flash

PURCHASE ORDER No-17-11-98543.xlsm

Status: finished
Submission Time: 18.11.2020 07:56:17
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

  • xlsm

Details

  • Analysis ID:
    319311
  • API (Web) ID:
    540431
  • Analysis Started:
    18.11.2020 07:56:19
  • Analysis Finished:
    18.11.2020 08:03:12
  • MD5:
    921ac551fe8d88c2185f39f0e777eabd
  • SHA1:
    40702dc4f773cfa3fcf03c62ec810ba3f5e6b72d
  • SHA256:
    b1660b65514182bf97a767caa264b0500ef14692e69dae6ddca344591e7e016d
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
21/72

malicious
11/48

IPs

IP Country Detection
193.106.175.25
Russian Federation

Domains

Name IP Detection
gvbmkhvnyib.top
193.106.175.25

URLs

Name Detection
http://gvbmkhvnyib.top/QtuFGobZaW/conhost.triumphloader
http://4cnx9s25gsvw.top/syZsNnTNps.vx

Dropped files

Name File Type Hashes Detection
C:\ETTER\dAneDFma\conhost.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\conhost[1].triumphloader
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\~$PURCHASE ORDER No-17-11-98543.xlsm
data
#
Click to see the 7 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\71A94C24.png
PNG image data, 9 x 6, 8-bit colormap, interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A97335D5.jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2806x1984, frames 3
#
C:\Users\user\AppData\Local\Temp\68FE0000
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Nov 18 14:56:49 2020, atime=Wed Nov 18 14:56:49 2020, length=16384, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PURCHASE ORDER No-17-11-98543.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Nov 18 14:56:49 2020, atime=Wed Nov 18 14:56:49 2020, length=402957, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\2AFE0000
data
#