flash

PO#2081776 FA2003084 SAP S4 HANA MYC20028.exe

Status: finished
Submission Time: 16.09.2020 15:00:37
Malicious
Trojan
Spyware
Evader
AgentTesla

Comments

Tags

  • AgentTesla
  • exe

Details

  • Analysis ID:
    286346
  • API (Web) ID:
    467861
  • Analysis Started:
    16.09.2020 15:08:50
  • Analysis Finished:
    16.09.2020 15:18:32
  • MD5:
    52da5d6ab23109e68174667433a7f36a
  • SHA1:
    7dc28eaeaa2d25a02678d1c2c05590863c4dd1df
  • SHA256:
    ab1ee0b548744b3e7892af6517a41f37b462856e0b744bd9ad58af079771db33
  • Technologies:
Full Report Engine Info Verdict Score Reports

malicious

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
14/68

malicious
9/48

URLs

Name Detection
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO#2081776 FA2003084 SAP S4 HANA MYC20028.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp209E.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\FqAAmXG.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\FqAAmXG.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#