flash

WDnE51mua6.exe

Status: finished
Submission Time: 08.04.2021 10:31:33
Malicious
Trojan
Spyware
Evader

Comments

Tags

  • exe

Details

  • Analysis ID:
    383838
  • API (Web) ID:
    669775
  • Analysis Started:
    08.04.2021 10:35:58
  • Analysis Finished:
    08.04.2021 11:04:50
  • MD5:
    7e7012645cc3d6d3572bb01891fbcec1
  • SHA1:
    712fe21354098f3764f6e9cbe7b57dc67a65c478
  • SHA256:
    df116f3585f1fe4b00c351a2941f6b85565e1fcc6da5569c6f7c80ddd1b4e2a8
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
28/67

malicious
31/48

malicious

IPs

IP Country Detection
8.208.95.18
Singapore

Domains

Name IP Detection
banusdoret.top
8.208.95.18
zjZFqZYoOtpryMyR.zjZFqZYoOtpryMyR
0.0.0.0

URLs

Name Detection
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd491
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49r
https://banusdoret.top/upload/upload.php
Click to see the 23 hidden entries
https://banusdoret.top/kh=
https://banusdoret.top/8
https://banusdoret.top/hi0
https://banusdoret.top/upload/upload.phpmit
https://banusdoret.top/upload/upload.phpp/hi0
https://banusdoret.top/#hu
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49
https://banusdoret.top/5hc
https://banusdoret.top/ography
https://banusdoret.top/4624a8e10d6df3306e1dd46223b6b1968208dd49lcanoconiosispZ
https://banusdoret.top/
https://banusdoret.top/sFt
https://banusdoret.top/Dg
https://banusdoret.top/Vg
https://banusdoret.top/oi9
https://banusdoret.topctionSettings
http://cps.letsencrypt.org0
http://www.autoitscript.com/autoit3/X
https://www.autoitscript.com/autoit3/
http://cps.root
http://r3.i.lencr.org/0-
http://r3.o.lencr.org0
http://cps.root-x1.letsencrypt.org0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\zPgFqFUsML\juROhmfLml.exe.com
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\juROhmfLml.url
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Roaming\zPgFqFUsML\wAYZqHgYEOdcYU.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Gia.exe.com
Targa image data - Mono 65536 x 184 x 0 +65535 ""
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Roaming\zPgFqFUsML\wAYZqHgYEOdcYU.js
ASCII text, with no line terminators
#
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\4624a8e10d6df3306e1dd46223b6b1968208dd49
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_2
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_3
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_4
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_5
data
#
C:\Users\user\AppData\Local\Temp\cab_5036_6
data
#
C:\Users\user\AppData\Local\Temp\chr1073.tmp
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\AppData\Local\Temp\chr2302.tmp
data
#
C:\Users\user\AppData\Local\Temp\chrB32.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\chrCF8.tmp
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Che.vsd
data
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\D
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Lineamento.vsd
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Poi.vsd
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\QhXpJEISYfDvrPPKg\Veduto.vsd
data
#
C:\Users\user\AppData\Roaming\zPgFqFUsML\I
ASCII text, with very long lines, with CRLF, CR, LF line terminators
#
C:\Users\user\AppData\Roaming\zPgFqFUsML\Veduto.vsd
data
#