flash

RFQ-Order_Sheet#43254363-Sept-21_signed-copy.exe

Status: finished
Submission Time: 07.09.2021 18:15:43
Malicious
Trojan
Spyware
Evader
Remcos

Comments

Tags

Details

  • Analysis ID:
    479213
  • API (Web) ID:
    846787
  • Analysis Started:
    07.09.2021 18:15:44
  • Analysis Finished:
    07.09.2021 18:29:16
  • MD5:
    06534c059b111776b838f793c6444622
  • SHA1:
    7ebda7124a60de107a00960d9fe0563fd3cd2760
  • SHA256:
    933a4d2abfdf0f91550a102808d00adace6eb9df89ea9e254e2df7601b02dd8f
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

IPs

IP Country Detection
204.44.86.179
United States
162.159.135.233
United States

Domains

Name IP Detection
cdn.discordapp.com
162.159.135.233

URLs

Name Detection
204.44.86.179

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Libraries\Cshgvzx\Cshgvzx.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\Public\Libraries\xzvghsC.url
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Cshgvzx\\Cshgvzx.exe">), ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Cshgvzxpdvyucjurgvmywubhtofxefb[1]
data
#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Cshgvzxpdvyucjurgvmywubhtofxefb[2]
data
#