flash

correction HAWB.exe

Status: finished
Submission Time: 13.10.2021 12:34:56
Malicious
Ransomware
Trojan
Evader
Spreader
Adware
Spyware
GuLoader AgentTesla

Comments

Tags

  • exe
  • guloader

Details

  • Analysis ID:
    501939
  • API (Web) ID:
    869510
  • Analysis Started:
    13.10.2021 12:40:00
  • Analysis Finished:
    13.10.2021 13:03:21
  • MD5:
    a4ef1695bddce6530a28e0d72ae7f8c4
  • SHA1:
    3905f0749e1c55ad4d8fb2a1969cf3f74bc0aeb4
  • SHA256:
    64939ef2abe9b397b1f99bb4ba00c7e49be75f14013647c8e0605fb5fdb3b14b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
80/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

malicious
17/66

malicious
10/41

IPs

IP Country Detection
116.0.120.83
Malaysia
172.217.168.46
United States
142.250.185.97
United States

Domains

Name IP Detection
cselegance.com
116.0.120.83
mail.cselegance.com
0.0.0.0
windowsupdate.s.llnwi.net
178.79.242.0
Click to see the 3 hidden entries
drive.google.com
172.217.168.46
googlehosted.l.googleusercontent.com
142.250.185.97
doc-08-28-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://127.0.0.1:HTTP/1.1
http://DynDns.comDynDNS
https://xgdZXmEGQW.orgt-~l
Click to see the 13 hidden entries
http://JgQKqy.com
https://doc-08-28-docs.googleusercontent.com/doc
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
https://drive.google.com/
http://mail.cselegance.com
https://doc-08-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8h8uio1d
https://doc-08-28-docs.googleusercontent.com/2
https://xgdZXmEGQW.org(6
https://support.google.com/chrome/?p=plugin_flash
https://doc-08-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/8h8uio1dqpn5ahgfavoi7o8vnkc5qp90/1634122275000/16524389560697724177/*/1oI6QtIwrNnN8NQRw9EUdqGJEy6K_yCrB?e=download
http://cselegance.com
https://doc-08-28-docs.googleusercontent.com/d
https://xgdZXmEGQW.org

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tKZVPq.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
\Device\ConDrv
ASCII text, with CRLF line terminators
#