flash

Purchase Order #(PO-4147074).exe

Status: finished
Submission Time: 08.01.2021 13:33:17
Malicious
Trojan
Evader
Nanocore

Comments

Tags

  • NanoCore

Details

  • Analysis ID:
    337361
  • API (Web) ID:
    576618
  • Analysis Started:
    08.01.2021 13:33:18
  • Analysis Finished:
    08.01.2021 13:41:04
  • MD5:
    b3ddd600d5608af2f0e334d71fff40ed
  • SHA1:
    d3985f7660b23bb7837ab58a464259e73b15feef
  • SHA256:
    9947c185b51b600edf4ad76e442cfbdf8a7621140c5197001844891312b69146
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
0.0.0.0
unknown
212.83.46.26
Germany

URLs

Name Detection
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order #(PO-4147074).exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp8E62.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
#
Click to see the 2 hidden entries
C:\Users\user\AppData\Roaming\FTbYDVOHFNt.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\FTbYDVOHFNt.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#