Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 48
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
malicious
Score: 48
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
IP | Country | Detection |
---|---|---|
18.211.24.111 | United States |
Name | IP | Detection |
---|---|---|
admin.phishproof.com | 18.211.24.111 |
Name | Detection |
---|---|
https://admin.phishproof.com/af-Dbh8nMk.png |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 |
Microsoft Cabinet archive data, 58596 bytes, 1 file | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD |
data | # | |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 |
data | # | |
Click to see the 13 hidden entries | |||
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\af-Dbh8nMk[1].png |
PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\af-Dbh8nMk[1].png |
PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\102272C3.png |
PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BF840B3-025D-4403-9DBE-B492A11253DC}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A70475F6-E366-40C3-B2E6-22C3DC55A9E1}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E42C9A4D-C73B-45F3-859A-E103BFD96442}.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\CabCF8F.tmp |
Microsoft Cabinet archive data, 58596 bytes, 1 file | # | |
C:\Users\user\AppData\Local\Temp\TarCF9F.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Covid-19 Payroll Tax Adjustment.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Tue Apr 20 02:42:34 2021, length=10480, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$vid-19 Payroll Tax Adjustment.docx |
data | # |