flash

2021_0002565_DDT.xls

Status: finished
Submission Time: 13.10.2021 17:48:11
Malicious
E-Banking Trojan
Exploiter
Ursnif Dropper

Comments

Tags

Details

  • Analysis ID:
    502199
  • API (Web) ID:
    869777
  • Analysis Started:
    13.10.2021 17:48:12
  • Analysis Finished:
    13.10.2021 17:52:07
  • MD5:
    5b239ac2b45218ad505553d52203c744
  • SHA1:
    abefd9905f25fdcea76783cfd877c19206d117ab
  • SHA256:
    f3ff9603b23796a30d10ae2cfa0001212752705a3e602371ae74d0f4d8defb71
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 91, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)

malicious
52/100

IPs

IP Country Detection
52.113.194.132
United States
52.109.88.177
United States
52.109.28.63
United States
Click to see the 3 hidden entries
2.21.140.114
European Union
20.50.201.195
United States
52.109.88.34
United States

Dropped files

Name File Type Hashes Detection
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_17.ttf
TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_17RegularVersion 4.17;O365
#
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D01F1074-7A8E-4E0B-A1C2-7BFA61CB3A1A
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
Click to see the 5 hidden entries
C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
XML 1.0 document, ASCII text, with very long lines, with no line terminators
#
C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
data
#
C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\9aad439831564ef9f88438a70a63c87e26ef3852.tbres
data
#
C:\Users\alfredo\AppData\Roaming\Microsoft\Office\Recent\2021_0002565_DDT.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jun 8 14:37:17 2021, mtime=Wed Oct 13 23:49:32 2021, atime=Wed Oct 13 23:49:26 2021, length=51712, window=hide
#
C:\Users\alfredo\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#