2020 03:29:35
Malicious
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    289415
  • API (Web) ID:
    473938
  • Analysis Started:
    24.09.2020 03:29:39
  • Analysis Finished:
    24.09.2020 03:36:27
  • MD5:
    93073043f681afcf6d9e9e1c784cbb50
  • SHA1:
    d2544ab207d1c2fb3d6bfd054b99ac6fcf354bbd
  • SHA256:
    6668e984377fa2f8a3eb0272e47a3c4788d4b15b2edcc7869ca7472c81159a07
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
37/62

malicious
15/48

malicious

malicious

IPs

IP Country Detection
148.163.67.138
United States
24.43.32.186
United States
162.241.252.71
United States
Click to see the 1 hidden entries
192.254.189.133
United States

Domains

Name IP Detection
haymetetrading.com
162.241.252.71
simofferbd24.com
148.163.67.138
401kplansinfo.com
192.254.189.133

URLs

Name Detection
http://haymetetrading.com/wp-includes/yGELKj4/
http://simofferbd24.com/wp-includes/fsiQc/
http://simofferbd24.com/cgi-sys/suspendedpage.cgi
Click to see the 5 hidden entries
http://24.43.32.186/aVpA1G1E0yNTYFT/PGAPIdHt/nGL8cGEmDCYty9c/81BrwIAl/uSGCs6dli8zF/wEVOT765VECJcPt/
http://401kplansinfo.com/cgi-bin/KtFRk/
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://24.43.32.186/aVpA1G1E0yNTYFT/PGAPIdHt/nGL8cGEmDCYty9c/81BrwIAl/uSGCs6dli8zF/wEVOT765VECJcPt/M

Dropped files

Name File Type Hashes Detection
C:\Users\user\yv3Wm9g\wZN78e8\Tii0bcp.exe
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BD561EF3-4E04-4856-9DA8-291722E1F767}.tmp
data
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\September invoice.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Thu Sep 24 09:30:32 2020, length=205824, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L7AWL1UCLUIH55PWLJKS.temp
data
#
C:\Users\user\Desktop\~$ptember invoice.doc
data
#