flash

ARCH_25_012021.doc

Status: finished
Submission Time: 27.01.2021 09:29:39
Malicious
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    344852
  • API (Web) ID:
    591620
  • Analysis Started:
    27.01.2021 09:29:42
  • Analysis Finished:
    27.01.2021 09:40:38
  • MD5:
    baedc37e68b58765fa52c73d0fd2c2d5
  • SHA1:
    2131d1319b5de532638d34f1e3bf68337b6099bf
  • SHA256:
    94485b3ce47d4a2df6dba8e888ca7a360763f7edd5a0448552d1d06b6e4f4baa
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
35/61

malicious
23/28

malicious

IPs

IP Country Detection
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
Click to see the 95 hidden entries
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
217.160.169.110
Germany
51.255.203.164
France
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
192.169.223.13
United States
0.0.0.0
unknown
84.232.229.24
Romania
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
185.183.16.47
Spain
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown
0.0.0.0
unknown

Domains

Name IP Detection
shannared.com
192.169.223.13

URLs

Name Detection
http://3musketeersent.net/wp-includes/TUgD/
https://skilmu.com/wp-admin/hQVlB8b/
http://jeevanlic.com/wp-content/r8M/
Click to see the 19 hidden entries
http://dashudance.com/thinkphp/dgs7Jm9/
http://shannared.com
http://shannared.com/content/lhALeS/
http://mmrincs.com/eternal-duelist-9cuqv/jxGQj/
http://leopardcranes.com/zynq-linux-yaayf/w/
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://investor.msn.com/
http://www.piriform.com/ccleaner
http://www.%s.comPA
http://www.piriform.com/ccleanerv
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://www.piriform.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\Kaktksw\An6othh\N49I.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A07E7EB5-D643-47FF-B622-0CF30ED55516}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3935BE2-A796-4096-8B6B-C6BCF64E2588}.tmp
data
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\ARCH_25_012021.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Wed Aug 26 14:08:14 2020, atime=Wed Jan 27 16:30:34 2021, length=175616, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UXL3RQT94R3A0BC61R7X.temp
data
#
C:\Users\user\Desktop\~$CH_25_012021.doc
data
#