counter-1248368226.xls
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 80
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
|
malicious
Score: 80
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
| IP | Country | Detection |
|---|---|---|
| 162.241.2.78 | United States |  |
| 108.179.192.98 | United States | |
| 103.28.36.171 | Viet Nam | |
| Name | IP | Detection |
|---|---|---|
| greenflag.esp.br | 108.179.192.98 | |
| playsis.com.br | 162.241.2.78 | |
| noithat117.vn | 103.28.36.171 | |
| Name | Detection |
|---|---|
| https://playsis.com.br/qJSL1BN5V/tiynh.html5 |  |
| https://playsis.com.br/Y~T | |
| https://playsis.com.br/qJSL1BNt | |
| Click to see the 34 hidden entries | |
| https://playsis.com.br/qJSL1B.b | |
| https://playsis.com.br/qJSi | |
| https://playsis.com.br/qJSL1BN5V/tiynh.html | |
| https://playsis.com.br/qJSL117. | |
| https://playsis.com.br/ | |
| https://playsis.com.br/qhtt | |
| https://playsis.com.br/qJSL1BN5V/tiynh.html117.vn/TSh7GBeIR/tiynh.htmlink | |
| http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
| https://playsis.cre | |
| https://greenflag.esp.br/yuINdRbM/tiynh.html | |
| https://noithat117.vn/ | |
| http://investor.msn.com/ | |
| http://www.%s.comPA | |
| https://playsis.com.boi | |
| http://ocsp.entrust.net0D | |
| https://secure.comodo.com/CPS0 | |
| http://servername/isapibackend.dll | |
| http://crl.entrust.net/2048ca.crl0 | |
| http://www.icra.org/vocabulary/. | |
| http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 | |
| https://noithat117.vn/TSh7GBeIR/tiynh.html | |
| http://www.windows.com/pctv. | |
| http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check | |
| http://www.hotmail.com/oe | |
| http://windowsmedia.com/redir/services.asp?WMPFriendly=true | |
| http://www.diginotar.nl/cps/pkioverheid0 | |
| http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 | |
| https://greenflag.esp.br/ | |
| https://playsis.com | |
| http://ocsp.entrust.net03 | |
| http://crl.entrust.net/server1.crl0 | |
| https://greenflag.esp.br/s | |
| http://www.msnbc.com/news/ticker.txt | |
| http://investor.msn.com | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\Desktop\counter-1248368226.xls |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Tue Nov 30 06:43:37 2021, Security: 0 | # | |
C:\Users\user\AppData\Local\Temp\FFC2.tmp |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Users\user\AppData\Local\Temp\~DF3298678F3B11AF32.TMP |
data | # | |
| Click to see the 1 hidden entries | |||
C:\Users\user\AppData\Local\Temp\~DF55CA0BB42F5D2008.TMP |
data | # | |
