flash

xls.xls

Status: finished
Submission Time: 28.09.2021 17:53:47
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Qbot

Comments

Tags

Details

  • Analysis ID:
    492442
  • API (Web) ID:
    860015
  • Analysis Started:
    28.09.2021 17:59:03
  • Analysis Finished:
    28.09.2021 18:15:40
  • MD5:
    170b6a83db1f64901d186eda31962306
  • SHA1:
    9dedf1b8c2af2ea202b62b8c8a07a314f56ca6d5
  • SHA256:
    7afc98f96efa95af64e356e7857d7db38e9d2eb9a0b8cab36acc7f8b96b7f978
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
18/59

IPs

IP Country Detection
185.183.96.67
Netherlands
190.14.37.178
Panama
185.250.148.213
Russian Federation

URLs

Name Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.178/44467.7495993056.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.7495993056[1].dat
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Drezd.red
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
data
#