flash

26text.exe

Status: finished
Submission Time: 11.09.2019 20:34:35
Malicious
Evader

Comments

Tags

Details

  • Analysis ID:
    173089
  • API (Web) ID:
    240645
  • Analysis Started:
    11.09.2019 20:34:42
  • Analysis Finished:
    11.09.2019 20:40:45
  • MD5:
    76fbe2d31734cc11564bdce827087721
  • SHA1:
    1c61712d08b2eee6109b964924839c423ec8a255
  • SHA256:
    95dd4e369549b16d6e46da89c9274f812cfb0cb161ea2148ec15f444030bd375
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
68/100

malicious

IPs

IP Country Detection
131.96.123.17
United States
15.253.66.108
United States
16.126.107.179
United States
Click to see the 4 hidden entries
15.80.153.106
United States
15.72.142.70
United States
15.109.9.117
United States
15.237.16.47
United States

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_26text.exe_aecdf89d1d4d2a7cc08af36756a879e7d507dc4_0283b67f_04ae5afc\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\Windows\lsass.exe
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
#
C:\Windows\lsass.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
Click to see the 4 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4AEE.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Sep 12 03:36:12 2019, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E4B.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER509D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\2o6agohLUhn.txt
data
#