flash

tender-1235416393.xlsm

Status: finished
Submission Time: 22.06.2021 17:50:15
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    438525
  • API (Web) ID:
    806114
  • Analysis Started:
    22.06.2021 17:51:20
  • Analysis Finished:
    22.06.2021 18:03:34
  • MD5:
    7b3bc7d505fcb3b4c0b30aeb3ee9d0a1
  • SHA1:
    aea1e832eed27f02e48248cee5334bc1d20f1263
  • SHA256:
    bfe0e882d0ca0fb04757d96181db67c3c5b67e636ac1e92b2d6f6b63e35f0097
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
80/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
80/100

malicious
6/88

IPs

IP Country Detection
192.185.88.195
United States
192.185.112.212
United States

Domains

Name IP Detection
corazonarquitectura.com
192.185.88.195
norsecompassgroup.com
192.185.112.212

URLs

Name Detection
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$tender-1235416393.xlsm
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 60080 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
Click to see the 15 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\375F21A2.png
PNG image data, 521 x 246, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E32AA01.png
PNG image data, 246 x 108, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9268080E.png
PNG image data, 934 x 29, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A76CD200.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABDBFCB7.png
PNG image data, 490 x 30, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D413B.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Temp\51EE0000
data
#
C:\Users\user\AppData\Local\Temp\CabED1E.tmp
Microsoft Cabinet archive data, 60080 bytes, 1 file
#
C:\Users\user\AppData\Local\Temp\TarED1F.tmp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jun 22 23:51:43 2021, atime=Tue Jun 22 23:51:43 2021, length=12288, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\tender-1235416393.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:18 2020, mtime=Tue Jun 22 23:51:43 2021, atime=Tue Jun 22 23:51:43 2021, length=183962, window=hide
#
C:\Users\user\Desktop\92EE0000
data
#