=
flash

DHLExpress.xlsx

Status: finished
Submission Time: 14.01.2022 10:29:23
Malicious
Trojan
Exploiter
Evader
FormBook

Comments

Tags

  • DHL
  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    553114
  • API (Web) ID:
    920633
  • Analysis Started:
    14.01.2022 10:37:50
  • Analysis Finished:
    14.01.2022 10:49:46
  • MD5:
    2b9a745d1c8ffca624c71ca72c0534dd
  • SHA1:
    ec28b316b4fab0a9432b013a550f3bbdbff69b92
  • SHA256:
    2174bb3aa9e77eecd21ad4b0fdd340a034db7c815da7a7c9d51d288777984718
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
14/43

malicious

IPs

IP Country Detection
172.67.178.13
United States
156.67.74.112
United States
3.64.163.50
United States
Click to see the 3 hidden entries
172.67.207.77
United States
103.167.92.57
unknown
34.102.136.180
United States

Domains

Name IP Detection
lauraimoveis.com
156.67.74.112
www.chiplorain.com
3.64.163.50
www.louisesshop.com
172.67.207.77
Click to see the 6 hidden entries
www.atlantahousingsolutions.com
172.67.178.13
www.heigray.xyz
0.0.0.0
www.searakloset.com
0.0.0.0
www.lauraimoveis.com
0.0.0.0
heigray.xyz
34.102.136.180
searakloset.com
34.102.136.180

URLs

Name Detection
www.searakloset.com/bc93/
http://www.chiplorain.com/bc93/?DD=h0Dd6TfP&5jMx_fYX=m45wz0yJH0eU0AdWNIhpnj7O98T4qieiIfcSO4QQLTkRI2A85Oo6eqE9guaDClHK+tDn+A==
http://www.atlantahousingsolutions.com/bc93/?5jMx_fYX=NJ8vjIFYwVF+K1Zn/AGorNaFwyaz0G/XgrC+2klBX/IapeezUPO8bi3RGsgrxJXS1LqH5g==&DD=h0Dd6TfP
Click to see the 26 hidden entries
http://www.lauraimoveis.com/bc93/?DD=h0Dd6TfP&5jMx_fYX=45pLxo9kavwG0b6/ageG5KZoyEg3RdGQG9PSgAgmCz2Hqkg+0QkW1XX316CwBWlYmM0BuA==
http://www.louisesshop.com/bc93/?DD=h0Dd6TfP&5jMx_fYX=Dtwu72sJ/YpTMebBbpFICpD7OPufwyJSP0x6RFU6mEZA3uDfPjbVMUZhI3MTljxZrpV9GA==
http://103.167.92.57/winos11pro/vbc.exe
http://www.windows.com/pctv.
http://wellformedweb.org/CommentAPI/
http://www.iis.fhg.de/audioPA
http://www.searakloset.com/bc93/?5jMx_fYX=/0p52NrLw6/lfqJ/6i2KRqaclY9EGZAkl3iVYOjyKH0fSpE9MHsWsCd4MfgGNBa7PLwApw==&DD=h0Dd6TfP
http://nsis.sf.net/NSIS_ErrorError
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe
http://treyresearch.net
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://java.sun.com
http://www.icra.org/vocabulary/.
http://www.piriform.com/c
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://nsis.sf.net/NSIS_Error
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
http://www.heigray.xyz/bc93/?5jMx_fYX=LW5horzSF3uc1GWuNtjePQyf7tqmMuH+apCXxYGRs9OB+DuQ+Cegeibn8pPPEnsybp118Q==&DD=h0Dd6TfP
http://www.piriform.com/ccleaner
http://computername/printers/printername/.printer
http://www.%s.comPA
http://www.autoitscript.com/autoit3
https://support.mozilla.org
http://www.piriform.com/ccleanerv
http://servername/isapibackend.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\Desktop\~$DHLExpress.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\10742059.png
PNG image data, 135 x 175, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\23270DBD.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\317B23B8.png
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3A2963D3.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\437A1A86.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\448D1084.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4CA26EB5.png
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\64631AC.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6C08BD32.png
PNG image data, 135 x 175, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AADABCCF.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AFEA009A.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Temp\jtaloweyv
PGP\011Secret Sub-key -
#
C:\Users\user\AppData\Local\Temp\k1qxhyjx69ne
data
#
C:\Users\user\AppData\Local\Temp\nsuBDB5.tmp
data
#
C:\Users\user\AppData\Local\Temp\nsuBDB6.tmp\vdobpgi.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\~DF7B5C07060C74ADB0.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFE331969069BCDF1E.TMP
CDFV2 Encrypted
#
C:\Users\user\AppData\Local\Temp\~DFE36B8A4AA29EFAFC.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFFD99C5C606B2616A.TMP
data
#