flash

Background.exe

Status: finished
Submission Time: 07.04.2020 19:30:57
Malicious
Trojan
Evader
Nanocore

Comments

Tags

Details

  • Analysis ID:
    220941
  • API (Web) ID:
    338647
  • Analysis Started:
    07.04.2020 19:32:39
  • Analysis Finished:
    07.04.2020 19:47:30
  • MD5:
    a7af23352e01803bdc6ed240297fecc3
  • SHA1:
    aa28d24fee3bcf1f84d63cb0c6e43aa4eb1c1946
  • SHA256:
    c7fd1168da9578d0aa92ff5b562ef6f9ca6f5890100ed6fc8634bf70c72c44fb
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
92/100

IPs

IP Country Detection
185.140.53.136
Sweden
91.189.180.198
Norway
172.217.23.97
United States

Domains

Name IP Detection
bb419.duckdns.org
185.140.53.136
oluwaboi.duckdns.org
91.189.180.198
site-cdn.onenote.net
0.0.0.0
Click to see the 2 hidden entries
googlehosted.l.googleusercontent.com
172.217.23.97
doc-0k-bc-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
https://doc-0k-bc-docs.googleusercontent.com/docs/securesc/okjaf0d96k16o2ur6os401lotlk7qdd4/frctj5jk
https://doc-0k-bc-docs.googleusercontent.com/
https://doc-0k-bc-docs.googleusercontent.com/docs/securesc/okjaf0d96k16o2ur6os401lotlk7qdd4/f
Click to see the 11 hidden entries
https://doc-0k-bc-docs.googleusercontent.com/docs/securesc/okjaf0d96k16o2ur6os401lotlk7qdd4/uikil5gv
https://doc-0k-bc-docs.googleusercontent.com/f
http://ocsp.pki.goog/gts1o10
http://pki.goog/gsr2/GTS1O1.crt0
http://crl.pki.goog/gsr2/gsr2.crl0?
http://ocsp.pki.goog
http://ocsp.pki.goog/gsr202
https://pki.goog/repository/0
https://oluwaboi419.000webhostapp.com/JANMEGACASH2020_encrypted_5FCC7B0.bin
http://crl.pki.goog/GTS1O1.crl0
https://doc-0k-bc-docs.googleusercontent.com/docs/securesc/okjaf0d96k16o2ur6os401lotlk7qdd4/u

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat
ISO-8859 text, with no line terminators
#
C:\Users\user\Trkagenspseud\Kindtnde.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
#