flash

DHL_document11022020680908911.exe

Status: finished
Submission Time: 07.04.2021 08:37:10
Malicious
Evader
NanoCore

Comments

Tags

  • DHL
  • exe
  • NanoCore

Details

  • Analysis ID:
    383099
  • API (Web) ID:
    668336
  • Analysis Started:
    07.04.2021 08:40:36
  • Analysis Finished:
    07.04.2021 08:56:52
  • MD5:
    dc8e7cde980f05501758f8ce3048682e
  • SHA1:
    fca9c2a66cfddfe6a8677e1568ea32ad18dda600
  • SHA256:
    e3b80db58c1fa79c3780e68cf7d3ea987fb2615a68077ba3b110cfd3a7cf4de6
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
7/48

IPs

IP Country Detection
185.191.231.252
Netherlands
172.67.150.212
United States

Domains

Name IP Detection
myliverpoolnews.cf
172.67.150.212

URLs

Name Detection
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-2657AF87F290203D3CADB14A1F61B73C.html
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-531418C06045F41752298279414DE528.html
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s458/0_GettyImages-1304940818.
Click to see the 97 hidden entries
https://dev.ditu.live.com/REST/v1/Routes/
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://t0.tiles.ditu.live.com/tiles/gen
https://i2-prod.liverpool.com/incoming/article19957561.ece/ALTERNATES/s458/1_FreeAgentPlayers.jpg
https://c.amazon-adsystem.com/aax2/apstag.js
https://www.liverpool.com/liverpool-fc-news/features/liverpool-arsenal-klopp-lijnders-carabao-171668
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-02-
https://i2-prod.liverpoolecho.co.uk/incoming/article17165318.ece/ALTERNATES/s615/2_GettyImages-11837
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s220b/0_GettyImages-1273716690
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s180/0_GettyImages-1302496803.
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s270b/0_Salah-Goal-vs-Leeds.jp
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
https://www.liverpool.com/all-about/premier-league
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s180/0_Salah-Pressing.jpg
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s615/0_Curtis-10.png
http://www.hulu.com/terms
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s180/1_WhatsApp-Image-2021-03-
https://www.liverpool.com/liverpool-fc-news/
https://www.liverpool.com/schedule/liverpool-arsenal-carabao-cup-klopp-17166154
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s615/0_GettyImages-1231353837.
https://www.liverpool.com/liverpool-fc-news/features/liverpool-psg-transfer-news-19957850
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s220b/0_WhatsApp-Image-2021-02
https://appexmapsappupdate.blob.core.windows.net
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.bingmapsportal.com
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s180/0_RobertsonCross1.jpg
https://ads.pubmatic.com/AdServer/js/pwt/156997/3236/pwt.js
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s270b/0_Curtis-10.png
https://www.liverpool.com/liverpool-fc-news/transfer-news/fsg-liverpool-gini-wijnaldum-transfer-1876
https://www.hulu.com/do-not-sell-my-info
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
https://dev.virtualearth.net/REST/v1/Routes/
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s615/0_RobertsonCross1.jpg
https://www.liverpool.com/liverpool-fc-news/features/jurgen-klopp-liverpool-transfer-targets-1996166
https://www.liverpool.com/liverpool-fc-news/transfer-news/liverpool-erling-haaland-transfer-weghorst
https://reachplc.hub.loginradius.com"
https://i2-prod.liverpool.com/incoming/article19940968.ece/ALTERNATES/s220b/0_Curtis-10.png
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
https://i2-prod.liverpool.com/incoming/article19955855.ece/ALTERNATES/s615/0_GettyImages-1304940818.
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s270b/0_GettyImages-1273716690
https://s2-prod.liverpool.com
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://www.liverpool.com/liverpool-fc-news/features/mohamed-salah-liverpool-goal-flaw-19945816
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s270b/0_GettyImages-1231353837
https://github.com/Pester/Pester
https://myliverpoolnews.cf4=k
https://i2-prod.liverpool.com
http://www.hulu.com/privacy
https://felix.data.tm-awx.com/felix.min.js
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.t
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s180/0_Salah-Goal-vs-Leeds.jpg
https://i2-prod.liverpool.com/incoming/article19960478.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-03-
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s270b/0_RobertsonCross1.jpg
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s458/0_GettyImages-1273716690.
https://www.liverpool.com/all-about/ozan-kabak
https://s2-prod.mirror.co.uk/
http://myliverpoolnews.cf/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s180/0_WhatsApp-Image-2021-02-
https://www.liverpool.com/all-about/champions-league
https://www.liverpool.com/all-about/curtis-jones
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
https://i2-prod.liverpool.com/incoming/article19960206.ece/ALTERNATES/s615/0_WhatsApp-Image-2021-03-
https://www.liverpool.com/all-about/steven-gerrard
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://www.liverpool.com/liverpool-fc-news/features/liverpool-ozan-kabak-future-audition-19954616
https://i2-prod.liverpool.com/incoming/article19963923.ece/ALTERNATES/s458/1_WhatsApp-Image-2021-03-
https://www.liverpool.com/liverpool-fc-news/features/liverpool-penalties-premier-league-var-17171391
http://schema.org/NewsArticle
https://www.liverpool.com/schedule/
http://schema.org/BreadcrumbList
https://securepubads.g.doubleclick.net/tag/js/gpt.js
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://s2-prod.liverpool.com/
https://www.liverpool.com/liverpool-fc-news/features/liverpool-champions-league-jurgen-klopp-1996194
https://i2-prod.liverpool.com/incoming/article19955390.ece/ALTERNATES/s220b/0_GettyImages-1231353837
https://i2-prod.liverpool.com/incoming/article19961953.ece/ALTERNATES/s458/0_GettyImages-1302496803.
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
https://felix.data.tm-awx.com/ampconfig.json"
https://i2-prod.liverpool.com/incoming/article19961704.ece/ALTERNATES/s615/0_GettyImages-1273716690.
https://i2-prod.liverpool.com/incoming/article19938370.ece/ALTERNATES/s270b/0_Salah-Pressing.jpg
https://i2-prod.liverpool.com/incoming/article19945821.ece/ALTERNATES/s615/0_Salah-Goal-vs-Leeds.jpg
https://i2-prod.liverpool.com/incoming/article19936064.ece/ALTERNATES/s270b/0_WhatsApp-Image-2021-02
https://i2-prod.liverpool.com/incoming/article19946983.ece/ALTERNATES/s220b/0_RobertsonCross1.jpg
https://www.liverpool.com/liverpool-fc-news/features/liverpool-andy-robertson-valuable-quality-19946
https://www.hulu.com/ca-privacy-rights
https://www.liverpool.com/liverpool-fc-news/features/liverpool-jurgen-klopp-pressing-tactics-1993836
https://dev.ditu.live.com/mapcontrol/logging.ashx

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL_document11022020680908911.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
data
#
Click to see the 29 hidden entries
C:\Windows\Microsoft.NET\Framework\zjIuYLHx\svchost.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\Microsoft.NET\Framework\zjIuYLHx\svchost.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x39ee6f85, page size 16384, DirtyShutdown, Windows version 10.0
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58596 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Users\user\AppData\Local\??????????????????_Inc\DHL_document1102202068090_Url_gs1bizmdyzt0sie1s5ccihjs02mocitg\1.435.261.664\blkrfgqc.newcfg
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\??????????????????_Inc\dhcpmon.exe_Url_51mf4zlqimpycewjb4ac5u5zedoi4jyw\1.435.261.664\p2sezwes.newcfg
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\??????????????????_Inc\svchost.exe_Url_te4mlpoqf2bcwq3h5bsdnyytvfurus1x\1.435.261.664\w1ari1ci.newcfg
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1zsk1rf2.cst.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ef1wbei2.1jt.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkp2kheu.lcy.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jkjtufbf.qos.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r5fxcbmx.t00.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztyu0d2h.lpx.psm1
very short file (no magic)
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
data
#
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
data
#
C:\Users\user\Documents\20210407\PowerShell_transcript.138727.MUoHEg_8.20210407084145.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210407\PowerShell_transcript.138727.NgzKxtXm.20210407084147.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\Documents\20210407\PowerShell_transcript.138727.veQ4ZxRr.20210407084148.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
data
#