flash

cd.exe

Status: finished
Submission Time: 14.09.2021 16:01:11
Malicious
Spreader
Trojan
Evader
Ursnif

Comments

Tags

  • exe

Details

  • Analysis ID:
    483177
  • API (Web) ID:
    850746
  • Analysis Started:
    14.09.2021 16:01:46
  • Analysis Finished:
    14.09.2021 16:10:11
  • MD5:
    cd02e745a08dd29cb6fda1761b2f4b6e
  • SHA1:
    1a0dd3348bb0f856fff51f7e22364b0974fa1ad3
  • SHA256:
    a4ff2e7dd35e8f7362739c3a578563458548ed5ffb30abe5ec6bf6f2c0de8eb7
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
24/40

IPs

IP Country Detection
173.239.8.164
United States
173.192.101.24
United States
142.250.102.106
United States
Click to see the 2 hidden entries
142.250.203.110
United States
168.119.139.96
Germany

Domains

Name IP Detection
menehleibe.com
173.239.8.164
google.com
142.250.203.110
www.google.com
142.250.102.106
Click to see the 3 hidden entries
mybetterdl.com
173.192.101.24
gertrk.com
168.119.139.96
p226681.mybetterdl.com
173.192.101.24

URLs

Name Detection
http://menehleibe.com/images/bjM3gVEtKlUeWm2NnKw3/UycpbcugJuZhqNGVGh8/kwk4esZ_2F2xjDYD_2BSa_/2F328cjxY6AQM/kA5SneVc/JKL1AVTBXoV77D1JaKVgbri/d8lSYHOR5C/_2FOPoUzuMMso_2Bp/A_2Ffbx4wppa/aSm6IWIjM6R/Y44GbYY.avi
http://menehleibe.com/
https://rrchnm.org/
Click to see the 86 hidden entries
https://artsandculture.google.com/partner/museo-reina-sofia
http://schema.org/WebPage
https://www.elsevier.com/legal/elsevier-website-terms-and-conditions
https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guides
https://clients2.google.com/service/update2/crxupdate_urlBrowser
https://github.com/Juris-M/citeproc-js
http://www.sysinternals.comWindowPositionSOFTWARE
https://www.google.com
http://ww9.menehleibe.com/
https://consent.google.com/s?continue
https://mendeley.com/reference-management/web-importer/#id_1?dgcid=Mendeley_Desktop_Onboarding-Add-I
https://plasma.kde.org
https://ogs.google.com/widget/callout?prid=19025503
https://consent.google.com/d?continue
https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com/?gws_rd=ssl
https://www.virustotal.comPOST4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0capikey
https://donate.google.com/checkout?campaignid%3D6420545008435200
https://adservice.google.com/adsid/google/ui
https://trends.google.com/hottrends
https://www.sysinternals.comntdllRtlInitUnicodeStringNtOpenDirectoryObjectNtQuerySectionNtQueryDirec
https://www.google.com/url?q=https://www.google.com/chrome/download-chrome-for-search/%3Fbrand%3DOKW
https://apis.google.com
http://www.sysinternals.comopenFolder
https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.comRoot
https://www.mendeley.com/guides/desktop/04-read-highlight-annotate?dgcid=Mendeley_Desktop_Onboarding
http://www.reddit.com/
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.png
https://gertrk.com/nlp/index.php?url_bnm_redirect=http://google.com
https://service.elsevier.com/app/answers/detail/a_id/22094/kw/migrate/supporthub/mendeley/
https://www.google.com/?gws_rd%3Dssl
https://crashpad.chromium.org/
http://www.nytimes.com/
https://ims-na1-stg1.adobelogin.com
https://policies.google.com/terms?hl=en-GB&fg=1&utm_source=ucbs
https://mybetterdl.com/aS/feedclick?s=PmRMc57CnhYhj70e-I9ky5kfJerKhwxlfSMU3tyux_x5AGZrWUPSJmPzN2c9f2
https://www.google.com/?gws_rd=ssl
https://service.elsevier.com/app/answers/detail/a_id/19601/kw/connectivity/supporthub/mendeley/1setU
https://www.google.com/_/og/promos/
https://csl.mendeley.com
https://www.google.com/gen_204?ei=rKtAYY2rHY25kwWZrp3YAw&vet=10ahUKEwiNsaLc0P7yAhWN3KQKHRlXBzsQhJAHCBQ..s&gl=GB&pc=SEARCH_HOMEPAGE&isMobile=false
http://support.mendeley.com/customer/portal/articles/227955
https://gertrk.com/favicon.ico
https://www.elsevier.com/legal/privacy-policy
https://www.google.com/search?gws_rd%3Dssl%26q%3Dnebulae%26um%3D1%26ie%3DUTF-8%26tbm%3Disch%26csf%3D
http://agoogleaday.com/%23date%3D2011-06-04
http://creativecommons.org/licenses/by-sa/3.0/
https://service.elsevier.com/app/answers/detail/a_id/19611/kw/duplicates/supporthub/mendeley/Yes
https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png
http://p.yusukekamiyamane.com/
https://play.google.com/log?format=json&hasfast=true
https://service.elsevier.com/app/contact/supporthub/mendeley?dgcid=Mendeley_Desktop_Help-menu-Contac
https://www.mendeley.com/library
https://www.mendeley.com/guides?dgcid=Mendeley_Desktop_Help-menu-Help-guideshttps://www.mendeley.com
http://citationstyles.org/
https://www.google.com/?gws_rd=ssl_bnm_redirect=http://google.com
http://www.sysinternals.comopenConnection
http://www.youtube.com/
https://github.com/citation-style-language/styles
http://www.wikipedia.com/
http://www.live.com/
http://www.sysinternals.comFileVersionLegalCopyright
https://citationstyles.org
http://menehleibe.com/Root
http://www.google.com/
http://google.com/
https://www.zotero.org/
https://ims-prod06.adobelogin.com
https://policies.google.com/privacy?hl=en-GB&fg=1&utm_source=ucbs
https://ogs.google.com/widget/app/so?bc=1
https://www.mendeley.com?dgcid=Mendeley_Desktop_Help-menu-website
http://www.broofa.com
https://service.elsevier.com/app/home/supporthub/mendeley/?dgcid=Mendeley_Desktop_Help-menu-FAQ
https://accounts.google.com/ServiceLogin?hl
https://crashpad.chromium.org/bug/new
https://www.gmu.edu/
https://www.google.co.uk/intl/en/about/products
https://www.google.com/index.php?url_bnm_redirect=http://google.com/?gws_rd=ssl_bnm_redirect=http://
https://p226681.mybetterdl.com/adServe/domainClick?ai=qR193HoKV_skvRDJ1Xl7Z2EMSqLSlBmindZv5NojCHOwn03uCMUnWWP1f_rG7YbjKg1peh-_obzBIj3uZHPpnj9EVoFzCvr6nUsZVZhWVPP-29LJmEHdmZ7b6Qy9a1mHTiLNxNNj-331YCaynPT02WREUdU8hBvdAVtzW-BnG_JiVnQIGgxQDiU7ugF2M-yuSZspRWMKjI0oZaL4_NY6BA8B78vhYDGtjMUdyxHqWTbxnarhY6PRQCoyupr1mhPBjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57Pgpt-TBvcxCEwrLEAaOW_go6oM85zEqQcFJgSFbjHo8VjLddbnKrYw&ui=PmRMc57CnhbNSfHhL5kCGmvi5v6ZZrF7dLiTNq3P25qokS0sVeF3FkXI0PDyooqap4CS6zytrLbvtEDBZZLJWA-odODn3W3LTPqV0hvm1VqP--qZkGGf_8AXd3hExnhV&si=1&oref=a606ca39dc85b39bdaa2bf88832fa198&optunit=SZspRWMKjI3Y6yHw-JV9WQ&rb=mhdAWEBiphk&rr=1&abtg=0
http://www.sysinternals.com
https://www.google.com/log?format=json&hasfast=true
http://www.amazon.com/
https://www.mendeley.com/guides/using-citation-editor?dgcid=Mendeley_Desktop_Onboarding-Help-Cite
https://www.virustotal.com/about/terms-of-service%s
http://google.com
http://www.twitter.com/
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F14FAF2F-15AF-11EC-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F14FAF31-15AF-11EC-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 23 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\0V71R0V5.htm
HTML document, ASCII text, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\d4a6d4bd[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\rs=AA2YrTtiIgpyWC3dfQkzVoOu4jFUo5DWgw[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1G7O03DV.htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\favicon[1].ico
MS Windows icon resource - 1 icon, 39x34, 32 bits/pixel
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\googlelogo_color_84x28dp[1].png
PNG image data, 84 x 28, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\LM1X3BMT.htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\rs=AA2YrTt5urjnc1-as0vV15aU6T-f2ANE9g[1].css
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\desktop_searchbox_sprites318_hr[1].png
PNG image data, 40 x 124, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\googlelogo_color_272x92dp[1].png
PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\index[1].htm
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\~DF1C6E09CA4CF5EBDD.TMP
data
#
C:\Users\user\AppData\Local\Temp\~DFFAD0E470126C2D77.TMP
data
#