flash

Medica negra morre covid-19 apos racismo.docm

Status: finished
Submission Time: 27.12.2020 08:50:15
Malicious
Exploiter
Evader

Comments

Tags

  • COVID-19
  • docm
  • geo
  • Outlook
  • PRT

Details

  • Analysis ID:
    334232
  • API (Web) ID:
    570344
  • Analysis Started:
    27.12.2020 08:50:26
  • Analysis Finished:
    27.12.2020 09:19:05
  • MD5:
    549943fa268b65fee546e7adda0f06ba
  • SHA1:
    0ffc18af6916d88bf456f32a2e85b85e56b6c109
  • SHA256:
    c221dc10d175c2f3fb8366ad3aada1cf06c74ad8483a4a67bf62a0702b41c6f5
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
68/100

Error: Incomplete analysis, please check the report for detailed error information
System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
68/100

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Run Condition: Without Instrumentation

malicious
96/100

malicious
12/48

IPs

IP Country Detection
104.192.141.1
United States

Domains

Name IP Detection
bitbucket.org
104.192.141.1

URLs

Name Detection
https://bitbucket.org/seveca-emilia/onemoreslave/downloads/defen
https://bitbucket.org/seveca-emilia/onemoreslave/downloads/defenderModule.exe
https://bitbucket.org/seveca-emilia/on
Click to see the 10 hidden entries
https://bitbucket.org/seveca-emilia/onemoreslave/downloads/defenderModule.exePEH
http://www.%s.comPA
https://bitbucket.org/seveca-emilia/onemoreslav
https://bitbucket.org
https://bitbucket.org/seveca-emilia/onemoreslave/down
https://bitbucket.org/seveca-emi
https://bitbucket.org/s
https://bitbucket.orgp
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4USF964IMS63TWWSNQGM.temp
data
#
C:\Users\user\Desktop\~$dica negra morre covid-19 apos racismo.docm
data
#
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89B60F2F.png
PNG image data, 633 x 572, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{02B545E2-A1F4-420B-9DE9-98A3C69AB689}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{08186652-BACB-4000-A55F-0BCBA7498F21}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4F476E3-97C0-4A14-814E-1968BCE52029}.tmp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Medica negra morre covid-19 apos racismo.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Sun Dec 27 16:14:33 2020, length=107431, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#