flash

file.exe

Status: finished
Submission Time: 2022-12-09 10:31:05 +01:00
Malicious
Trojan
Spyware
Evader
Amadey

Comments

Tags

  • exe

Details

  • Analysis ID:
    764029
  • API (Web) ID:
    1131305
  • Analysis Started:
    2022-12-09 10:31:05 +01:00
  • Analysis Finished:
    2022-12-09 10:43:10 +01:00
  • MD5:
    2396925cc38be4f07bd426cf080256ce
  • SHA1:
    8884e5383b3601e59089f0d287acad1eff20c676
  • SHA256:
    e91bb1f7c2b2ffd094d3915f1fffbfe929efd49e1d732b51d60e8a378a8a066b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
17/91

malicious
23/26

malicious

malicious

IPs

IP Country Detection
77.73.133.72
Kazakhstan

URLs

Name Detection
77.73.133.72/hfk3vK9/index.php
http://77.73.133.72/hfk3vK9/Plugins/cred64.dll_
http://77.73.133.72/hfk3vK9/Plugins/cred64.dll
Click to see the 5 hidden entries
http://77.73.133.72/hfk3vK9/Plugins/cred64.dll=
http://77.73.133.72/hfk3vK9/index.php
http://77.73.133.72/hfk3vK9/index.php8
http://77.73.133.72/hfk3vK9/Plugins/cred64.dll)
http://77.73.133.72/hfk3vK9/index.phpplay

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cred64[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ecaac49691\gntuud.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\ecaac49691\gntuud.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Temp\853321935212
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
#