flash

Acct # 3288-1258-1NQ39NGAY0GD'pdf.ppam

Status: finished
Submission Time: 25.11.2021 18:14:18
Malicious
Trojan
Exploiter
Evader

Comments

Tags

  • ppam

Details

  • Analysis ID:
    528751
  • API (Web) ID:
    896265
  • Analysis Started:
    25.11.2021 18:32:31
  • Analysis Finished:
    25.11.2021 18:42:47
  • MD5:
    801ebbda05a9a4dab1f22c0cc979e696
  • SHA1:
    ac65f3e2a69fa2bed620c315cf5894f0c57be8f4
  • SHA256:
    a9fab95f89805a51542cf30800de459ff78eb8a3262642053959ef17c220e5a4
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
24/63

malicious

IPs

IP Country Detection
67.199.248.16
United States
199.91.155.88
United States
172.217.168.68
United States
Click to see the 5 hidden entries
172.217.168.45
United States
172.217.168.9
United States
104.16.203.237
United States
142.251.40.228
United States
172.217.168.1
United States

Domains

Name IP Detection
j.mp
67.199.248.16
www.starinxxxgkular.duckdns.org
142.251.40.228
www.mediafire.com
104.16.203.237
Click to see the 9 hidden entries
download2347.mediafire.com
199.91.155.88
accounts.google.com
172.217.168.45
www-google-analytics.l.google.com
216.58.215.238
blogspot.l.googleusercontent.com
172.217.168.1
www.google.com
172.217.168.68
blogger.l.google.com
172.217.168.9
kdaoskdokaodkwldld.blogspot.com
0.0.0.0
www.blogger.com
0.0.0.0
resources.blogblog.com
0.0.0.0

URLs

Name Detection
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ug
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.c
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8db3b9_4
Click to see the 97 hidden entries
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8db3b9_91603714ac3947ce8b64f4db8b2d0c0
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8db3
https://8db3b91a-ea93-419b-b51b-0a69902759c5.usrfiles.com/ugd/8d
https://www.blogger.com/go/helpcenter
https://www.google.com/chrome/?brand=CHZO&utm_source=google.com&utm_medium=desktop-app-launc
https://www.blogger.com/static/v1/v-css/281434096-static_pages.css
https://www.blogger.com/go/terms
https://www.blogblog.com;
https://www.mediafire.com/file/95ggilwnqccbq6l/20.doc/fileOMEPAw
https://www.blogger.com/static/v1/widgets/1397508952-widgets.js
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js.css
https://www.blogger.com
https://www.google.co.uk/intl/de/about/products?tab=jh
https://www.blogger.com/go/privacy
https://resources.blogblog.com/blogblog/data/1kt/simple/gradients_light.pngight.pngt.com%2Fp%2F20.ht
https://kdaoskdokaodkwldld.blogspot.com/p/20.htmlhttps://kdaoskdokaodkwldld.blogspot.com/favicon.ico
https://download2347.mediafire.com/
https://accounts.google.com/
https://kdaoskdokaodkwldld.blogspot.com/feeds/posts/defaultO
https://www.blogger.com/blogin.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/20.html&type=
https://www.google.com/css/maia.css07v
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3903609419317699398&zx=5f07c876-ed15-
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://kdaoskdokaodkwldld.blogspot.com/p/20.html%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttps://kdaoskdokaodkwldld.blogspot.com/p/20.html%26type%3Dblog%26bpli%3D1&go=true
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.png)
https://download2347.mediafire.com/7zyqtjrto6xg/95ggilwnqccbq6l/20.doc...
https://kdaoskdokaodkwldld.blogspot.com/favicon.ico
https://resources.blogblog.com/Q
https://resources.blogblog.com/img/triangle_ltr.gif)
https://www.youtube.com
https://www.blogger.com/go/discuss
https://www.google.com
https://j.mp/ODOASODOchjdjdsfdrueruebdgbjd
https://kdaoskdokaodkwldld.blogspot.com/p/O5
https://resources.blogblog.com/blogblog/data/1kt/simple/body_gradient_tile_light.pngzD
https://www.google.com/css/maia.css
https://resources.blogblog.com/img/widgets/s_top.png
https://accounts.google.com/ServiceLogin?service=blogger&continue=https://www.blogger.com/blogge
https://www.blogger.com/feeds/3903609419317699398/posts/default
https://i18n-cloud.appspot.com
https://www.blr.com/blogin.g?blogspotURL%3Dhttps://kda
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.jsogspot.com/p/20.html&type=b
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css6
https://download2347.mediafire.com/7zyqtjrto6xg/95ggilwnqccbq6l/20.dochttps://download2347.mediafire
https://www.blogger.com/static/v1/jsbin/3101730221-analytics_autotrack.js
https://keep.google.com/
http://schema.org/BlogPosting
https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657
https://www.blogger.comlinkCopiedToClipboardShare
https://www.blogger.com/static/v1/jsbin/403901366-ieretrofit.js
http://www.windows.com/pctv.
https://www.blogger.com/?tab=jj
https://www.blogger.com/age-verification.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/20.
https://www.blogger.com/go/contentpolicy
https://resources.blogblog.com/img/widgets/s_bottom.png)
https://stadia.google.com/
https://www.blogger.com/blogin.g?blogspotURL=https%3A%2F%2Fkdaoskdokaodkwldld.blogspot.com%2Fp%2F20.
https://ads.google.com/home/?subid=ww-ww-et-g-aw-a-vasquette_ads_cons_1
https://www.blogger.com/blogin.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/20.html&t
https://resources.blogblog.com/img/widgets/s_bottom.png
https://www.blogger.com/go/devapi
https://kdaoskdokaodkwldld.blogspot.com/p/
https://resources.blogblog.com/
https://download2347.mediafire.com/j
https://kdaoskdokaodkwldld.blogspot.com/p/20.html...
https://www.blogger.com/static/v1/widgets/1397508952-widgets.jspng/P
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3903609419317699398&zx=5f07c876-e
https://www.mediafire.com/M
https://translate.google.co.uk/?hl=de&tab=jT
https://www.blogger.com/go/buzz
https://www.mediafire.com/E
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
https://s.ytimg.com
https://www.mediafire.com/file/95ggilwnqccbq6l/20.doc/file
https://jamboard.google.com/?usp=jam_ald
https://www.blogger.com/static/v1/widgets/1529571102-css_bundle_v2.css
https://www.google.de/contact/impressum.html
https://www.blogger.com/blogin.g?blogspotURL=https://kdaoskdokaodkwldld.blogspot.com/p/20.html&type=blog
https://www.blogger.com/
https://www.blogger.com0
https://kdaoskdokaodkwldld.blogspot.com/p/20.html&type=blog
https://docs.google.com/forms/?usp=forms_alc
https://kdaoskdokaodkwldld.blogsp.p
https://www.google.com/
http://crl.entrust.net/2048ca.crl0
http://schema.org/Blog1
http://www.msnbc.com/news/ticker.txt
https://www.google.com/css/maia.css/
https://kdaoskdokaodkwldld.blogspot.com/p/20.htmlf5
https://twitter.com/intent/tweet?text=
http://ocsp.entrust.net03
https://download2347.mediafire.com/7zyqtjrto6xg/95ggilwnqccbq6l/20.doc...hL
https://www.blogger.com/static/v1/v-css/281434096-static_pages.cssC:
https://www.blogger.com/static/v1/widgets/1397508952-widgets.js903609419317699398&zx=5f07c876-ed15-4

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\20[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ODOASODOchjdjdsfdrueruebdgbjd[1].htm
HTML document, ASCII text
#
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\blogin[1].htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\body_gradient_tile_light[1].png
PNG image data, 10 x 10, 1-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\gradients_light[1].png
PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Acct # 3288-1258-1NQ39NGAY0GD'pdf.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:56 2021, mtime=Mon Aug 30 20:08:56 2021, atime=Fri Nov 26 01:33:16 2021, length=7188, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FJNMWAG0.txt
ASCII text
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms. (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms\ (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msar (copy)
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AQYZ01APXBHT9275V80X.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BUUO1DMCS4BHU3HYGHQQ.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KU79PZUPCRAJB9M9RQP2.temp
data
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XG9NCQX4ILMZE1IDCEJ9.temp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\281434096-static_pages[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\403901366-ieretrofit[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\error[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\googlelogo_color_150x54dp[1].png
PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\robot[1].png
PNG image data, 171 x 213, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\1397508952-widgets[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\blogin[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\1529571102-css_bundle_v2[1].css
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\20[1].doc
HTML document, ASCII text, with very long lines, with CRLF line terminators
#