flash

IU-8549 Medical report COVID-19.doc

Status: finished
Submission Time: 17.02.2021 22:55:45
Malicious
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    354471
  • API (Web) ID:
    610906
  • Analysis Started:
    17.02.2021 22:55:49
  • Analysis Finished:
    17.02.2021 23:03:58
  • MD5:
    be33bce1030d367cf23727936fc1fbfd
  • SHA1:
    2731bb3115108d14d2a4d5abd49aef32468961c9
  • SHA256:
    843ac5a5070a8f77eeb150cf7963ea5a66dd5763b0e3ac3d775333219fa5b773
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
40/63

malicious
22/37

malicious
27/29

malicious

IPs

IP Country Detection
194.4.58.192
Kazakhstan
49.205.182.134
India
95.9.5.93
Turkey
Click to see the 97 hidden entries
185.201.9.197
Germany
115.94.207.99
Korea Republic of
71.72.196.159
United States
70.92.118.112
United States
70.183.211.3
United States
12.175.220.98
United States
200.116.145.225
Colombia
190.251.200.206
Colombia
138.68.87.218
United States
172.105.13.66
United States
220.245.198.194
Australia
104.131.11.150
United States
162.241.204.233
United States
176.111.60.55
Ukraine
24.178.90.49
United States
94.23.237.171
France
192.185.52.115
United States
187.161.206.24
Mexico
41.185.28.84
South Africa
78.182.254.231
Turkey
194.190.67.75
Russian Federation
108.53.88.101
United States
186.74.215.34
Panama
109.116.245.80
Italy
161.0.153.60
Haiti
202.134.4.216
Indonesia
120.150.218.241
Australia
202.134.4.211
Indonesia
87.106.139.101
Germany
173.70.61.180
United States
78.188.225.105
Turkey
74.128.121.17
United States
62.75.141.82
Germany
24.69.65.8
Canada
119.59.116.21
Thailand
37.139.21.175
Netherlands
98.109.133.80
United States
95.213.236.64
Russian Federation
46.105.131.79
France
166.62.28.130
United States
50.116.111.59
United States
188.165.214.98
France
69.38.130.14
United States
120.150.60.189
Australia
172.125.40.123
United States
180.222.161.85
Australia
110.145.11.73
Australia
172.86.188.251
Canada
157.245.99.39
United States
115.21.224.117
Korea Republic of
167.114.153.111
Canada
203.153.216.189
Indonesia
2.58.16.89
Latvia
62.171.142.179
United Kingdom
78.189.148.42
Turkey
85.105.205.77
Turkey
123.176.25.234
Maldives
75.109.111.18
United States
66.57.108.14
United States
50.91.114.38
United States
78.24.219.147
Russian Federation
24.179.13.119
United States
110.142.236.207
Australia
139.99.158.11
Canada
190.103.228.24
Argentina
181.165.68.127
Argentina
121.124.124.40
Korea Republic of
139.59.60.244
Singapore
61.19.246.238
Thailand
89.106.251.163
Russian Federation
168.235.67.138
United States
136.244.110.184
United States
197.211.245.21
Mauritius
79.130.130.240
Greece
188.219.31.12
Italy
75.113.193.72
United States
217.20.166.178
Ukraine
74.208.45.104
United States
134.209.144.106
United States
59.21.235.119
Korea Republic of
93.146.48.84
Italy
139.162.60.124
Netherlands
172.104.97.173
United States
166.62.10.32
United States
69.49.88.46
United States
24.164.79.147
United States
74.58.215.226
Canada
37.187.72.193
France
195.159.28.230
Norway
51.89.36.180
France
85.105.111.166
Turkey
190.240.194.77
Colombia
109.74.5.95
Sweden
79.137.83.50
France
174.118.202.24
Canada
181.171.209.241
Argentina
89.216.122.92
Serbia

Domains

Name IP Detection
vanddnabhargave.com
166.62.10.32
ie-best.net
192.185.52.115
bhaktivrind.com
166.62.28.130
Click to see the 1 hidden entries
cab.mykfn.com
0.0.0.0

URLs

Name Detection
http://cab.mykfn.com/admin/X/
http://bhaktivrind.com
http://ie-best.net
Click to see the 27 hidden entries
http://gocphongthe.com/wp-content/lMMC/
http://ie-best.net/online-timer-kvhxz/ilXL/
http://www.letscompareonline.com/de.letscompareonline.com/wYd/
http://bhaktivrind.com/cgi-bin/JBbb8/
http://vanddnabhargave.com/asset/W9o/
http://cab.mykfn.com
http://vanddnabhargave.com
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://ocsp.sectigo.com0
http://cambiasuhistoria.growlab.es/wp-content/hGhY2/P
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://java.c
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://investor.msn.com/
http://cambiasuhistoria.growlab.es/wp-content/hGhY2/
https://sectigo.com/CPS0D
http://www.piriform.com/ccleanerhttp://www.piriform.com/cclea7
http://www.piriform.com/ccleaner
http://www.%s.comPA
http://cab.mH

Dropped files

Name File Type Hashes Detection
C:\Users\user\Nk2duhb\Gxlh9ia\E6_R.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{452ACF7A-211A-44E2-8F1B-AC77A8685DB1}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4FD77F3-97C0-4A14-814E-1968BCE52029}.tmp
data
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\IU-8549 Medical report COVID-19.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Thu Feb 18 05:56:32 2021, length=172032, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BI6L7G7Y2QOZYJA29CWB.temp
data
#
C:\Users\user\Desktop\~$-8549 Medical report COVID-19.doc
data
#