flash

http://covid19vaccine.hopto.org/march%20OG.exe

Status: finished
Submission Time: 09.03.2021 15:28:23
Malicious
Trojan
Evader
GuLoader

Comments

Tags

Details

  • Analysis ID:
    365435
  • API (Web) ID:
    632937
  • Analysis Started:
    09.03.2021 15:35:42
  • Analysis Finished:
    09.03.2021 15:42:23
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
54/71

malicious
9/37

malicious
23/28

malicious

IPs

IP Country Detection
46.183.222.6
Latvia

Domains

Name IP Detection
covid19vaccine.hopto.org
46.183.222.6

URLs

Name Detection
http://covid19vaccine.hopto.org/march%20OG.exe
0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\march OG.exe.0mzlwub.partial
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\march%20OG[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\~DFB4A747BCDB3C3464.TMP
data
#
Click to see the 6 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{493F8842-8130-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{493F8844-8130-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\march OG.exe.0mzlwub.partial:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\march OG.exe:Zone.Identifier
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF9FFFDC171AAF0B67.TMP
data
#