flash

policy#37820.xlsb

Status: finished
Submission Time: 30.06.2021 20:02:17
Malicious
Exploiter
Evader
RMSRemoteAdmin Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    442547
  • API (Web) ID:
    810139
  • Analysis Started:
    30.06.2021 20:05:00
  • Analysis Finished:
    30.06.2021 20:17:25
  • MD5:
    f60146ee4fab89ecde8bb1bdb23287b6
  • SHA1:
    82bb4929a849deb1860e4c902745a0673c5911c8
  • SHA256:
    6ab90a34f6fdfaf1486009f70318816cc61201248c0a5231030b9b3d3e010fe9
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
96/100

IPs

IP Country Detection
192.119.14.178
United States
198.147.28.34
United States
209.205.218.178
United States
Click to see the 1 hidden entries
212.2.198.90
Turkey

Domains

Name IP Detection
etisalatbuyback.com
212.2.198.90
id70.remoteutilities.com
209.205.218.178

URLs

Name Detection
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
http://nsis.sf.net/NSIS_ErrorError
http://update.remoteutilities.net/upgrade_beta.ini
Click to see the 7 hidden entries
http://www.indyproject.org/
http://www.openssl.org/V
http://rmansys.ru/internet-id/
http://madExcept.comU
http://www.openssl.org/support/faq.html
http://schemas.xmlsoap.org/soap/envelope/
http://update.remoteutilities.net/upgrade.ini

Dropped files

Name File Type Hashes Detection
C:\Users\Public\JavelinNew\Javelin.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\Public\Libraries\appscomhost
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\usa[1]
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
Click to see the 15 hidden entries
C:\Users\user\Desktop\~$policy#37820.xlsb
data
#
C:\Users\Public\JavelinNew\inst801.7z
7-zip archive data, version 0.3
#
C:\Users\Public\JavelinNew\instzip594.7z
7-zip archive data, version 0.3
#
C:\Users\Public\JavelinNew\libeay32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\Public\JavelinNew\ssleay32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\662FAE06-B8BB-4FD3-9343-79CB8671E669
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\85BBDE0D.png
PNG image data, 2260 x 952, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B065FF3C.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Temp\53B10000
data
#
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\nso349F.tmp\NSISList.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nso349F.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nso349F.tmp\nsis7z.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\nso349F.tmp\registry.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
#