flash

NEW ROM 01-002361_PDF.exe

Status: finished
Submission Time: 31.07.2020 12:19:08
Malicious
Phishing
Trojan
Spyware
Evader
HawkEye MailPassView

Comments

Tags

  • exe
  • HawkEye

Details

  • Analysis ID:
    255292
  • API (Web) ID:
    405895
  • Analysis Started:
    31.07.2020 21:20:15
  • Analysis Finished:
    31.07.2020 21:30:11
  • MD5:
    2cb9093f20d6541f7cf7286f697ab0d2
  • SHA1:
    271a2e64eee0d7c2ef11e941408e0dfc1221f3cf
  • SHA256:
    3afef2476572d24d320f6d9b0aea76022bbc6690826544a69a0f3409d904e76a
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

URLs

Name Detection
https://a.pomf.cat/
https://login.yahoo.com/config/login
http://pomf.cat/upload.php&https://a.pomf.cat/
Click to see the 6 hidden entries
http://www.nirsoft.net
http://pomf.cat/upload.php
http://www.nirsoft.net/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://bot.whatismyipaddress.com/
http://pomf.cat/upload.phpCContent-Disposition:

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW ROM 01-002361_PDF.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp220D.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\&startupname&.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\&startupname&.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\a93a47c3-0eb5-fd5a-bfa5-ade9e3fad938
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp3BAF.tmp
Little-endian UTF-16 Unicode text, with no line terminators
#