Dimmock5.exe

Status: finished

Submission Time: 03.04.2021 21:26:12

Malicious

Ransomware

Trojan

Spyware

Evader

AgentTesla GuLoader

Comments

Tags

Details

Analysis ID:
381541
API (Web) ID:
665237
Analysis Started:

03.04.2021 21:26:12
Analysis Finished:

03.04.2021 21:36:06
MD5:
1f6c8e6472b60d49704703c99b28a4b8
SHA1:
1770766f6cfb51725e035b0f38f560bf03d73fae
SHA256:
e0e93e3b7866085b8384948d12a2eb613fc9eb0bc283fbbe12841a5dca11ba9f
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						38/67
						10/37
						21/29

IPs

IP	Country	Detection
54.37.255.108	France
172.217.23.33	United States

Domains

Name	IP	Detection
palacioguevara.com	54.37.255.108
mail.palacioguevara.com	0.0.0.0
googlehosted.l.googleusercontent.com	172.217.23.33
Click to see the 1 hidden entries
doc-14-04-docs.googleusercontent.com	0.0.0.0

URLs

Name	Detection
http://JgAptYOPYbQxfk.net
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
Click to see the 6 hidden entries
http://pki.goog/gsr2/GTS1O1.crt0
http://ENtKzK.com
http://crl.pki.goog/gsr2/gsr2.crl0?
https://pki.goog/repository/0
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://crl.pki.goog/GTS1O1core.crl0

Dropped files

Name	File Type	Hashes	Detection
\Device\ConDrv	ASCII text, with CRLF line terminators	#