flash

attack.ps1

Status: finished
Submission Time: 10.04.2020 22:20:05
Malicious
Ransomware
Trojan
Spyware
Evader
Remcos

Comments

Tags

Details

  • Analysis ID:
    221880
  • API (Web) ID:
    340471
  • Analysis Started:
    10.04.2020 22:21:06
  • Analysis Finished:
    10.04.2020 22:27:01
  • MD5:
    2cd64056eb975295e153837800fc261b
  • SHA1:
    cc4844bd6ff497d340ba18f08474fd904ee63583
  • SHA256:
    276f418babb2b9c37800ee3ddc54b70a4e2468be0d85c60f8674b426ae859d95
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

IPs

IP Country Detection
185.208.211.131
Netherlands

Domains

Name IP Detection
top.gaminjo1.pw
185.208.211.131

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\remcos\logs.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0fhrhyvt.olp.ps1
ASCII text, with no line terminators
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pk5h3u0y.k0t.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9W8E9CZCBPT6W8M4BA5D.temp
data
#
C:\Users\user\Documents\20200410\PowerShell_transcript.301389.STOIU286.20200410222224.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#