flash

Compensation-1214892625-09272021.xls

Status: finished
Submission Time: 28.09.2021 13:15:00
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Qbot

Comments

Tags

Details

  • Analysis ID:
    492195
  • API (Web) ID:
    859764
  • Analysis Started:
    28.09.2021 13:15:22
  • Analysis Finished:
    28.09.2021 13:32:17
  • MD5:
    cbf2562df8735334741b3de3ef9a0362
  • SHA1:
    db3bff7a0edc4dd7e3f4915dc36888f3be97c814
  • SHA256:
    1b663952d7fa9e49cd53878bfddf2e2906788cbc7394b081e0fea52efd1fb6d1
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
5/45

IPs

IP Country Detection
185.183.96.67
Netherlands
190.14.37.178
Panama
185.250.148.213
Russian Federation

URLs

Name Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.178/44467.5523376157.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.5523376157[1].dat
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Drezd.red
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
data
#