flash

BL_SGN11203184.xlsx

Status: finished
Submission Time: 10.06.2021 15:02:23
Malicious
Trojan
Exploiter
Evader
GuLoader

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    432590
  • API (Web) ID:
    800184
  • Analysis Started:
    10.06.2021 15:16:10
  • Analysis Finished:
    10.06.2021 15:23:14
  • MD5:
    06eb9a2b3d7113604968b87722ed242a
  • SHA1:
    2a6929b76b8b69a4e3a3766881280c63af765cb1
  • SHA256:
    1554d0f1b36381c9a323749cd62b7870c8273d8020fc81df09cb159a3bb84acc
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
11/88

malicious
11/35

malicious
17/29

malicious

IPs

IP Country Detection
103.155.82.236
unknown

URLs

Name Detection
http://103.155.82.236/fksdoc/svchost.exe
https://www.pos.nblwarehouse.my.id/bin_GgrWeMMq137.bin, http://benvenuti.rs/wp-co
http://www.day.com/dam/1.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Desktop\~$BL_SGN11203184.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 13 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1E4E0F48.png
PNG image data, 476 x 244, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\21A36D14.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\221576A9.png
PNG image data, 566 x 429, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5AE1779F.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\79B68205.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7A9F521.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8E0CA1A0.png
PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\988F9842.png
PNG image data, 476 x 244, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B8598AE.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B99C14D7.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D467075B.png
PNG image data, 566 x 429, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DEDF5C96.png
PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F77229A3.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#