flash

e5bd3238d220c97cd4d6969abb3b33e0.exe

Status: finished
Submission Time: 19.11.2020 01:48:17
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • NanoCore

Details

  • Analysis ID:
    320085
  • API (Web) ID:
    541973
  • Analysis Started:
    19.11.2020 01:51:24
  • Analysis Finished:
    19.11.2020 02:03:56
  • MD5:
    7b00ed250c793c95f4d98c637302fb6f
  • SHA1:
    7f8d0c101fa8c5e875aa76c9a9c139d8800867b3
  • SHA256:
    5108996bad93e37f7f6e003be1edf9dba10a99fafc3894f8d4fd01226e10b0a5
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
33/48

malicious

IPs

IP Country Detection
87.65.28.27
Belgium

Domains

Name IP Detection
windowslivesoffice.ddns.net
87.65.28.27

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
Non-ISO extended-ASCII text, with no line terminators
#
C:\Users\user\hdwwiz\DiagnosticsHub.StandardCollector.Service.exe.bat
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinSAT.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Nov 19 08:52:25 2020, mtime=Thu Nov 19 08:52:25 2020, atime=Thu Nov 19 08:52:25 2020, length=1124896, window=hide
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#