flash

CompensationClaim-1630636598-09282021.xls

Status: finished
Submission Time: 28.09.2021 22:01:21
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Qbot

Comments

Tags

  • xls

Details

  • Analysis ID:
    492661
  • API (Web) ID:
    860227
  • Analysis Started:
    28.09.2021 22:13:52
  • Analysis Finished:
    28.09.2021 22:28:08
  • MD5:
    f3e5e9eb94f7bc0115c4b373093d085d
  • SHA1:
    2142f513fa165dbc4fe13d5aa1ccc10f029f31c5
  • SHA256:
    a57b036af033da6944bb62320662310585d2f23b1d275cd7f01f9c786608e551
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
7/45

IPs

IP Country Detection
185.141.27.213
Netherlands
190.14.37.187
Panama
94.140.112.126
Latvia

URLs

Name Detection
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://190.14.37.187/44467.926671412.dat
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.926671412[1].dat
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Drezd.red
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
data
#