flash

___ __ ___.exe

Status: finished
Submission Time: 08.04.2020 15:07:02
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook GuLoader

Comments

Tags

Details

  • Analysis ID:
    221188
  • API (Web) ID:
    339119
  • Analysis Started:
    08.04.2020 15:07:02
  • Analysis Finished:
    08.04.2020 15:24:39
  • MD5:
    545bb1c1d4627047e71c9b3cc9aba515
  • SHA1:
    30abdfe836554c621a1279cbac5cf68ee8f9a27d
  • SHA256:
    4482af9846b35b189ffbe4dbf2c398491558c98adb1503942d40f503974d2d23
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)

malicious
100/100

malicious
15/72

malicious
16/47

IPs

IP Country Detection
35.208.146.4
United States
34.253.89.155
United States

Domains

Name IP Detection
korrela.com
35.208.146.4
www.instantmktg.com
0.0.0.0
www.completeyourorder.party
0.0.0.0
Click to see the 10 hidden entries
www.korrela.com
0.0.0.0
www.weblivexpert.online
0.0.0.0
www.boand.company
0.0.0.0
www.usmantechstaffing.com
0.0.0.0
www.tangushuojin.com
0.0.0.0
www.johnwolfesculpture.com
0.0.0.0
web-prod-3fab4a-1499954829-1392918184.eu-west-1.elb.amazonaws.com
34.253.89.155
instantmktg.com
184.168.221.37
onedrive.live.com
0.0.0.0
hmhxvw.dm.files.1drv.com
0.0.0.0

URLs

Name Detection
http://www.korrela.com/sa22/
http://www.johnwolfesculpture.com/sa22/?4hllG4c0=9W++Sllu7asCPnt7c6bHhsH55K7Vj/VEi/un24Pfn90An80eS7zCOl8dh/5Lt5EUN1tCIA==&7nNh=t4YTida0vzmLbh
http://www.korrela.com/sa22/?4hllG4c0=COHCH7zZrV9rvmj1R6i27nEdgcs+lDhmU4bL/SPZGIMCDIh03pCouR0/1sz1fcAvGJ0DNA==&7nNh=t4YTida0vzmLbh&sql=1
Click to see the 22 hidden entries
https://onedrive.live.com/3
http://wellformedweb.org/CommentAPI/
https://crash-reports.mozilla.com/submit?id=
http://crl.entrust.net/server1.crl0
http://ocsp.entrust.net03
https://hmhxvw.dm.files.1drv.com/y4mWwNJZbf4oaC_H7wnwZA-YVmc5AReGkKXkUEvZkWkVTWZIoh8T0hIhbHq0o3SR8zp
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
http://www.diginotar.nl/cps/pkioverheid0
https://hmhxvw.dm.files.1drv.com/y4mjC0TasxG1CU0TWh2nSpMfrTbhENVZK9AmoCbn0tqjuMrPXMqk3OLxNyIPRG_vKIv
https://onedrive.live.com/download?cid=569F732A389E1EA2&resid=569F732A389E1EA2%21411&authkey=ABTtM_3
https://onedrive.live.com/
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
http://crl.use:
https://hmhxvw.dm.files.1drv.com/y4mAymrJf7IYgOPTMcPi41l7VVW4reXsUzeWk4GGUou_YzD01AFJEaZ7ABDYRMDGPyt
https://hmhxvw.dm.files.1drv.com/y4mEr9yH-7ZhFAs2uIfcjGadw4DGbDySo2uw6humDzXMDq7iXT0aM0o4AD9ipAnxEae
http://www.%s.comPA
https://hmhxvw.dm.files.1drv.com/
http://ocsp.entrust.net0D
https://hmhxvw.dm.files.1drv.com/_uGU
https://secure.comodo.com/CPS0
http://crl.entrust.net/2048ca.crl0
https://hmhxvw.dm.files.1drv.com/iuGU

Dropped files

Name File Type Hashes Detection
C:\Program Files\Rutf\IconCache-ze.exe
empty
#
C:\Users\user\AppData\Local\Temp\Rutf\IconCache-ze.exe
empty
#
C:\Users\user\AppData\Local\Temp\subfolder1\filename1.exe
empty
#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Temp\subfolder1\filename1.vbs
empty
#
C:\Users\user\AppData\Roaming\KP8PBRSW\KP8logim.jpeg
empty
#
C:\Users\user\AppData\Roaming\KP8PBRSW\KP8logrf.ini
empty
#
C:\Users\user\AppData\Roaming\KP8PBRSW\KP8logri.ini
empty
#
C:\Users\user\AppData\Roaming\KP8PBRSW\KP8logrv.ini
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\116QEZ7Q.txt
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\CTD93KMK.txt
empty
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GQD6JM6O.txt
empty
#