flash

sample2.xls.xls

Status: finished
Submission Time: 25.11.2021 18:37:20
Malicious
Trojan
Exploiter
Hidden Macro 4.0

Comments

Tags

  • vir
  • xlsx

Details

  • Analysis ID:
    528761
  • API (Web) ID:
    896284
  • Analysis Started:
    25.11.2021 18:41:48
  • Analysis Finished:
    25.11.2021 18:56:25
  • MD5:
    75c10281f9cae799f72d6b949199fd91
  • SHA1:
    7bd8c6de6d714ff5e0b8f450203d24c8dd30495d
  • SHA256:
    53a57594efe3312565fd5415ad3d7066799f831bb6854737ffaf87fe0119af01
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
88/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
88/100

malicious
22/59

IPs

IP Country Detection
51.15.56.22
France

Domains

Name IP Detection
gupta-foods.xyz
51.15.56.22
gupta-airways.icu
51.15.56.22
gupta-technologies.sbs
51.15.56.22

URLs

Name Detection
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
http://investor.msn.com
Click to see the 8 hidden entries
http://www.msnbc.com/news/ticker.txt
http://www.%s.comPA
http://www.icra.org/vocabulary/.
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://servername/isapibackend.dll
http://investor.msn.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\sample2.xls.xls
Composite Document File V2 Document, Little Endian, Os: MacOS, Version 6.11, Code page: -535, Last Saved By: Microsoft Office User, Name of Creating Application: Microsoft Macintosh Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Da (…)
#
C:\Users\user\AppData\Local\Temp\7D1C.tmp
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Temp\~DF30EC3661E732423E.TMP
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\~DF6FA4235239FD3AE0.TMP
data
#