flash

Compensation-2100058996-09272021.xls

Status: finished
Submission Time: 28.09.2021 10:17:02
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Qbot

Comments

Tags

  • xls

Details

  • Analysis ID:
    492061
  • API (Web) ID:
    859631
  • Analysis Started:
    28.09.2021 10:21:25
  • Analysis Finished:
    28.09.2021 10:37:07
  • MD5:
    4658146f947ea498baaf9cf542ad0fc5
  • SHA1:
    7e5ff8360eba1e466a301e0e562574ae333f7a89
  • SHA256:
    7113398b5e27483757f79c346d4357014e972bb103d0fc8cc03ab2641d51eb8d
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
8/66

IPs

IP Country Detection
185.183.96.67
Netherlands
190.14.37.178
Panama
185.250.148.213
Russian Federation

URLs

Name Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.178/44467.4314974537.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.4314974537[1].dat
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Drezd.red
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
data
#