flash

XQehPgTn35.exe

Status: finished
Submission Time: 11.06.2021 05:37:10
Malicious
Spreader
Trojan
Adware
Evader
Njrat

Comments

Tags

  • exe
  • njrat
  • RAT

Details

  • Analysis ID:
    433012
  • API (Web) ID:
    800616
  • Analysis Started:
    11.06.2021 05:37:10
  • Analysis Finished:
    11.06.2021 05:49:06
  • MD5:
    595c00bf9ca4baa42b4490f2782cf2d3
  • SHA1:
    d1441cc336655f36efc3db070f84701a1f68e51a
  • SHA256:
    6884ac9f82a44a7702c4807deec1640b66eb71f6c750dd0ca1d5d78632e626b5
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
31/70

malicious
15/35

malicious
29/47

malicious

IPs

IP Country Detection
3.129.187.220
United States
3.138.180.119
United States
3.136.65.236
United States

Domains

Name IP Detection
4.tcp.ngrok.io
3.138.180.119

URLs

Name Detection
[i]
http://www.enigmaprotector.com/
http://www.enigmaprotector.com/openU

Dropped files

Name File Type Hashes Detection
C:\Program Files (x86)\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\SublimeText.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Umbrella.flv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 19 hidden entries
C:\Users\user\AppData\Local\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\XQehPgTn35.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\History\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\714bcaf02dc680243f761ccdcdc54f71Windows Updater.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Documents\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\server.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\autorun.inf
Microsoft Windows Autorun file, ASCII text, with CRLF line terminators
#
C:\system 32.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Google.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Microsoft Corporation.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\app
UTF-8 Unicode (with BOM) text, with no line terminators
#
C:\Users\user\Desktop\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Favorites\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\SysWOW64\Google.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#