flash

BankSwiftCopyUSD95000.ppt

Status: finished
Submission Time: 13.01.2021 13:42:32
Malicious
Trojan
Exploiter
Evader
AgentTesla

Comments

Tags

  • ppt

Details

  • Analysis ID:
    339086
  • API (Web) ID:
    580083
  • Analysis Started:
    13.01.2021 13:42:35
  • Analysis Finished:
    13.01.2021 13:54:17
  • MD5:
    7f0b415d0b7a76530b2f510a910811e5
  • SHA1:
    480594ad26c91dd9d719c80334285375540dc83e
  • SHA256:
    8d3e1d1a1775191a33980069f500e37f22bdcd0a1ad3544ab4a9d0a651fbd019
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
22/63

malicious
10/46

malicious

IPs

IP Country Detection
67.199.248.16
United States
108.177.127.132
United States
172.67.219.133
United States
Click to see the 2 hidden entries
104.18.49.20
United States
64.188.18.218
United States

Domains

Name IP Detection
j.mp
67.199.248.16
paste.ee
104.18.49.20
blogspot.l.googleusercontent.com
108.177.127.132
Click to see the 7 hidden entries
ghostbackbone123.blogspot.com
0.0.0.0
startthepartyup.blogspot.com
0.0.0.0
backbones1234511a.blogspot.com
0.0.0.0
mainjigijigi123.blogspot.com
0.0.0.0
randikhanaekminar.blogspot.com
0.0.0.0
www.blogger.com
0.0.0.0
resources.blogblog.com
0.0.0.0

URLs

Name Detection
https://www.blogger.com/static/v1/v-css/281434096-static_pages.cssjigi123.blogspot.com%2Fp%2Fst2222.
https://www.blogger.com/static/v1/v-css/368954415-lightbox_bundle.css
https://mainjigijigi123.blogspot.com/js/cookienotice.jspnga
Click to see the 97 hidden entries
https://www.blogger.com
https://www.blogger.com/go/privacy
https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.jsET4.0C;
https://www.blogger.com/share-post.g?blogID=9116518222795791100&pageID=8792113328696570758&target=pi
https://resources.blogblog.com/img/icon18_wrench_allbkg.pngk
https://resources.blogblog.com/img/icon18_wrench_allbkg.pngq
https://www.blogger.com/page-edit.g?blogID=9116518222795791100&pageID=8792113328696570758&from=penci
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png).meather)
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
https://www.blogger.com/static/v1/jsbin/2036001057-lbx__en_gb.js
http://www.diginotar.nl/cps/pkioverheid0
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.html$
https://www.blogger.com/unvisited-link-
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png)
https://mainjigijigi123.blogspot
https://www.blogger.com/img/share_buttons_20_3.png
https://www.blogger.com/img/share_buttons_20_3.pnga
https://resources.blogblog.com/img/triangle_ltr.gif)
https://www.youtube.com
https://www.blogger.com/go/discuss
https://www.blogger.com/comment-iframe.g?blogID=9116518222795791100&pageID=87921133286965707584.0E)
https://mainjigijigi123.blogs
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.css
https://mainjigijigi123.blogspot.com/js/cookienotice.jsp
https://www.blogger.com/img/share_buttons_20_3.pngv
http://ocsp.pki.goog/gts1o1core0
https://resources.blogblog.com/img/widgets/s_top.png
https://mainjigijigi123.blogspot.com/p/st2222.htmldnasdja
http://crl.pki.goog/GTS1O1core.crl0
https://i18n-cloud.appspot.com
https://mainjigijigi123.blogspot.com/js/cookienotice.jsi
https://mainjigijigi123.blogspot.com/js/cookienotice.js
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://mainjigijigi123.blogspot.com/feeds/posts/default
https://www.blogger.com/img/share_buttons_20_3.pngx
http://schema.org/BlogPosting
https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js
https://www.blogger.com/img/share_buttons_20_3.pngcomment_from_post_iframe.jspng
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.jsC:
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://www.windows.com/pctv.
https://www.blogger.com/?tab=jj
https://www.blogger.com/go/contentpolicy
Https://www.blogger.com/share-post.g?blogID=9116518222795791100&pageID=8792113328696570758&target=pi
https://resources.blogblog.com/img/widgets/s_bottom.png)
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.html
https://mainjigijigi123.blogspot.com/p/nap
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.cssQV
https://resources.blogblog.com/img/widgets/s_bottom.png
https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js
https://mainjigijigi123.blogspot.com/p/st2222.htmlK
https://www.blogger.com/go/devapi
https://mainjigijigi123.blogspot.com/feeds/posts/default?alt
https://www.blogger.com/go/blogspot-cookies
https://resources.blogblog.com/
https://mainjigijigi123.blogspot.com/p/----
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.htmlH
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.pngx6
https://www.blogger.com/static/v1/jsbin/3767
https://www.blogger.com/rpc_relay.html
http://pki.goog/gsr2/GTS1O1.crt0
https://mainjigijigi123.blogspot.com/p/st2222.htmld
https://mainjigijigi123.blogspot.com/feeds/posts/defaultng
http://ocsp.pki.goog/gs
http://ocsp.pki.goog/gsr202
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
https://pki.goog/repository/0
https://mainjigijigi123.blogspot.com/p/st2222.html
https://www.blogger.com/share-post.g?blogID=9116518222795791100&pageID=8792113328696570758&target=bl
https://mainjigijigi123.blogspot.com/p/st2222.html...
https://www.blogger.com/feeds/9116518222795791100/posts/default
https://www.blogger.com/comment-iframe.g?blogID=9116518222795791100&pageID=8792113328696570758&blogs
https://www.blogger.com/static/v1/widgets/84067855-widgets.js
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png0C;
https://www.blogger.com/go/adspersonalization
https://mainjigijigi123.blogspot.com/p/st2222.htmlvg
https://mainjigijigi123.blogspot.com/p/st2222.htmls
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.htmlgspo
https://www.blogger.com/go/buzz
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.pngt.co
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
https://randikhanaekminar.blogspot.com/p/st2.htmlC:
https://s.ytimg.com
https://www.blogger.com/static/v1/widgets/3416767676-css_bundle_v2.csscV
https://backbones1234511a.blogspot.com/p/stback1.html
https://www.blogger.com/blogin.g?blogspotURL=https://mainjigijigi123.blogspot.com/p/st2222.html0E)
https://www.blogger.com/static/v1/jsbin/376796862-ieretrofit.js.cssmV
https://www.blogger.com/
http://www.cookiechoices.org/
https://mainjigijigi123.blogspot.com/feeds/posts/default?alt=rss
http://crl.pki.goog/gsr2/gsr2.crl0?
https://mainjigijigi123.blogspot.com/js/cookienotice.jsA
https://mainjigijigi123.blogspot.com/p/st2222.htmldnasdjasgdakgsdhv
http://crl.entrust.net/2048ca.crl0
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js.blogspot.com%2Fp%2Fst2222.
https://mainjigijigi123.blogspot.com/p/st2222.htmlw

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\body_gradient_tile_light[1].png
PNG image data, 10 x 10, 1-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cookienotice[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cookienotice[2].js
ASCII text
#
Click to see the 42 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\gradients_light[1].png
PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\3858658042-comment_from_post_iframe[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\blogin[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\cookienotice[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\cookienotice[2].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\css[1].css
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dbgghasdnasdjasgdakgsdhv[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\error[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ghostbackup13[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\st2[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\3416767676-css_bundle_v2[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\84067855-widgets[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[1].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[2].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[3].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[4].htm
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\cookienotice[1].js
ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\analytics[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\backbone14[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[3].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\error[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\icon18_edit_allbkg[1].gif
GIF image data, version 89a, 18 x 18
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\icon18_wrench_allbkg[1].png
PNG image data, 18 x 18, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\maia[1].css
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\share_buttons_20_3[1].png
PNG image data, 120 x 60, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\st2222[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\stback1[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\BankSwiftCopyUSD95000.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Wed Aug 26 14:08:14 2020, atime=Wed Jan 13 20:43:35 2021, length=104448, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0C80LKLL3RNFORU629R4.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3U3Q2FM73WBY1UE104TU.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\J8I74OU51TKSDH4DLI8O.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K99IMC5JY7YG7OEZH6Y6.temp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\281434096-static_pages[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\3101730221-analytics_autotrack[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\376796862-ieretrofit[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\84067855-widgets[1].js
ASCII text, with very long lines
#