flash

INQUIRY-11062020_PDF .exe

Status: finished
Submission Time: 07.11.2020 11:29:19
Malicious
Ransomware
Trojan
Spyware
Evader
GuLoader

Comments

Tags

  • Loki
  • scr

Details

  • Analysis ID:
    311006
  • API (Web) ID:
    523820
  • Analysis Started:
    07.11.2020 11:55:49
  • Analysis Finished:
    07.11.2020 12:02:24
  • MD5:
    5207df389f5abacaff17bc4bd84810ec
  • SHA1:
    99162953a06cfbfb5734b8b90766b027bf8d5500
  • SHA256:
    3728d18f32ddaf2f72a64f65da6d401f054ac5f6bae9f548a4cb85848317cf3a
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
21/71

malicious
16/48

malicious

IPs

IP Country Detection
195.69.140.147
Georgia
38.108.185.67
United States
168.119.67.60
Germany
Click to see the 1 hidden entries
38.108.185.79
United States

Domains

Name IP Detection
od.lk
38.108.185.79
termorolne.rs
168.119.67.60
web.opendrive.com
38.108.185.67
Click to see the 1 hidden entries
www.termorolne.rs
0.0.0.0

URLs

Name Detection
http://195.69.140.147/.op/cr.php/XGfxkVvZa76tV
http://www.termorolne.rs/mpa/test_jCFQlqMshp74.binhttp://od.lk/s/NzhfMjExNTQ1MjJf/test_jCFQlqMshp74.
http://www.termorolne.rs/mpa/test_jCFQlqMshp74.bin
Click to see the 19 hidden entries
http://www.termorolne.rs/cgi-sys/suspendedpage.cgi
http://od.lk/s/NzhfMjExNTQ1MjJf/test_jCFQlqMshp74.bin
https://web.opendrive.com/t
https://web.opendrive.com/api/v1/download/file.json/NzhfMjExNTQ1MjJf?inline=1
https://certs.starfieldtech.com/repository/0
http://certificates.starfieldtech.com/repository/0
http://certs.starfieldtech.com/repository/1402
http://crl.starfieldtech.com/sfroot-g2.crl0L
http://195.69.140.147/.op/cr.php/XGfxkVvZa76tVi4_
http://ocsp.starfieldtech.com/08
http://crl.starfieldtech.com/sfig2s1-191.crl0c
http://crl.starfieldtech.com/sfroot.crl0L
http://ocsp.starfieldtech.com/0;
http://ocsp.starfieldtech.
https://web.opendrive.com/
http://certificates.starfieldtech.com/repository/sfig2.crt0
http://crl.starfieldtech.com/sfig2s1-139.crl0c
http://crl.starfieldt
http://ocsp.starfieldtech.com/0F

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#