flash

PO85937758859777.xlsx

Status: finished
Submission Time: 13.01.2021 17:10:50
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    339197
  • API (Web) ID:
    580315
  • Analysis Started:
    13.01.2021 17:12:48
  • Analysis Finished:
    13.01.2021 17:24:38
  • MD5:
    80580c09bbeb955baf5d08e6298cf952
  • SHA1:
    5d2877c47fd701cff2f29e8935946e119baad62a
  • SHA256:
    78a37255aa8d51e37547d76b29711dae8a9209af7b798590260fb02ee9fe7c76
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
18/61

malicious
10/46

IPs

IP Country Detection
52.58.78.16
United States
199.59.242.153
United States
34.102.136.180
United States
Click to see the 4 hidden entries
184.168.131.241
United States
52.201.79.206
United States
156.241.53.120
Seychelles
185.26.106.165
France

Domains

Name IP Detection
bodyfuelrtd.com
34.102.136.180
www.cckytx.com
156.241.53.120
www.med.vegas
52.201.79.206
Click to see the 11 hidden entries
www.modaluxcutabovefitness.com
52.58.78.16
www.alwayadopt.com
199.59.242.153
tradingworldchina.com
185.26.106.165
giftasmile2day.com
184.168.131.241
reversehomeloansmiami.com
34.102.136.180
www.modernappsllc.com
0.0.0.0
www.jorgegiljewelry.com
0.0.0.0
www.helloinward.com
0.0.0.0
www.bodyfuelrtd.com
0.0.0.0
www.giftasmile2day.com
0.0.0.0
www.reversehomeloansmiami.com
0.0.0.0

URLs

Name Detection
http://www.modaluxcutabovefitness.com/8rg4/?RJ=BSQ7V1i2N9vBmsCIz7W/uQKzzFwWHtA3l7eKqfpYK40hJhbN+S/b7gP0W92i3TURdQSX0g==&LFQHH=_pgx3Rd
http://www.giftasmile2day.com/8rg4/?RJ=sR6mXmiXS1IkonJdYlFao53tdftaP6KCaP+fBLIZC0+jJmH2nVBesg00yLwM+Xg8gzFUXA==&LFQHH=_pgx3Rd
http://www.abril.com.br/favicon.ico
Click to see the 97 hidden entries
http://search.daum.net/
http://search.naver.com/favicon.ico
http://search.msn.co.jp/results.aspx?q=
http://www.clarin.com/favicon.ico
http://buscar.ozu.es/
http://kr.search.yahoo.com/
http://search.about.com/
http://busca.igbusca.com.br/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
http://www.ask.com/
http://www.priceminister.com/favicon.ico
http://www.cjmall.com/
http://search.centrum.cz/
http://suche.t-online.de/
http://www.google.it/
http://search.auction.co.kr/
http://www.ceneo.pl/
http://www.amazon.de/
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://sads.myspace.com/
http://busca.buscape.com.br/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://browse.guardian.co.uk/favicon.ico
http://google.pchome.com.tw/
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://www.rambler.ru/favicon.ico
http://uk.search.yahoo.com/
http://espanol.search.yahoo.com/
http://www.ozu.es/favicon.ico
http://search.sify.com/
http://openimage.interpark.com/interpark.ico
http://search.yahoo.co.jp/favicon.ico
http://search.ebay.com/
http://www.gmarket.co.kr/
http://search.nifty.com/
http://searchresults.news.com.au/
http://www.google.si/
http://www.google.cz/
http://www.soso.com/
http://www.univision.com/
http://search.ebay.it/
http://images.joins.com/ui_c/fvc_joins.ico
http://www.asharqalawsat.com/
http://busca.orange.es/
http://cnweb.search.live.com/results.aspx?q=
http://auto.search.msn.com/response.asp?MT=
http://search.yahoo.co.jp
http://www.target.com/
http://buscador.terra.es/
http://search.orange.co.uk/favicon.ico
http://www.iask.com/
http://www.tesco.com/
http://cgi.search.biglobe.ne.jp/
http://search.seznam.cz/favicon.ico
http://suche.freenet.de/favicon.ico
http://search.interpark.com/
http://search.ipop.co.kr/favicon.ico
http://search.espn.go.com/
http://www.myspace.com/favicon.ico
http://search.centrum.cz/favicon.ico
http://p.zhongsou.com/favicon.ico
http://service2.bfast.com/
http://www.%s.comPA
http://ariadna.elmundo.es/
http://www.news.com.au/favicon.ico
http://www.cdiscount.com/
http://search.chol.com/favicon.ico
http://www.mercadolivre.com.br/
http://www.merlin.com.pl/favicon.ico
http://search.ebay.de/
http://www.mtv.com/
http://www.rambler.ru/
http://www.nifty.com/favicon.ico
http://www.dailymail.co.uk/
http://www3.fnac.com/favicon.ico
http://buscar.ya.com/
http://search.yahoo.com/favicon.ico
http://www.iis.fhg.de/audioPA
http://www.sogou.com/favicon.ico
http://asp.usatoday.com/
http://fr.search.yahoo.com/
http://rover.ebay.com
http://in.search.yahoo.com/
http://img.shopzilla.com/shopzilla/shopzilla.ico
http://search.ebay.in/
http://image.excite.co.jp/jp/favicon/lep.ico
http://%s.com
http://msk.afisha.ru/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://search.rediff.com/
http://www.ya.com/favicon.ico
http://www.etmall.com.tw/favicon.ico
http://it.search.dada.net/favicon.ico
http://search.naver.com/
http://www.google.ru/
http://search.hanafos.com/favicon.ico
http://cgi.search.biglobe.ne.jp/favicon.ico

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\file1[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$PO85937758859777.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\683C7CC6.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\941F3A0F.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A3CFBB99.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#