flash

correction HAWB.exe

Status: finished
Submission Time: 14.10.2021 04:25:07
Malicious
Ransomware
Trojan
Evader
Spreader
Adware
Spyware
AgentTesla GuLoader

Comments

Tags

  • exe

Details

  • Analysis ID:
    502575
  • API (Web) ID:
    870147
  • Analysis Started:
    14.10.2021 04:25:07
  • Analysis Finished:
    14.10.2021 04:47:01
  • MD5:
    8a29580d47943a0f2c61ca552a63bc30
  • SHA1:
    e4cdec934b4bfc2e055216c03ac7056069100b05
  • SHA256:
    53c0cf2d25f350a579729af76c466b68b899586b620ffae8925fcb4d831dc2c8
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
76/100

System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

malicious
100/100

IPs

IP Country Detection
116.0.120.83
Malaysia
172.217.168.46
United States
142.250.185.193
United States

Domains

Name IP Detection
cselegance.com
116.0.120.83
mail.cselegance.com
0.0.0.0
drive.google.com
172.217.168.46
Click to see the 2 hidden entries
googlehosted.l.googleusercontent.com
142.250.185.193
doc-08-28-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://schemas.microso
http://AVyHehd5cM53ZVmf.org(6
http://127.0.0.1:HTTP/1.1
Click to see the 15 hidden entries
http://DynDns.comDynDNS
https://doc-08-28-docs.googleusercontent.com/
http://JgQKqy.com
https://drive.google.com/2wHG
https://doc-08-28-docs.googleusercontent.com/eU
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
http://mail.cselegance.com
https://doc-08-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/t4shmnlu
https://support.google.com/chrome/?p=plugin_flash
http://cselegance.com
https://doc-08-28-docs.googleusercontent.com/I
http://AVyHehd5cM53ZVmf.orgt-
https://drive.google.com/Bw
http://AVyHehd5cM53ZVmf.org
https://doc-08-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/t4shmnlujbaqahk4bi15tv00ii385av2/1634178900000/16524389560697724177/*/1-G0aaBcc_jufuDxKNgbgyGXCFadOz4oO?e=download

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\tKZVPq\tKZVPq.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tKZVPq.exe.log
ASCII text, with CRLF line terminators
#
Click to see the 1 hidden entries
\Device\ConDrv
ASCII text, with CRLF line terminators
#