flash

SRMETALINDUSTRIES.exe

Status: finished
Submission Time: 15.09.2021 09:39:13
Malicious
Trojan
Evader
FormBook

Comments

Tags

  • exe
  • xloader

Details

  • Analysis ID:
    483595
  • API (Web) ID:
    851164
  • Analysis Started:
    15.09.2021 09:42:07
  • Analysis Finished:
    15.09.2021 09:55:14
  • MD5:
    51fb6f484b4bc554a7fddb7dc24c994e
  • SHA1:
    6548d2e4c988457deb2a3435220f3252367462f3
  • SHA256:
    4b9ec9143ae2471c8cf540f5e3815c4ca4bb5e073d5c45e6bd934cc0350e8546
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
9/44

IPs

IP Country Detection
185.215.4.13
Denmark
165.73.84.33
South Africa
185.134.245.113
Norway
Click to see the 2 hidden entries
44.227.65.245
United States
13.250.255.10
United States

Domains

Name IP Detection
www.nordicbatterybelt.net
185.134.245.113
www.integrity.directory
44.227.65.245
menramen.com
180.235.151.100
Click to see the 9 hidden entries
www.ifbrick.com
165.73.84.33
sashaignatenko.com
185.215.4.13
www.hisensor.world
0.0.0.0
www.menramen.com
0.0.0.0
www.advindustry.com
0.0.0.0
www.sashaignatenko.com
0.0.0.0
www.starworks.online
0.0.0.0
www.zmdhysm.com
154.64.44.142
ladi-dns-ssl-nlb-prod-4-5fac4e17b8b8295e.elb.ap-southeast-1.amazonaws.com
13.250.255.10

URLs

Name Detection
http://www.ifbrick.com/n58i/?fD=F+G31dedRh6HLTd+ecIv/qGaPc+OF0rVpdWlg5lJjBXzRtzoveZeEYo5TUAR7GVYQJUOwMAABw==&7nVT9d=P6AhC8Yh4LuLMhK0
http://www.nordicbatterybelt.net/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=M2+dNbjF68Ecx6/kG0IjEvERphPYwrhl5ASQUZVNwgXuLMQcMfVPa3ABQDdZS66N8pSyWuXUWw==
http://www.starworks.online/n58i/?fD=PUNHIxjtOSFwkEXuacN/093UMB3LWAmrPV2Rldw+lO4ozANnbCtjpuKVlOTMjGDvzMsTPi3I2g==&7nVT9d=P6AhC8Yh4LuLMhK0
Click to see the 9 hidden entries
www.nordicbatterybelt.net/n58i/
http://www.integrity.directory/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=unnhyE6s8wGaSGOfJAqqywl5AWsKat8KABC8TJyOz0JlXUzqDPtAwNp8gBEuIS9Csn5pfDFizQ==
http://www.sashaignatenko.com/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=IQPyE+VrRvak8LK8nAdRdA+GXS2RT8iR9v4gvsbeLz4LfgOhT+qf8KqQA9G0pMp8GxoQ9RLGrw==
http://www.autoitscript.com/autoit3/J
https://tilda.cc
https://www.domainnameshop.com/
https://www.domainnameshop.com/whois?currency=SEK&lang=sv
https://www.domeneshop.no/whois
https://www.domainnameshop.com/whois

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SRMETALINDUSTRIES.exe.log
ASCII text, with CRLF line terminators
#