flash

Document_1680405650-10062021.xls

Status: finished
Submission Time: 06.10.2021 17:48:10
Malicious
Exploiter
Hidden Macro 4.0

Comments

Tags

  • xls

Details

  • Analysis ID:
    498132
  • API (Web) ID:
    865704
  • Analysis Started:
    06.10.2021 17:48:11
  • Analysis Finished:
    06.10.2021 17:59:34
  • MD5:
    3d6a59b16e0992c234a9e649272d9183
  • SHA1:
    d40763ea2a87946c34137adcca9d72a9dbb4f190
  • SHA256:
    f0073fcb16de6f8c5c497d318853c3eaf9fb3d03d85ecaf009a33de179c879a2
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
64/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
64/100

IPs

IP Country Detection
94.140.114.111
Latvia
190.14.37.107
Panama
188.165.62.50
France

URLs

Name Detection
http://190.14.37.107/44475.7418916667.dat
http://188.165.62.50/44475.7418916667.dat
http://94.140.114.111/44475.7418916667.dat
Click to see the 4 hidden entries
http://190.14.37.107/
http://188.165.62.50/
http://servername/isapibackend.dll
http://94.140.114.111/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
data
#