flash

file.exe

Status: finished
Submission Time: 2022-12-09 10:31:09 +01:00
Malicious
Phishing
Trojan
Spyware
Evader
Amadey

Comments

Tags

  • exe

Details

  • Analysis ID:
    764030
  • API (Web) ID:
    1131306
  • Analysis Started:
    2022-12-09 10:31:09 +01:00
  • Analysis Finished:
    2022-12-09 10:43:55 +01:00
  • MD5:
    2365cd5930c2845769177b920d4b8ad6
  • SHA1:
    1246c7f15b215bf1ecc70294434ccd19a1778daf
  • SHA256:
    77bfc0f4bf45082fc3c52c3c10d4394d925c116fda4b3eda7f09151a57ad4010
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
54/71

malicious
23/26

malicious

malicious

IPs

IP Country Detection
31.41.244.237
Russian Federation

URLs

Name Detection
31.41.244.237/jg94cVd30f/index.php
http://31.41.244.237/jg94cVd30f/index.phpM

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cred64[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\9c69749b54\gntuud.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\9c69749b54\gntuud.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\85f469ce401df1\cred64.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\853321935212
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
#
\Device\ConDrv
ASCII text, with no line terminators
#