flash

mormanti.exe

Status: finished
Submission Time: 16.07.2021 17:05:21
Malicious
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    449959
  • API (Web) ID:
    817548
  • Analysis Started:
    16.07.2021 17:05:22
  • Analysis Finished:
    16.07.2021 17:12:57
  • MD5:
    6c94edfea6e5ee001b00122c9d01bd8a
  • SHA1:
    a8d0cc5088ee86c2be77afe157695d12e951f369
  • SHA256:
    0154d1d06e755bda091168038f25c1dde101e3b77c66f88b73c71be84ffdaf6e
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
53/71

malicious
23/28

malicious

IPs

IP Country Detection
149.62.173.247
Spain
191.182.6.118
Brazil
104.131.103.37
United States
Click to see the 77 hidden entries
204.225.249.100
Canada
94.176.234.118
Lithuania
70.32.84.74
United States
177.73.0.98
Brazil
12.162.84.2
United States
116.125.120.88
Korea Republic of
58.171.153.81
Australia
170.81.48.2
Brazil
219.92.13.25
Malaysia
202.62.39.111
Cambodia
209.236.123.42
United States
213.181.91.224
Spain
5.196.35.138
France
187.162.248.237
Mexico
189.2.177.210
Brazil
93.151.186.85
Italy
217.199.160.224
United Kingdom
114.109.179.60
Thailand
143.0.87.101
Brazil
186.103.141.250
Chile
77.90.136.129
Germany
181.129.96.162
Colombia
50.28.51.143
United States
68.183.190.199
United States
94.206.45.18
United Arab Emirates
190.17.195.202
Argentina
73.116.193.136
United States
82.76.111.249
Romania
189.194.58.119
Mexico
80.249.176.206
Russian Federation
145.236.8.174
Hungary
191.99.160.58
Ecuador
217.13.106.14
Hungary
147.91.184.91
Serbia
68.183.170.114
United States
81.198.69.61
Latvia
177.66.190.130
Brazil
177.72.13.80
Brazil
61.92.159.208
Hong Kong
178.79.163.131
United Kingdom
46.28.111.142
Czech Republic
77.55.211.77
Poland
190.163.31.26
Chile
137.74.106.111
France
172.104.169.32
United States
72.47.248.48
United States
181.120.79.227
Paraguay
89.32.150.160
Romania
104.131.41.185
United States
186.250.52.226
Brazil
87.106.46.107
Germany
177.144.135.2
Brazil
217.160.182.191
Germany
201.213.156.176
Argentina
83.169.21.32
Germany
70.32.115.157
United States
213.60.96.117
Spain
212.231.60.98
Spain
181.36.42.205
Dominican Republic
104.131.103.128
United States
190.190.148.27
Argentina
190.6.193.152
Honduras
51.255.165.160
France
212.71.237.140
United Kingdom
185.94.252.27
Germany
2.47.112.152
Italy
104.236.161.64
United States
192.241.143.52
United States
192.241.146.84
United States
45.161.242.102
Brazil
66.228.49.173
United States
190.147.137.153
Colombia
82.196.15.205
Netherlands
111.67.12.221
Australia
177.74.228.34
Brazil
91.219.169.180
Ukraine
185.94.252.12
Germany

URLs

Name Detection
http://68.183.170.114/nFzrf7w0/EO2pZ/MQ0xve/
https://fs.microsoft.c
https://dev.ditu.live.com/REST/v1/Routes/
Click to see the 49 hidden entries
https://dev.virtualearth.net/REST/v1/Routes/Driving
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://t0.tiles.ditu.live.com/tiles/gen
http://68.183.170.114:8080/nFzrf7w0/EO2pZ/MQ0xve/
http://schemas.xmlsoap.org/ws/
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
http://72.47.248.48:7080/VTzYrEpbArBozqZBhS/
http://66.228.49.173:8080/TyLIHl4nuj0XCeB/C12IKmccuoQw2U92z/s(KF
http://66.228.49.173/TyLIHl4nuj0XCeB/C12IKmccuoQw2U92z/
https://dev.ditu.live.com/mapcontrol/logging.ashx
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
http://149.62.173.247:8080/kH8ALNiaGV/5bEuMKuJNKlslD3n/rvXy2RpDwZlslOQBeY7/BCLTdgbwF6J8vsIGfDq/jZ9iV
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
http://68.183.170.114:8080/nFzrf7w0/EO2pZ/MQ0xve/c
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
http://66.228.49.173:8080/TyLIHl4nuj0XCeB/C12IKmccuoQw2U92z/
https://appexmapsappupdate.blob.core.windows.net
http://www.bingmapsportal.com
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
http://72.47.248.48:7080/VTzYrEpbArBozqZBhS/CL:
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
http://149.62.173.247/kH8ALNiaGV/5bEuMKuJNKlslD3n/rvXy2RpDwZlslOQBeY7/BCLTdgbwF6J8vsIGfDq/jZ9iV8xFle
https://dev.virtualearth.net/REST/v1/Routes/
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
https://%s.xboxlive.com
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/REST/v1/Locations
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/mapcontrol/logging.ashx
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.t
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
http://72.47.248.48:7080/VTzYrEpbArBozqZBhS/6O
http://68.183.170.114:8080/nFzrf7w0/EO2pZ/MQ0xve/:
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
http://58.171.153.81/j4XmHhlvX7h4pe/uu11HumRcyQn/3XzJ/ymPM07W/vKmfGodTznrrD/
https://activity.windows.com
https://dev.ditu.live.com/REST/v1/Locations
https://%s.dnet.xboxlive.com
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x0656ce7e, page size 16384, DirtyShutdown, Windows version 10.0
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
#
Click to see the 5 hidden entries
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
data
#
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
data
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
data
#