flash

Credit Card and ID.ppam

Status: finished
Submission Time: 25.11.2021 18:14:18
Malicious
Trojan
Exploiter
Evader

Comments

Tags

  • ppam

Details

  • Analysis ID:
    528749
  • API (Web) ID:
    896264
  • Analysis Started:
    25.11.2021 18:29:20
  • Analysis Finished:
    25.11.2021 18:39:41
  • MD5:
    6af8522af160215e3c0f8883588e20d0
  • SHA1:
    f7cde5b67c5aa15f8d4366337792e468257b3fda
  • SHA256:
    1ca83ab27034a36bd899d91ed335e692afa949a4f1a1b30887e3f7d8651b63d1
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
14/59

malicious

IPs

IP Country Detection
67.199.248.16
United States
172.217.168.68
United States
172.217.168.45
United States
Click to see the 5 hidden entries
172.217.168.9
United States
104.16.203.237
United States
205.196.123.58
United States
142.251.40.228
United States
172.217.168.1
United States

Domains

Name IP Detection
j.mp
67.199.248.16
www.starinxxxgkular.duckdns.org
142.251.40.228
www.mediafire.com
104.16.203.237
Click to see the 9 hidden entries
accounts.google.com
172.217.168.45
www-google-analytics.l.google.com
216.58.215.238
blogspot.l.googleusercontent.com
172.217.168.1
www.google.com
172.217.168.68
blogger.l.google.com
172.217.168.9
download1370.mediafire.com
205.196.123.58
kdaoskdokaodkwldld.blogspot.com
0.0.0.0
www.blogger.com
0.0.0.0
resources.blogblog.com
0.0.0.0

URLs

Name Detection
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ug
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.c
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8db3b9_8935e3fc07ab4d79aadce07d7856d8a
Click to see the 97 hidden entries
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8db3b9_4
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8db3
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8d
https://kdaoskdokaodkwldld.blogspot.com/p/30.html&type=blogY
https://www.blogger.com/age-verification.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/30.
https://www.blogger.com/static/v1/widgets/1397508952-widgets.js
https://accounts.google.com/div
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js.css
https://www.blogger.com
https://www.google.co.uk/intl/de/about/products?tab=jh
https://j.mp/ODOASODOccomplermxjdajse
https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fkdaoskdokaodkwldld.blogspot.com%2Fp%2F30.
https://www.blogger.com/go/privacy
https://www.blogger.com/blogin.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/30.html&type=
https://accounts.google.com/
https://kdaoskdokaodkwldld.blogspot.coC109
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3903609419317699398&zx=5f07c876-ed15-
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
https://www.bloggeefD.
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png)
https://kdaoskdokaodkwldld.blogspot.com/favicon.ico
https://kdaoskdokaodkwldld.blogspot.com/p/30.html&type=blog
https://resources.blogblog.com/img/triangle_ltr.gif)
https://www.youtube.com
https://www.blogger.com/go/discuss
https://www.google.com
http://www.starinxxxgkular.duckdns.org/s1/30.txt
https://resources.blogblog.com/45
https://www.google.com/css/maia.css
https://resources.blogblog.com/img/widgets/s_top.png
https://accounts.google.com/ServiceLogin?service=blogger&continue=https://www.blogger.com/blogge
https://www.blogger.com/feeds/3903609419317699398/posts/default
https://i18n-cloud.appspot.com
https://kdaoskdokaodkwldld.blogspot.com/feeds/posts/defaultv
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://keep.google.com/
http://schema.org/BlogPosting
https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657
https://download1370.mediafire.com/k67dpqw5qwtg/o7mbmqzedgahqhw/30.dochttps://download1370.mediafire
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.pngli=10E)
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js
http://www.windows.com/pctv.
https://www.blogger.com/?tab=jj
https://www.blogger.com/go/contentpolicy
https://resources.blogblog.com/img/widgets/s_bottom.png)
https://stadia.google.com/
https://ads.google.com/home/?subid=ww-ww-et-g-aw-a-vasquette_ads_cons_1
https://resources.blogblog.com/oss-Column
https://resources.blogblog.com/img/widgets/s_bottom.png
https://download1370.mediafire.com/
https://www.blogger.com/go/devapi
https://kdaoskdokaodkwldld.blogspot.com/p/
https://www.blogger.com/static/v1/widgets/1397508952-widgets.jsC0
https://www.google.com/1#%HC1IiG.
https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://kdaoskdokaodkwldld.blogspot.com/p/30.html%26t
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
https://www.blogger.com/blogin.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/30.html&t
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3903609419317699398&zx=5f07c876-e
https://translate.google.co.uk/?hl=de&tab=jT
https://www.mediafire.com/file/o7mbmqzedgahqhw/30.doc/file
https://www.blogger.com/go/buzz
https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://kdaoskdokaodkwldld.blogspot.com/p/30.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://kdaoskdokaodkwldld.blogspot.com/p/30.html%26type%3Dblog%26bpli%3D1&go=true
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://s.ytimg.com
https://jamboard.google.com/?usp=jam_ald
https://www.blogger.com%2C0
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css
https://www.google.de/contact/impressum.html
https://www.blogger.com/
https://accounts.google.com/ogspot.
https://docs.google.com/forms/?usp=forms_alc
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png.NET4.0E)2
https://www.google.com/
http://crl.entrust.net/2048ca.crl0
https://www.blogger.com/static/v1/widgets/1397508952-widgets.jsjs/pv7
http://www.msnbc.com/news/ticker.txt
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css7YD.
https://download1370.mediafire.com/k67dpqw5qwtg/o7mbmqzedgahqhw/30.docC:
https://twitter.com/intent/tweet?text=
http://ocsp.entrust.net03
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css&
https://www.blogger.com/static/v1/widgets/1397508952-widgets.js903609419317699398&zx=5f07c876-ed15-4
https://kdaoskdokaodkwldld.blogspot.com/p/30.html
https://www.blogger.com/go/helpcenter
https://www.google.com/chrome/?brand=CHZO&utm_source=google.com&utm_medium=desktop-app-launc
https://www.blogger.com/go/terms
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css
https://www.blogblog.com;
https://resources.blogblog.com/img/triangle_open.gif
https://docs.google.com/document/?usp=docs_alc
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css1
https://www.blogger.com/blogin.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/30.html&type=blog
https://www.blogger.comu$G.
http://www.icra.org/vocabulary/.
https://www.google.co.uk/save
https://www.blogger.com/-

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\30[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1529571102-css_bundle_v2[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
Click to see the 20 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\googlelogo_color_150x54dp[1].png
PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\robot[1].png
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\403901366-ieretrofit[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\30[1].doc
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blogin[1].htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\body_gradient_tile_light[1].png
PNG image data, 10 x 10, 1-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\gradients_light[1].png
PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\1397508952-widgets[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ODOASODOccomplermxjdajse[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Credit Card and ID.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:58 2021, mtime=Mon Aug 30 20:08:58 2021, atime=Fri Nov 26 01:29:16 2021, length=8654, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\13513XLN.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msar (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ACTUANVXNIK1OBYQL0AU.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AJITAQOMU12SXBH9N1FM.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EE8N3XJNCC5PRT3U8AHO.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PFMBBXO8BFS30BCZCWKJ.temp
data
#