flash

SecuriteInfo.com.Trojan.Packed.140.15556.exe

Status: finished
Submission Time: 01.08.2020 21:39:55
Malicious
Trojan
Evader

Comments

Tags

  • TrickBot

Details

  • Analysis ID:
    255727
  • API (Web) ID:
    406994
  • Analysis Started:
    02.08.2020 00:35:05
  • Analysis Finished:
    02.08.2020 00:42:17
  • MD5:
    3da1b6c6970840dc448846ae45d1fea2
  • SHA1:
    b046e2d07161f9fdcd0083cdaf999094f8e9c865
  • SHA256:
    83a398dec9085224850a075237a1c6466cbf277898f7031f44d82cc6bd498b68
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
72/100

IPs

IP Country Detection
121.100.19.18
Indonesia
78.108.216.47
Germany
95.217.228.176
Germany
Click to see the 2 hidden entries
85.204.116.100
Romania
51.81.112.144
United States

Domains

Name IP Detection
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
168.63.67.155
wtfismyip.com
95.217.228.176
174.136.132.91.cbl.abuseat.org
127.0.0.2
Click to see the 1 hidden entries
174.136.132.91.zen.spamhaus.org
0.0.0.0

URLs

Name Detection
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/0/Windows%2010%20x
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/23/1000512/.(
http://wtfismyip.com/
Click to see the 12 hidden entries
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/5/spk/
https://121.100.19.18:449/0D(
https://121.100.19.18:449/hD
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/23/1000512/
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/14/user/user/0
http://wtfismyip.com/ext
https://51.81.112.144/ono57/468325_W10017134.33B552D51284FBBFB31467BB981
http://wtfismyip.com/text
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/14/path/C:%5CProgr
https://121.100.19.18:449/
http://wtfismyip.com/extr
https://121.100.19.18:449/ono57/468325_W10017134.33B552D51284FBBFB31467BB981D7553/14/DNSBL/listed/0/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58139 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\Temp\logBEA7.tmp
Non-ISO extended-ASCII text, with CRLF line terminators
#