flash

PDF scan_doc 098876.pdf.exe

Status: finished
Submission Time: 31.03.2020 07:05:17
Malicious
Ransomware
Trojan
Evader
Nanocore

Comments

Tags

Details

  • Analysis ID:
    219100
  • API (Web) ID:
    335070
  • Analysis Started:
    31.03.2020 07:05:17
  • Analysis Finished:
    31.03.2020 07:12:57
  • MD5:
    01ae5ec18a778f172c7a06def83eb31f
  • SHA1:
    42fda879bdb2187b4acf790014640a5406ced0ce
  • SHA256:
    cfa3b8e2178a004572f9cc3f718ab613f94d9e000969b8059146de1acc60f0a9
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious

IPs

IP Country Detection
91.193.75.103
Serbia
172.217.23.97
United States
185.125.205.78
United Kingdom

Domains

Name IP Detection
kenzeey.duckdns.org
91.193.75.103
googlehosted.l.googleusercontent.com
172.217.23.97
ken419.chickenkiller.com
185.125.205.78
Click to see the 2 hidden entries
doc-10-cc-docs.googleusercontent.com
0.0.0.0
doc-0c-9c-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
https://doc-0c-9c-docs.googleusercontent.com/u
http://pki.goog/gsr2/GTS1O1.crt0
https://doc-0c-9c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/e8va03mc
Click to see the 6 hidden entries
http://crl.pki.goog/gsr2/gsr2.crl0?
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
https://doc-0c-9c-docs.googleusercontent.com/
http://crl.pki.goog/GTS1O1.crl0
http://ocsp.pki.goog/gts1o10

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\tmp266D.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat
Non-ISO extended-ASCII text, with no line terminators
#
C:\Users\user\blodiges\snerpersko.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\task.dat
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#