flash

James-20-2-2020AM.exe

Status: finished
Submission Time: 20.03.2020 16:13:46
Malicious
Spyware
Evader
Lokibot

Comments

Tags

Details

  • Analysis ID:
    216864
  • API (Web) ID:
    330728
  • Analysis Started:
    20.03.2020 16:13:47
  • Analysis Finished:
    20.03.2020 16:26:46
  • MD5:
    f227317ff39ea91ea49727365d483439
  • SHA1:
    c6a3b56a1fd67ea3627a75e3d7864f58ebe64189
  • SHA256:
    35cce3d0e7644488ca0d27f3e0b38e3405d1d4f102162e48849ea9681fc1e5c2
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
22/70

malicious
24/43

IPs

IP Country Detection
104.31.90.21
United States
104.31.91.21
United States

Domains

Name IP Detection
brokenservices.xyz
104.31.90.21

URLs

Name Detection
http://brokenservices.xyz/James/fre.php
http://www.ibsensoftware.com/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\1CF93A\AA2F06.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-58933367-3072710494-194312298-1002\4216a73197943a17d1161a6bdc4512b0_59407d34-c8c5-44df-a766-ba8a11cb1cb0
data
#