=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

yeni teklif talebi.xlsx

Status: finished
Submission Time: 2022-05-14 15:08:15 +02:00
Malicious
Trojan
Exploiter
Evader
GuLoader

Comments

Tags

  • VelvetSweatshop
  • xlsx

Details

  • Analysis ID:
    626603
  • API (Web) ID:
    994100
  • Analysis Started:
    2022-05-14 15:21:20 +02:00
  • Analysis Finished:
    2022-05-14 15:27:56 +02:00
  • MD5:
    b32d7bac7fb9b903ea73a041f13d3b61
  • SHA1:
    359458f03b700820c3b4f5fc1838ef7ea0d3cd14
  • SHA256:
    35bfba75e0bc2a473ee9964f138acd21381ddf6fd196b35127a304fa61b87826
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
100/100

malicious
26/68

malicious
10/41

IPs

IP Country Detection
23.95.34.9
United States

URLs

Name Detection
http://23.95.34.9/zaki/Komiten6.exe
http://23.95.34.9/zaki/Komiten6.exej
http://nsis.sf.net/NSIS_ErrorError
Click to see the 1 hidden entries
http://23.95.34.9/zaki/Komiten6.exemmC:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Komiten6[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
C:\Users\user\Desktop\~$yeni teklif talebi.xlsx
data
#
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
#
Click to see the 12 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\189C2737.wmf
ms-windows metafont .wmf
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3E1683BB.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\80E4BC8E.wmf
ms-windows metafont .wmf
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2359081.wmf
ms-windows metafont .wmf
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FCE43280.wmf
ms-windows metafont .wmf
#
C:\Users\user\AppData\Local\Temp\KONDEMNATIONERS.Heg
data
#
C:\Users\user\AppData\Local\Temp\Overliggedagene225.ini
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\nshD0AF.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\~DF3EBA8DC817904F49.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DF8EEDDA710CFA1BC5.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFD156472CF2DDFD4C.TMP
CDFV2 Encrypted
#
C:\Users\user\AppData\Local\Temp\~DFFFED7F195E4B8B5F.TMP
data
#