flash

Request for quotation.xlsx

Status: finished
Submission Time: 20.11.2020 11:16:28
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • Formbook
  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    321122
  • API (Web) ID:
    544036
  • Analysis Started:
    20.11.2020 11:26:18
  • Analysis Finished:
    20.11.2020 11:38:27
  • MD5:
    109bae1300099a20ad3df28d09095bf1
  • SHA1:
    dd2c886624df876a75389a5690cf55fd59a0b217
  • SHA256:
    1154f054c7344a07eed067053d6f3cfec18bc3aee5078e94c3a77bba3827bb06
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
20/60

malicious
16/48

malicious

malicious

IPs

IP Country Detection
103.141.138.87
Viet Nam
172.67.181.41
United States

Domains

Name IP Detection
www.segredosdocopywriting.com
172.67.181.41
thdyneverwalkachinese2loneinlifekthfnp.ydns.eu
103.141.138.87

URLs

Name Detection
http://thdyneverwalkachinese2loneinlifekthfnp.ydns.eu/chnsfrnd2/winlog.exe
http://www.segredosdocopywriting.com/ogg/?tB=RFlQYLrZdnT7pMnfFMeIQbGHDdniJp1JjixjIr26XgGQhDWG8PiH1Erj4JEp2RyyMZp0Iw==&mbC0J=WL3hLJ98
http://www.windows.com/pctv.
Click to see the 16 hidden entries
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://wellformedweb.org/CommentAPI/
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://investor.msn.com/
http://www.iis.fhg.de/audioPA
http://www.%s.com
http://www.piriform.com/ccleaner
http://computername/printers/printername/.printer
http://www.%s.comPA
http://%s.com
http://www.hotmail.com/oe
http://treyresearch.net
http://auto.search.msn.com/response.asp?MT=
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\winlog[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$Request for quotation.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#