flash

GgNhpv.exe

Status: finished
Submission Time: 21.04.2020 00:49:29
Malicious
Trojan
Evader
Nanocore

Comments

Tags

Details

  • Analysis ID:
    224019
  • API (Web) ID:
    344637
  • Analysis Started:
    21.04.2020 00:49:30
  • Analysis Finished:
    21.04.2020 01:04:49
  • MD5:
    1931c289254c302b2774aecb11378c5e
  • SHA1:
    37f6faf326308012f416962e0c5a87e949bc3192
  • SHA256:
    cfa971612c0b5646e1fcd66033e827bbf1256707224be20874f537bd23f9b8e0
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

IPs

IP Country Detection
151.80.8.11
Italy
104.18.49.20
United States
104.18.48.20
United States

Domains

Name IP Detection
alice2019.myftp.biz
151.80.8.11
paste.ee
104.18.48.20

URLs

Name Detection
http://www.typography.netD
http://secureteam.net/ErrorReporting.asmx
http://www.founder.com.cn/cn/cThe
Click to see the 21 hidden entries
http://www.apache.org/licenses/LICENSE-2.0
http://fontfabrik.com
http://www.founder.com.cn/cn
http://www.founder.com.cn/cn/bThe
http://secureteam.net/webservices/CreateErrorReport
http://secureteam.net/webservices/$
http://www.jiyu-kobo.co.jp/
http://www.sajatypeworks.comhr
http://www.tiro.com
http://www.fonts.com
http://www.sandoll.co.kr
http://www.goodfont.co.kr
http://www.zhongyicts.com.cn
http://paste.ee/r/yaEzF
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.sakkal.com
http://secureteam.net/webservices/T
http://www.carterandcone.coml
http://secureteam.net/ErrorReporting.asmxY
http://secureteam.net/webservices/TU
http://www.sajatypeworks.com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\GgNhpv.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat
data
#
Click to see the 32 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wpasv.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1djyoqla.cgt.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1lhymjxj.kfz.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1u3t34eh.as0.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4gxgbq4p.tot.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ircppmr.cnw.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_drs5twxd.myu.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fiieimg5.41q.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ikzuz3ku.qxx.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lhc4fd1p.xbi.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_od4nbngh.yez.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_osulfv0a.f21.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prtsbvfc.nov.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szytjllq.c4w.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yl2tt2od.syr.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yy2dm54c.txy.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zznvryas.0wh.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\WPA Service\wpasv.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\catalog.dat
data
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\settings.bin
data
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\storage.dat
data
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.8e5DVsxy.20200421005130.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.ACpugxHH.20200421005032.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.AcYzDbUR.20200421005018.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.JsCpoOAZ.20200421005131.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.MyWoFULh.20200421005030.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.YHQfqqxA.20200421005112.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.pQoJ9U0B.20200421005016.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
C:\Users\user\Documents\20200421\PowerShell_transcript.818225.xgwDSDKc.20200421005111.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#