flash

cqu7x.exe

Status: finished
Submission Time: 2022-11-11 12:19:10 +01:00
Malicious
Trojan
Evader
Ursnif, SmokeLoader

Comments

Tags

Details

  • Analysis ID:
    743908
  • API (Web) ID:
    1111217
  • Analysis Started:
    2022-11-11 12:20:50 +01:00
  • Analysis Finished:
    2022-11-11 12:32:42 +01:00
  • MD5:
    e449924b8aa04fa2e032511cf86d2482
  • SHA1:
    bc9c00e0841a84fbc45d9ef36422eac3590b590f
  • SHA256:
    b9fd7622c3fcfdd6eb9b2cb917a3cb64eb35c61221de4866303ca88d828d5bed
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
15/37

malicious
24/26

malicious

malicious

IPs

IP Country Detection
80.76.42.141
Russian Federation
37.140.192.158
Russian Federation

Domains

Name IP Detection
kukaryka.ru
80.76.42.141
dindunketagestan.ru
37.140.192.158
telemetry.skype.com
0.0.0.0

URLs

Name Detection
http://dindunketagestan.ru/
http://goalichkindomik.ru/
http://pali44unkis9.ru/
Click to see the 4 hidden entries
http://klenoviycdesss.ru/
http://www.autoitscript.com/autoit3/J
http://telemetry.skype.com/drew/
http://kukaryka.ru/iTunesHelper.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\3196.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\loader_250246_15072022_2203_31102022.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\vcivdjd
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\vcivdjd:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3196.exe.log
ASCII text, with CRLF line terminators
#