Register Login

sloganpng

cqu7x.exe

Status: finished

Submission Time: 2022-11-11 12:19:10 +01:00

Malicious

Trojan

Evader

Ursnif, SmokeLoader

Comments

Tags

Details

Analysis ID:
743908
API (Web) ID:
1111217
Analysis Started:

2022-11-11 12:20:50 +01:00
Analysis Finished:

2022-11-11 12:32:42 +01:00
MD5:
e449924b8aa04fa2e032511cf86d2482
SHA1:
bc9c00e0841a84fbc45d9ef36422eac3590b590f
SHA256:
b9fd7622c3fcfdd6eb9b2cb917a3cb64eb35c61221de4866303ca88d828d5bed
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports

				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						15/37
						24/26

IPs

IP	Country	Detection
80.76.42.141	Russian Federation
37.140.192.158	Russian Federation

Domains

Name	IP	Detection
kukaryka.ru	80.76.42.141
dindunketagestan.ru	37.140.192.158
telemetry.skype.com	0.0.0.0

URLs

Name	Detection
http://dindunketagestan.ru/
http://goalichkindomik.ru/
http://pali44unkis9.ru/
Click to see the 4 hidden entries
http://klenoviycdesss.ru/
http://www.autoitscript.com/autoit3/J
http://telemetry.skype.com/drew/
http://kukaryka.ru/iTunesHelper.exe

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Temp\3196.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\loader_250246_15072022_2203_31102022.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\vcivdjd	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\vcivdjd:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3196.exe.log	ASCII text, with CRLF line terminators	#