flash

FACTURA 3879843.xlsx

Status: finished
Submission Time: 22.07.2021 18:03:28
Malicious
Trojan
Exploiter
Evader
AgentTesla

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    452698
  • API (Web) ID:
    820281
  • Analysis Started:
    22.07.2021 18:17:10
  • Analysis Finished:
    22.07.2021 18:27:06
  • MD5:
    9ae3b1aa2c80f4e12e33569d7b5839df
  • SHA1:
    8579f018a10f93cedbb73369fb8c7b66416d9846
  • SHA256:
    82737660638921bf4d3e82bf4c059ec3cb0b61bd988365572bd4207b87ceb060
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
18/60

malicious
13/46

IPs

IP Country Detection
198.12.91.148
United States

URLs

Name Detection
http://198.12.91.148/oso.exe
http://pcLwYQ.com
http://127.0.0.1:HTTP/1.1
Click to see the 8 hidden entries
http://DynDns.comDynDNS
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://twitter.com/statuses/user_timeline.xml?screen_name=
http://www.day.com/dam/1.0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://api.twitter.com/1/direct_messages.xml?since_id=

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\oso[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Desktop\~$FACTURA 3879843.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 10 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2A2F8885.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\53902E5A.png
PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\593E6A20.jpeg
[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\69CBECC2.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F70F52E.png
PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9BEAC757.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9C2427D.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BEA251DB.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C39423A1.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EDD7C96C.jpeg
[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3
#