flash

start[526268].vbs

Status: finished
Submission Time: 10.09.2021 06:58:08
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • vbs

Details

  • Analysis ID:
    480986
  • API (Web) ID:
    848555
  • Analysis Started:
    10.09.2021 06:58:09
  • Analysis Finished:
    10.09.2021 07:07:16
  • MD5:
    b0de0a696f7b17724fef5c5e0af2bd1d
  • SHA1:
    3de72b8cae6a84f82e05cae18f48a1a302dbebc3
  • SHA256:
    e3a1fb3e932aae628aa08bde31be3b30861fa90ca16db4f81d7989093e1fddbe
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
8/89

malicious

IPs

IP Country Detection
185.251.90.253
Russian Federation

Domains

Name IP Detection
art.microsoftsofymicrosoftsoft.at
185.251.90.253
atl.bigbigpoppa.com
185.251.90.253
resolver1.opendns.com
208.67.222.222

URLs

Name Detection
http://art.microsoftsofymicrosoftsoft.at/fpsVrgA85_2/BZUV9Iws3c_2Fj/GkkWmnklFKPgFBQ8hMP6W/ISGgirn8yOZisrZs/5_2BH8scRlnvRek/EGKptIwp8lSo93GFx6/ymWkd9jdg/4KpkPYuuZAAAek8BuLEK/tznSDyfWtC0KjQGP2d_/2BrsiHfOmQlV7YgPTes0MP/b6lv_2B55mg9j/CZcF_2Fn/c7jP_2BxBvmhfldW4gAwZkY/uow0BznEMg/Wu3a_2FnHyKBj_2BJ/8ZnXzqvUM8Ze/cMFtkguu1z4/ENTz8901wZ21V2/97iMfuV3Gozq6_2FCxmu3/2vuyb0vOGb_2B1J_/2BS8kN2df/902r
http://atl.bigbigpoppa.com/NhQOwDmOWNWhoZkCuvIJYT/yyrgcNktQOio5/MAWNnOPh/YOpi6p7HZNMrM8dfCZNfhKR/6onGC0_2Fj/Z9tF912mepKiyl36W/W4huWMRggYfW/XcsWaKpGEUD/RLGSHFoZE1byyc/rlBcayy_2BaEyDegqhXic/uK_2B61p_2BSvpFm/KyqmkPSMKG7KXQh/rKyHlYF1pKbQ_2FrYs/GJ_2FCBgc/9AGhinNAfGtoNp19N2M0/VRQmCiVDj4baSUAqCoz/3V8nTzokn2tRxlMEPZAuLu/2tgH0PvXzWJgh/YQdIJgxg/bNHS_2BzqfAV52iuY_2FTg4/1Z1d8SkfRiehoMkV7n/yUZu
http://nuget.org/NuGet.exe
Click to see the 8 hidden entries
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.apache.org/licenses/LICENSE-2.0.html
https://github.com/Pester/Pester
https://contoso.com/
https://nuget.org/nuget.exe
https://contoso.com/License
https://contoso.com/Icon

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\fum.cpp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\hvjfk3yo\hvjfk3yo.0.cs
UTF-8 Unicode (with BOM) text
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.0.cs
UTF-8 Unicode (with BOM) text
#
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\1cv1ijms\1cv1ijms.out
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\1cv1ijms\CSC65E6130637C74F63B377719165F577CE.TMP
MSVC .res
#
C:\Users\user\AppData\Local\Temp\RESFECC.tmp
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b51iw0xu.4zo.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_upl555bt.hac.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\adobe.url
MS Windows 95 Internet shortcut text (URL=<https://adobe.com/>), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\hvjfk3yo\hvjfk3yo.cmdline
UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\hvjfk3yo\hvjfk3yo.out
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20210910\PowerShell_transcript.767668.YlCTH0VE.20210910070227.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#