flash

e3CtV2Nw.exe

Status: finished
Submission Time: 24.09.2020 18:18:01
Malicious
Trojan
Adware
Spyware
Evader
njRat

Comments

Tags

  • exe
  • njRat

Details

  • Analysis ID:
    289659
  • API (Web) ID:
    474424
  • Analysis Started:
    24.09.2020 18:18:01
  • Analysis Finished:
    24.09.2020 18:26:35
  • MD5:
    a9620469a4b9a1b7c77aab3e946187f7
  • SHA1:
    06e7e5fd7d1e545916e8eb061b8be281454b03d8
  • SHA256:
    46fa7b3768b1f91187f59fb97a88e1efbbe603dc88419c73da07c627e9d57f74
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
59/71

malicious
43/48

malicious

IPs

IP Country Detection
91.109.186.4
France

Domains

Name IP Detection
ronymahmoudn.ddns.net
91.109.186.4

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\e3CtV2Nw.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0af32282296cbea7a0582702966a56c9.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\domty.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\domty.exe.log
ASCII text, with CRLF line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#