flash

main.exe

Status: finished
Submission Time: 2022-11-16 02:12:09 +01:00
Malicious
Trojan
Ursnif

Comments

Tags

  • exe

Details

  • Analysis ID:
    747122
  • API (Web) ID:
    1114426
  • Analysis Started:
    2022-11-16 02:12:09 +01:00
  • Analysis Finished:
    2022-11-16 02:18:58 +01:00
  • MD5:
    9676298f24c8cdd4b532ac027a00f60e
  • SHA1:
    8d0bd57712533f1a889627706925c17ed4347ce5
  • SHA256:
    0f5cce66023859e9d7e3f54b78e95bf09618db5ed01fe05b765d76ab156271da
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
44/71

malicious

IPs

IP Country Detection
134.0.118.203
Russian Federation

Domains

Name IP Detection
iujdhsndjfks.ru
134.0.118.203
lentaphoto.at
0.0.0.0

URLs

Name Detection
http://iujdhsndjfks.ru/uploaded/0zAp8Z1aE71wHoG9Fv8_2FN/P5uvIi7Lt1/EUmOwLMnjKYCw_2FE/5zk0aaz4yuo7/QTL_2FQEnly/Ec4VWBQYtx71qy/L2HNqAA4G4E5jKKRFVoEW/6ZRPruxEfWT04B4X/RInLDZAh2OnshBS/GAJBFuggBWOl74tiGq/C8U0bIGcG/njcGKLS7Hmxx_2FqYkMA/wXBdKE71rJ0_2BRnJ6T/_2FFCjuDuuyiRkDgNc2F1X/OAukSD8RvE3GZ/wJ754QUV/KLEyROfHTWgoSzopEA1Myxw/SpguZOW_2F2nhfCY/8gj9M.pct
http://iujdhsndjfks.ru/uploaded/j_2B4a8tc2jahOFa/QsOHICIXeKBm7Eu/BNx3p_2F2GoxX0cDqV/bsIcjyFz7/k_2BDS2eH2WFjOwUKnxF/cxRvetg60qsvZC3x78Y/lD8NfOdFnkiGuhR8EOmhwP/zT8fuhrHfJH2d/Ofv40l9W/oihnf9hyrxXMRyhNEU3WQZX/uHKMLk6j9C/xMwWNaKtBn_2BWbOV/iD6PRhU2TNKW/6JAfLIVGbXa/piHFabYjkWkLuD/5eut_2FYnEz3uc4kygTTM/g0YmfFvzjqwqIpvd/2xgKiml2FkDoBfu/2RWlPv_2/Bhf.pct
http://iujdhsndjfks.ru/uploaded/WyfwvLfSP6ng/qNwqPjDNV2y/OxJbU5TVCmFtCl/_2FmMGc0UP7xWlc4RHHm3/VkwOuHDTa4HSnc69/VTjN3cHS8admcsl/lF9YNNHT37IEBsIIb1/rPNHaRLKA/yV_2FpGJiuj5msF0n5k_/2B4wsxqrXszPC5OOTPn/esejfHBxrg5go2pgH4ag55/PJJdIY_2BXhg2/Jq5vcK1p/UgH0h5yEg5hXvdYJIEh70Vq/TQwvIFJaVN/s_2BVc_2FBWfsAcv7/_2BTZLbFDlWX/SnOSHCR0HAx/WLEPxneCpL/KSqopsC3x9/C.pct
Click to see the 15 hidden entries
https://nuget.org/nuget.exe
http://iujdhsndjfks.ru/uploaded/WyfwvLfSP6ng/qNwqPjDNV2y/OxJbU5TVCmFtCl/_2FmMGc0UP7xWlc4RHHm3/VkwOuH
https://github.com/Pester/Pester
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://lentaphoto.at/uploaded/YLQQ1pvNQgsiX0/6uEpUTz0reRtkFusB_2Bb/kfn6D0FsL9WVZQdI/aUDJFCy515UVsdg/
https://contoso.com/Icon
https://contoso.com/License
http://iujdhsndjfks.ru/
https://contoso.com/
http://iujdhsndjfks.ru/uploaded/j_2B4a8tc2jahOFa/QsOHICIXeKBm7Eu/BNx3p_2F2GoxX0cDqV/bsIcjyFz7/k_2BDS
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
http://iujdhsndjfks.ru/uploaded/0zAp8Z1aE71wHoG9Fv8_2FN/P5uvIi7Lt1/EUmOwLMnjKYCw_2FE/5zk0aaz4yuo7/QT
http://pesterbdd.com/images/Pester.png
http://nuget.org/NuGet.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1b5r1h15.c2u.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gmpv3qo3.pur.ps1
very short file (no magic)
#