flash

Rebate-690835286-10052021.xls

Status: finished
Submission Time: 05.10.2021 22:15:46
Malicious
Trojan
Exploiter
Evader
Hidden Macro 4.0 Qbot

Comments

Tags

Details

  • Analysis ID:
    497532
  • API (Web) ID:
    865104
  • Analysis Started:
    05.10.2021 22:15:47
  • Analysis Finished:
    05.10.2021 22:29:26
  • MD5:
    1513c88677fc7fa1994a59197ebdb528
  • SHA1:
    b4b9486e65b90c10c2e0bd1c3617771ccec0a335
  • SHA256:
    7eaf061ea660be58767918cb80fb98da9c348be2b2449836bf840cfbf12882ec
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious

IPs

IP Country Detection
185.123.53.199
unknown
101.99.90.118
Malaysia
194.36.191.21
Netherlands

URLs

Name Detection
http://101.99.90.118/44474.9279916667.dat
http://www.%s.comPA
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Click to see the 1 hidden entries
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44474.9279916667[1].dat
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Celod.wac2
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
data
#