=

We are hiring! Windows Kernel Developer (Remote), apply here!

RFQ-Order_Sheet#43254363-Sept-21_signed-copy.exe

Status: finished

Submission Time: 2021-09-07 18:15:43 +02:00

Malicious

Trojan

Spyware

Evader

Remcos

Comments

Tags

Details

Analysis ID:
479213
API (Web) ID:
846787
Analysis Started:

2021-09-07 18:15:44 +02:00
Analysis Finished:

2021-09-07 18:29:16 +02:00
MD5:
06534c059b111776b838f793c6444622
SHA1:
7ebda7124a60de107a00960d9fe0563fd3cd2760
SHA256:
933a4d2abfdf0f91550a102808d00adace6eb9df89ea9e254e2df7601b02dd8f
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports
				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100

IPs

IP	Country	Detection
204.44.86.179	United States
162.159.135.233	United States

Domains

Name	IP	Detection
cdn.discordapp.com	162.159.135.233

URLs

Name	Detection
204.44.86.179

Dropped files

Name	File Type	Hashes	Detection
C:\Users\Public\Libraries\Cshgvzx\Cshgvzx.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\Public\Libraries\xzvghsC.url	MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Cshgvzx\\Cshgvzx.exe">), ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Cshgvzxpdvyucjurgvmywubhtofxefb[1]	data	#
Click to see the 1 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Cshgvzxpdvyucjurgvmywubhtofxefb[2]	data	#