flash

PO#2081777 FA2003084 SAP S4 HANA MYC20028.exe

Status: finished
Submission Time: 16.09.2020 14:57:51
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • exe

Details

  • Analysis ID:
    286336
  • API (Web) ID:
    467846
  • Analysis Started:
    16.09.2020 14:57:52
  • Analysis Finished:
    16.09.2020 15:07:26
  • MD5:
    5534d71175a8ddc713bd487ad3c4e4ab
  • SHA1:
    d2bf7ba7e59cef3c1b8556b44c9f1ad2845addf4
  • SHA256:
    4d6a4c556af5a4e4a05ca5aadb976af1f792bb509cd17cf26aa2ca3081317e3c
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
13/66

malicious
9/48

URLs

Name Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
Click to see the 6 hidden entries
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.telegram.org/bot%telegramapi%/
https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
http://ACTBLJ.com
https://api.ipify.orgGETMozilla/5.0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO#2081777 FA2003084 SAP S4 HANA MYC20028.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpAD7.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\nqOncxA.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\nqOncxA.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#