=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

hBB2KnTndI.exe

Status: finished
Submission Time: 2022-05-29 19:32:05 +02:00
Malicious
Spyware
Evader
Amadey

Comments

Tags

  • 32
  • exe
  • trojan

Details

  • Analysis ID:
    635800
  • API (Web) ID:
    1003304
  • Analysis Started:
    2022-05-29 19:32:06 +02:00
  • Analysis Finished:
    2022-05-29 19:53:53 +02:00
  • MD5:
    b413ff6e943c415afc26640ff535c724
  • SHA1:
    fcc13d52bf28416f3b8a594d58113fd8828a4093
  • SHA256:
    7ff0ff6e51a58398ad73da3cc8e7e6233a23e49d93aaa4b190672e4f9f08b9bb
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
76/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

malicious
76/100

malicious
27/69

URLs

Name Detection
http://gcc.gnu.org/bugs.html):

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hBB2KnTndI.exe_ad2fc02f1e967b8af8cf5fed27f1f4916534b2_362a01e9_181a7760\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\a10b8dfb5f\orxds.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66C6.tmp.dmp
Mini DuMP crash report, 14 streams, Mon May 30 02:33:16 2022, 0x1205a4 type
#
Click to see the 2 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6957.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B7B.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#