flash

sample4.exe

Status: finished
Submission Time: 14.01.2021 04:01:56
Malicious
Trojan
Evader
IcedID

Comments

Tags

Details

  • Analysis ID:
    339451
  • API (Web) ID:
    580830
  • Analysis Started:
    14.01.2021 04:01:56
  • Analysis Finished:
    14.01.2021 04:10:39
  • MD5:
    5009b8bcf024704c8b23e42c492f118c
  • SHA1:
    df607367a88b5610a224909efb8debeb0d90f487
  • SHA256:
    30f099660904079afcd445409cfd2eca735fab49dda522f03ed60d47f9f21bdc
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
47/61

malicious
23/29

malicious

IPs

IP Country Detection
104.244.42.131
United States

Domains

Name IP Detection
gegemony4you.top
0.0.0.0
s.twitter.com
104.244.42.131
support.oracle.com
0.0.0.0
Click to see the 6 hidden entries
www.oracle.com
0.0.0.0
g.msn.com
0.0.0.0
help.twitter.com
0.0.0.0
www.intel.com
0.0.0.0
www.intel.ch
0.0.0.0
corpredirect.intel.com
0.0.0.0

URLs

Name Detection
https://outlook.live.com/owa/
https://help.twitter.com/en/using-twitter#search-and-trends
https://help.twitter.com/en/managing-your-account/notifications-on-mobile-devices
Click to see the 97 hidden entries
https://help.twitter.com/fr
https://about.twitter.com/en_us/safety.html
https://developer.twitter.com/en/docs
https://help.twitter.com/en/managing-your-account#login-and-password
https://blog.twitter.com/
https://help.twitter.com/fil
https://about.twitter.com/en_us/company.html
https://help.twitter.com/nl
https://help.twitter.com/fa
https://twitter.com/AppleSupport
https://twitter.com/applesupport
https://resources.digital-cloud-prem.medallia.com
https://help.twitter.com/fi
https://templates.office.com/
https://twitter.com/i/csp_report;
https://business.twitter.com/en/advertising.html
https://help.twitter.com/no
https://static.ads-twitter.com
https://help.twitter.com/en/rules-and-policies/twitter-rules
https://cdn.cms-twdigitalassets.com/content/dam/help-twitter/logos/card_wide_blue.png
https://help.twitter.com/gu
https://api.twitter.com
https://help.twitter.com/en/using-twitter#adding-content-to-your-tweet
https://blog.twitter.com/en_us/topics/company/2020/covid-19.html
https://twitter.com
https://www.twitterflightschool.com/sl/382652bc
https://help.twitter.com/en/rules-and-policies#law-enforcement-guildelines
https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post
https://support.xbox.com/
https://help.twitter.com/en/managing-your-account
https://help.twitter.com/en/using-twitter/mentions-and-replies
https://help.twitter.com/en/rules
https://cdn.cms-twdigitalassets.com
https://www.wikidata.org/wiki/Q65129345
https://help.twitter.com/en/a-safer-twitter
https://transparency.twitter.com/
https://business.twitter.com/en/help.html
https://help.twitter.com/en/twitter-guide
https://cdn.goglobalwithtwitter.com
http://schema.org/VideoObject
https://help.twitter.com/en/using-twitter/tweeting-gifs-and-pictures
https://help.twitter.com/en/how-you-can-control-your-privacy
https://help.twitter.com/en/using-twitter/advanced-twitter-mute-options
https://careers.twitter.com/
https://support.xbox.com
https://help.twitter.com/hu
https://blog.twitter.com/developer/
https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/
https://help.twitter.com
https://help.twitter.com/hr
https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR
https://www.skype.com/en/
https://help.twitter.com/en/managing-your-account#verified-accounts
https://media.twitter.com/
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO
https://help.twitter.com/he
https://data.twitter.com/
https://developer.twitter.com/en/community
https://help.twitter.com/pl
https://schema.org
https://help.twitter.com/en/managing-your-account#notifications
https://status.twitterstat.us/
https://help.twitter.com/pt
https://help.twitter.com/hi
https://www.onenote.com/
https://help.twitter.com/en/rules-and-policies#twitter-rules
https://help.twitter.com/it
https://help.twitter.com/en/glossary
https://help.twitter.com/ja
https://cards-dev.twitter.com/validator
http://ogp.me/ns#
https://help.twitter.com/ar
https://about.twitter.com/en_us/company/twitter-for-good.html
https://privacy.twitter.com/
https://help.twitter.com/en/using-twitter#tweets
https://marketing.twitter.com/en/insights
https://about.twitter.com/en_us/company/brand-resources.html
https://help.twitter.com/id
http://schema.org/Organization
https://twitter.com/login?redirect_after_login=https://help.twitter.com/en
https://business.twitter.com/en/resources.html
https://help.twitter.com/en/contact-us
https://video.twimg.com/tweet_video/EAa_YvRU4AAH-IN.mp4
https://business.twitter.com/
https://help.twitter.com/en/safety-and-security/how-to-make-twitter-private-and-public
https://help.twitter.com/bn
https://help.twitter.com/
https://feedback.digital-cloud-prem.medallia.com;
https://twitter.com/privacy
https://help.twitter.com/sk
https://templates.office.com/collection-family-activities
https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload
https://marketing.twitter.com/en/success-stories
https://twitter.com/logout
https://help.twitter.com/en/using-twitter/direct-messages
https://help.twitter.com/ro

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sample4.exe_45365feab801c9585ad9627648598a0b3f59_b2de38ec_023208c1\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sample4.exe_45365feab801c9585ad9627648598a0b3f59_b2de38ec_058db978\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sample4.exe_45365feab801c9585ad9627648598a0b3f59_b2de38ec_13ce361a\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 17 hidden entries
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sample4.exe_45365feab801c9585ad9627648598a0b3f59_b2de38ec_16da5cdc\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_sample4.exe_45365feab801c9585ad9627648598a0b3f59_b2de38ec_177de25c\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BD.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER286E.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jan 14 12:04:35 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER306E.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER32EF.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4983.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jan 14 12:04:45 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DB.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55D8.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER585A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERABCC.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jan 14 12:04:04 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3DB.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB592.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB79.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jan 14 12:04:12 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD677.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE76.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF661.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jan 14 12:04:23 2021, 0x1205a4 type
#