flash

Covid-19 Payroll Tax Adjustment.docx

Status: finished
Submission Time: 19.04.2021 20:40:54
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    392737
  • API (Web) ID:
    687582
  • Analysis Started:
    19.04.2021 20:41:36
  • Analysis Finished:
    19.04.2021 20:54:09
  • MD5:
    f78e1a17152954d2c56e3de7f889065f
  • SHA1:
    9ad2cffb62540c6ad60eee087c97cc756949adfd
  • SHA256:
    606e7c0165678adb36211ad727f8d128577a06584034ee39402b9a931f457b06
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
48/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
48/100

IPs

IP Country Detection
18.211.24.111
United States

Domains

Name IP Detection
admin.phishproof.com
18.211.24.111

URLs

Name Detection
https://admin.phishproof.com/af-Dbh8nMk.png

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58596 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
Click to see the 13 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\af-Dbh8nMk[1].png
PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\af-Dbh8nMk[1].png
PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\102272C3.png
PNG image data, 848 x 1184, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BF840B3-025D-4403-9DBE-B492A11253DC}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A70475F6-E366-40C3-B2E6-22C3DC55A9E1}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E42C9A4D-C73B-45F3-859A-E103BFD96442}.tmp
data
#
C:\Users\user\AppData\Local\Temp\CabCF8F.tmp
Microsoft Cabinet archive data, 58596 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\TarCF9F.tmp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Covid-19 Payroll Tax Adjustment.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Tue Apr 20 02:42:34 2021, length=10480, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
#
C:\Users\user\Desktop\~$vid-19 Payroll Tax Adjustment.docx
data
#