flash

document-1900770373.xls

Status: finished
Submission Time: 21.02.2021 16:54:12
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

  • xls

Details

  • Analysis ID:
    355743
  • API (Web) ID:
    613454
  • Analysis Started:
    21.02.2021 16:54:13
  • Analysis Finished:
    21.02.2021 17:04:47
  • MD5:
    139a10b28479f4f9e2e4465053e039f8
  • SHA1:
    10251eb69e603ed7259265015b71b1160e3b4a06
  • SHA256:
    ed17094f3e820674c9fa18192292108e8766d28eb0afcc0cf350a44b54196c1d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
96/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
88/100

malicious
11/83

malicious

IPs

IP Country Detection
185.151.30.170
United Kingdom

Domains

Name IP Detection
kashful.softwarebd.biz
185.151.30.170
cert.int-x1.letsencrypt.org
0.0.0.0

URLs

Name Detection
https://kashful.softwarebd.biz/ds/1802.gif
https://kashful.softwarebd.biz/ds/1802.Dc
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Click to see the 9 hidden entries
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://investor.msn.com/
http://cert.int-x1.letsencrypt.org/
http://cps.root-x1.letsencrypt.org0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 59134 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CD13771E5132C64BEEF257719A4363C4
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
Click to see the 10 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CD13771E5132C64BEEF257719A4363C4
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\Local\Temp\2BBE0000
data
#
C:\Users\user\AppData\Local\Temp\CabD03B.tmp
Microsoft Cabinet archive data, 59134 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\TarD03C.tmp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sun Feb 21 23:54:33 2021, atime=Sun Feb 21 23:54:33 2021, length=8192, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1900770373.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11 2020, mtime=Sun Feb 21 23:54:33 2021, atime=Sun Feb 21 23:54:33 2021, length=90112, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\CBBE0000
Applesoft BASIC program data, first line number 16
#