flash

ScanEGTC2020.exe

Status: finished
Submission Time: 09.06.2020 21:51:36
Malicious
Trojan
Evader
Nanocore GuLoader

Comments

Tags

Details

  • Analysis ID:
    237109
  • API (Web) ID:
    370230
  • Analysis Started:
    09.06.2020 21:59:23
  • Analysis Finished:
    09.06.2020 22:08:46
  • MD5:
    707a145a07948f2c57ad87b8f89ae7d1
  • SHA1:
    8c6d5b4c9be4358ac5653e49a44be0a990506386
  • SHA256:
    d06c2cfa228f5f0c1330f5b7dc793bc8853cbcdb0305392705984d4aebf3e706
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

malicious
100/100

malicious
12/72

malicious
10/48

IPs

IP Country Detection
79.134.225.32
Switzerland

Domains

Name IP Detection
onedrive.live.com
0.0.0.0
qfqsdg.am.files.1drv.com
0.0.0.0

URLs

Name Detection
https://onedrive.live.com/download?cid=196E83840EF8C152&resid=196E83840EF8C152%21107&authkey=AH2lhJy

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\tmp8520.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\run.dat
International EBCDIC text, with no line terminators
#
C:\Program Files (x86)\WPA Service\wpasv.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\wpasv.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp8715.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\59407D34-C8C5-44DF-A766-BA8A11CB1CB0\task.dat
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#