flash

FAKTURA I PARAGONY.exe

Status: finished
Submission Time: 12.10.2021 16:25:11
Malicious
Trojan
Evader
Ransomware
Spreader
Spyware
Exploiter
Miner
RemCom RemoteAdmin Mimikatz HawkEye Immi

Comments

Tags

  • exe

Details

  • Analysis ID:
    501176
  • API (Web) ID:
    868752
  • Analysis Started:
    12.10.2021 16:25:12
  • Analysis Finished:
    12.10.2021 16:55:04
  • MD5:
    0277ce10266c718b31d46a622acf1a43
  • SHA1:
    f9a05406e2407434e5359a8757d6f2bf0166b20e
  • SHA256:
    1113efa42a416df493d712368060e751482e644c13f6c115a507ff001a322724
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
76/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
30/67

malicious
12/45

malicious

IPs

IP Country Detection
188.93.227.195
Portugal
172.217.168.46
United States
142.250.185.161
United States

Domains

Name IP Detection
tccinfaes.com
188.93.227.195
mail.tccinfaes.com
0.0.0.0
x1.i.lencr.org
0.0.0.0
Click to see the 3 hidden entries
drive.google.com
172.217.168.46
googlehosted.l.googleusercontent.com
142.250.185.161
doc-00-88-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://110.42.4.180:
http://stmichaelolivewood.com/templates/landofchrist/css/msg.jpg
http://tempuri.org/
Click to see the 97 hidden entries
http://www.whitehouseknutsford.co.uk/invoice-status/please-pull-invoice-684594/
http://spywaresoftstop.com/load.php?adv=141
http://masgiO.info/cd/cd.php?id=%s&ver=g
https://blackstonesbarandgrill.net/wp-includes/js/service/jp/login.php
http://shdjhgftyhgjklolkjio.dns.navy/bcz/document.doc
http://costacars.es/ico/ortodox.php
http://kiranacorp.com/oja
http://www.bonusesfound.ml/update/index.php
http://www.cooctdlfast.com/download.php?
http://minetopsforums.ru/new_link3.php?site=
http://today-friday.cn/maran/sejvan/get.php
http://Yyl.mofish.cn/interface/SeedInstall.aspx
http://ati.vn
http://errors.statsmyapp.comxa
http://www.chambersign.org1
http://185.172.110.217/robx/remit.jpg
https://anonfiles.com/
https://sumnermail.org/sumnerscools/school.php
http://139.162.
http://rghost.net/download/
https://www.dropbox.com/
http://127.0.0.1:8000/web.html?url=yac.mx&rate=501&id=%s&key=%s&pm=1x
http://install.outbrowse.com/logTrack.php?x
http://usa-national.info/gpu/band/grumble.dot
http://w.robints.us/cnzz.htmlwidth=0height=0
http://akrilikkapak.blogspot.com/
https://jovial-pasteur.159-89-118-202.plesk.page/wp-content/uploads/index.php
http://canonicalizer.ucsuri.tcs/3
http://sesame96.orange.ero0101.com/set_inf.php?id=ero257.wmv&sid=
http://actresswallpaperbollywood.blogspot.com/
http://mexicorxonline.com/glad/imagenes.html?disc=abuse&code=7867213
http://lo0oading.blogspot.com/
http://www.youtube.com/watch?v=Vjp7vgj119s
https://sotheraho.com/wp-content/fonts/reportexcelnew.php
http://walden.co.jp/wp/divorce/divorce.php?id=zxjpyy5tb3jyaxnvb
http://eduardovolpi.com.br/flipbook/postal/services/parcel)
https://sweetsizing.com/vip/
http://tikotin.com
http://security-updater.com/binaries/
http://www.fbcom.review/d/9.doc
http://5starvideos.com/main/K5
http://aklick.info/d.php?date=
http://77.81.225.138/carnaval2017.zip
http://www.slotch.com/ist/softwares/v4.0/istdownload.exe
https://go.wikitextbooks.info
http://aartemis.com/?type=sc&ts=
https://tinyurl.com/up77pck
https://bemojo.com/ds/161120.gif
http://www.mvps.org/vb
http://avnpage.info/final3.php
http://esiglass.it/glassclass/glass.php
https://xmrig.com/wizard
http://www.activision.com/games/wolfenstein/purchase.html
https://rotf.lol/3u6d9443
https://kiwisanagustin.com/wp-admin/includes/opo.php%22%20method%3d%22post%22%20style%3d%22box-sizin
http://aerytyre.blogspot.com/
http://blogsemasacaparnab.blogspot.com/
https://raw.githubusercontent.com/
https://eeyhh567.s3.eu-west-3.amazonaws.com/image2.png
https://mort2021.s3-eu-west-1.amazonaws.com/image2.png
http://m.mworld.vn/MWorld30/data20.xm?a=getip&g=3&sex=Android
http://www.niepicowane.pl/
http://office-service-secs.com/blm.task
http://www.51jetso.com/
https://bit.ly/3kvdcmi
https://irecruiter.immentia.com/storage/framework/cache/data/0e/nC7vWe43YwJjj.php
http://js.f4321y.com/
http://www.searchmaid.com/
https://remote.bittorrent.com
http://wac.edgecastcdn.net/800952/5b595c13-aea5-4a6c-a099-d29c4678f6f2-api/gfbs
http://tbapi.search.ask.comxb
http://www.mva.by/tags/ariscanin1.e
http://javafx.com
http://sds.clrsch.com/x
http://boscumix.com/optima/index.php
http://playsong.mediasongplayer.com/
http://207.154.225.82/report.json?type=mail&u=$muser&c=
http://app.whenu.com/Offers
http://www.xiuzhe.com/ddvan.exe
http://66.148.74.7/zu2/zc.php
http://t.zer9g.com/
http://149.3.170.235/qw-fad/
http://maringareservas.com.br/queda/index.php
http://seunelson.com.br/js/content.xml
http://82.98.235.
http://verred.net/?1309921
https://pigeonious.com/img/
http://www.trotux.com/?z=
http://team.afcorp.afg/chr/crt-ho_30/newjflibrary
http://artishollywoodbikini.blogspot.com/
http://data1.yoou8.com/
https://jabaltoor.com/copy/img/blog/cat-post/r7gnor1h0.php
https://bit.ly/3kthd4j
http://handjobheats.com/xgi-bin/q.php
http://www.pcpurifier.com/buynow/?
http://avnisevinc.blogspot.com/
http://www.chatzum.com/statistics/?affid=$RPT_AFFID&cztbid=$RPT_UID&inst=$RTP_SETINST&sethp=$RTP_SET

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
data
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61157 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
data
#
Click to see the 11 hidden entries
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\1.1.18500.10_to_1.1.18600.4_mpengine.dll._p
data
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\1.349.0.0_to_1.351.0.0_mpasbase.vdm._p
data
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\1.349.0.0_to_1.351.0.0_mpavbase.vdm._p
data
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\MpSigStub.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\mpasbase.vdm
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\mpasdlta.vdm
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\mpavbase.vdm
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\5F092BAC-4701-4818-8EB0-1B8D5E2340F4\mpavdlta.vdm
PE32+ executable (DLL) (console) x86-64, for MS Windows
#
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpSigStub.log
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
\Device\ConDrv
ASCII text, with CRLF line terminators
#