flash

https://onedrive.live.com/download?cid=C7504FB3B5BB9FAD&resid=C7504FB3B5BB9FAD%2112789&authkey=AJlsykELbnUa_FM

Status: finished
Submission Time: 31.03.2020 06:34:02
Malicious
Trojan
Evader
Nanocore

Comments

Tags

Details

  • Analysis ID:
    219097
  • API (Web) ID:
    335064
  • Analysis Started:
    31.03.2020 06:34:02
  • Analysis Finished:
    31.03.2020 06:39:26
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious

IPs

IP Country Detection
91.193.75.103
Serbia
172.217.23.97
United States
185.125.205.78
United Kingdom

Domains

Name IP Detection
kenzeey.duckdns.org
91.193.75.103
googlehosted.l.googleusercontent.com
172.217.23.97
ken419.chickenkiller.com
185.125.205.78
Click to see the 4 hidden entries
onedrive.live.com
0.0.0.0
doc-10-9g-docs.googleusercontent.com
0.0.0.0
doc-0c-9c-docs.googleusercontent.com
0.0.0.0
np245a.db.files.1drv.com
0.0.0.0

URLs

Name Detection
http://crl.microsoft
http://ocsp.pki.goog/gts1o10
https://doc-10-9g-docs.googleusercontent.com/docs/securesc/ko16s8pl5apm0uj9cdvuc6rto9dd1bc1/4Zs(n
Click to see the 12 hidden entries
http://www.w3.or
https://doc-0c-9c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b6nb7hud
http://pki.goog/gsr2/GTS1O1.crt0
https://doc-10-9g-docs.googleuse
https://doc-10-9g-docs.googleusercontent.com/docs/securesc/ko16s8pl5apm0uj9cdvuc6rto9dd1bc1/4
https://doc-10-9g-docs.googleusercontent.com/docs/securesc/ko16s8pl5apm0uj9cdvuc6rto9dd1bc1/4fqo9c0a
https://doc-10-9g-docs.googleusercontent.com/
http://crl.pki.goog/gsr2/gsr2.crl0?
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
https://doc-0c-9c-docs.googleusercontent.com/
http://crl.pki.goog/GTS1O1.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\ifvedkwv.wwc\PDF scan_doc 098876.pdf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmp9ECE.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
Click to see the 14 hidden entries
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat
ISO-8859 text, with no line terminators
#
C:\Users\user\blodiges\snerpersko.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{573AAD0C-7354-11EA-AADD-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{573AAD0E-7354-11EA-AADD-C25F135D3C65}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\PDF%20scan_doc%20098876.pdf[1].7z
7-zip archive data, version 0.4
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\PDF scan_doc 098876.pdf.7z.ovrbdef.partial
7-zip archive data, version 0.4
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\PDF scan_doc 098876.pdf.7z.ovrbdef.partial:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\PDF scan_doc 098876.pdf.7z:Zone.Identifier
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\zhrkpwwu.zz2\unarchiver.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DFB29A6DC324C3FBE3.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFD85BAB9622D2A111.TMP
data
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\task.dat
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#