flash

U59WtZz2Sg.exe

Status: finished
Submission Time: 2022-11-30 00:21:09 +01:00
Malicious
Ransomware
Trojan
Spyware
Evader
Babuk, Clipboard Hijacker, Djvu, Vidar

Comments

Tags

  • exe
  • TeamBot

Details

  • Analysis ID:
    756302
  • API (Web) ID:
    1123578
  • Analysis Started:
    2022-11-30 00:21:09 +01:00
  • Analysis Finished:
    2022-11-30 00:36:53 +01:00
  • MD5:
    41001fdd7879ce9ede214e92c7e492be
  • SHA1:
    215964b0399da37b41b7f420806a72feb72a7c28
  • SHA256:
    aaef58ede9edbfc0cbbdd3dc7abfa9ae0f977ed1b33af4f5d7665123187801d1
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
26/72

malicious
23/25

malicious

IPs

IP Country Detection
116.121.62.237
Korea Republic of
222.236.49.123
Korea Republic of
88.198.94.71
Germany
Click to see the 2 hidden entries
162.0.217.254
Canada
149.154.167.99
United Kingdom

Domains

Name IP Detection
uaery.top
116.121.62.237
fresherlights.com
222.236.49.123
t.me
149.154.167.99
Click to see the 1 hidden entries
api.2ip.ua
162.0.217.254

URLs

Name Detection
http://uaery.top/dl/build2.exe
http://fresherlights.com/test1/get.php
https://we.tl/t-5UcwRdS3ED
Click to see the 97 hidden entries
https://we.tl/t-5UcwRdS3
http://uaery.top/dl/build2.exeJ_
http://uaery.top/dl/build2.exe$run
http://fresherlights.com/test1/get.php?pid=903E7F261711F85395E5CEFBF4173C54&first=true
http://uaery.top/dl/build2.exerunk6
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
https://mail.google.com/mail/installwebapp?usp=chrome_default
https://drive.google.com/drive/installwebapp?usp=chrome_default
http://88.198.94.71/
http://www.twitter.com/
http://www.amazon.com/
https://docs.google.com/presentation/B
https://docs.google.com/document/installwebapp?usp=chrome_default
https://sandbox.google.com/payments/v4/js/integrator.js
https://api.2ip.ua/geo.json5
http://www.qt.io/licensing/
https://docs.google.com/document/
https://www.google.com/
http://www.inkscape.org/namespaces/inkscape
http://www.openssl.org/)
http://www.qt.io/terms-conditions.
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=02Google
https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BE6B7572D
http://www.youtube.com/
http://aka.ms/rmssdk)
http://fresherlights.com/test1/get.php?pid=903E7F261711F85395E5CEFBF4173C54&first=trueW
https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
http://creativecommons.org/ns#
https://aka.ms/Vh5j3k
https://api.2ip.ua/geo.json
https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gt
http://88.198.94.71/517
https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5864849777998;gtm=
http://aka.ms/rmsfaq)
https://api.2ip.ua/
https://drive.google.com/:
http://www.nytimes.com/
http://facebook.github.io/react/docs/error-decoder.html?invariant
https://docs.google.com/presentation/:
http://www.freetype.org
https://docs.google.com/spreadsheets/:
http://fresherlights.com/files/1/build3.exe$run
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
http://aka.ms/sia
https://docs.google.com/spreadsheets/B
https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
https://docs.google.com/spreadsheets/?usp=installed_webapp
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
http://www.openssl.org/support/faq.html
https://docs.google.com/presentation/installwebapp?usp=chrome_default
https://docs.google.com/document/:
https://api.2ip.ua/geo.jsongP
https://onedrive.live.com/about/en-us/0
https://drive.google.com/?lfhs=2
https://api.2ip.ua/geo.json=P
https://mail.google.com/mail/B
http://www.msn.com/?ocid=iehp
https://drive.google.com/
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://aka.ms/AA23z1a
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=3931852
https://www.google.com/chrome/
https://www.youtube.com/s/notifications/manifest/cr_install.html
https://docs.google.com/
https://mail.google.com/mail/:
https://docs.google.com/document/B
https://deff.nelreports.net/api/report?cat=msn
https://mail.google.com/mail/
https://www.youtube.com/:
http://www.inkscape.org/)
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=58648497779
https://t.me/asifrazatg
http://searchads.msn.net/.cfm?&&kp=1&
http://fresherlights.com/files/1/build3.exerun
https://payments.google.com/payments/v4/js/integrator.js
https://api.2ip.ua/B
https://mail.google.com/mail/?usp=installed_webapp
https://api.2ip.ua/geo.json=
https://docs.google.com/spreadsheets/
http://www.msn.com/
https://www.youtube.com/
https://api.2ip.ua/geo.jsonk
http://fresherlights.com/files/1/build3.exe(
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://api.2ip.ua/geo.jsonl
https://www.gnu.org/licenses/lgpl.html.
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
http://www.gnu.org/licenses/gpl-2.0.html.
https://docs.google.com/presentation/
http://88.198.94.71/176356074953.zip
https://www.google.com/chrome/application/x-msdownloadC:
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
http://www.ecma-international.org/ecma-262/5.1/#sec-C
https://www.youtube.com/?feature=ytca
http://www.qt.io/contact-us.
http://www.reddit.com/
https://www.youtube.com/B

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\flapper.gif
GIF image data 6044 x 14818
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js
data
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\256.png
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst
PostScript document text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
data
#
C:\Users\user\AppData\Local\81bc8e9b-9d47-41ad-b82b-bbc3ff54a6de\build3.exe
MS-DOS executable
#
C:\Users\user\AppData\Local\81bc8e9b-9d47-41ad-b82b-bbc3ff54a6de\build2.exe
MS-DOS executable
#
C:\Users\user\AppData\Local\439dd104-1941-4ae6-af5f-8afc23993f7a\U59WtZz2Sg.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
data
#
C:\Users\user\AppData\Local\439dd104-1941-4ae6-af5f-8afc23993f7a\U59WtZz2Sg.exe
MS-DOS executable, MZ for MS-DOS
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\192.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\128.png
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log
data
#
C:\Users\user\AppData\Local\IconCache.db
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\192.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\128.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_hover.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62FC182D-10C8.pma
data
#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp
data
#
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst
PostScript document text
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst
PostScript document text
#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4DDQNYCN\www.msn[1].xml
data
#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old
data
#
C:\SystemID\PersonalID.txt
ASCII text, with CRLF line terminators
#
C:\ProgramData\69859612379489584907088796
SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10
#
C:\ProgramData\53195122028892118046415569
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\ProgramData\50023325401737157063598945
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
#
C:\ProgramData\28516965580031020035471649
SQLite 3.x database, last written using SQLite version 3038005, file counter 2, database pages 36, 1st free page 10, free pages 4, cookie 0x26, schema 4, UTF-8, version-valid-for 2
#
C:\ProgramData\28325875654976084354326271
SQLite 3.x database, last written using SQLite version 3038005, file counter 2, database pages 36, 1st free page 10, free pages 4, cookie 0x26, schema 4, UTF-8, version-valid-for 2
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_background.js
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\manifest.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_pressed.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_maximize.png
data
#
C:\ProgramData\15593502492893213849595709
SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_close.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\icon_16.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\icon_128.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\craw_window.html
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\craw_window.css
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\craw_window.js
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\verified_contents.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\page_embed_script.js
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\manifest.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\dasherSettingSchema.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\computed_hashes.json
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\128.png
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
#