flash

Tranf111.exe

Status: finished
Submission Time: 08.06.2020 01:02:39
Malicious
Trojan
Evader
NetWire GuLoader

Comments

Tags

Details

  • Analysis ID:
    236344
  • API (Web) ID:
    368749
  • Analysis Started:
    08.06.2020 01:02:39
  • Analysis Finished:
    08.06.2020 01:08:13
  • MD5:
    ff429ca7815826081dcfc73e48b3afa1
  • SHA1:
    b5c7cdf2635bb1be0d9703c5fb11e699f39a75f1
  • SHA256:
    828754781079f808a0def249c960490fdba73680442940cf5d1d669406d4de38
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
6/49

malicious

IPs

IP Country Detection
91.193.75.228
Serbia

Domains

Name IP Detection
grace38.duckdns.org
91.193.75.228
znsxra.am.files.1drv.com
0.0.0.0
onedrive.live.com
0.0.0.0

URLs

Name Detection
https://znsxra.am.files.1drv.com/y4mVAQQl6Sd3P1OczukrNdIP0e9E7vfIWADCKwvUX9A-tSXIXmFZMDUrz_OgVwZ28KK
https://znsxra.am.files.1drv.com/y4mbj0T0WVKBrd5-2NlyxQKUAVxkSJtL1-E_cUs8GlzE-b8fjQkIXtzY8U-umEmlpRA
https://znsxra.am.files.1drv.com/6x
Click to see the 8 hidden entries
https://znsxra.am.files.1drv.com/y4mjcdbJ3QRfuUnZCDH1_ob-E5xgYWc0xgURurNPRCN_8kTInvGQVCy_MQIJrR9IW_h
https://znsxra.am.files.1drv.com/
http://crl.microsoft.c8
https://onedrive.live.com/
https://znsxra.am.files.1drv.com/y4mTV4THJ20L_JIEWubssfmWQK0SyfcSdaL34V7DqZPjQXb7jhJxDtpVTLvC6UPh6gJ
https://znsxra.am.files.1drv.com/y4mw2X1MHaU4Cj4ZzQZlESIRrkgURTSIS8CPmZ3JQxDYupTjBIRVHhMzOtqfn8rJXFh
https://onedrive.live.com/download?cid=030A9BC8FCC283CB&resid=30A9BC8FCC283CB%21485&authkey=ACP2x7be
https://onedrive.live.com/8

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\Install\Host.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#