flash

duLT5gkRjy.exe

Status: finished
Submission Time: 25.11.2021 18:22:21
Malicious
Trojan
Socelars

Comments

Tags

  • exe
  • Socelars

Details

  • Analysis ID:
    528744
  • API (Web) ID:
    896271
  • Analysis Started:
    25.11.2021 18:22:22
  • Analysis Finished:
    25.11.2021 18:38:47
  • MD5:
    d42456f7afc812628a9ff67d8c9340eb
  • SHA1:
    30f49d0f3d46cc9ccf8733247a0709555ad2099f
  • SHA256:
    a5b981c10065983578a2bca4399f901bd5a4e87b4ebe2d05c1f9971fb9fb36ac
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
80/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

malicious
80/100

malicious
41/66

malicious
26/44

IPs

IP Country Detection
149.28.253.196
United States
5.9.162.45
Germany

Domains

Name IP Detection
www.listincode.com
149.28.253.196
iplogger.org
5.9.162.45

URLs

Name Detection
https://www.listincode.com/
http://ngdatas.pw/
http://ngdatas.pw/https://www.listincode.com/0.0.0.0%d.%d.%d.%dhttp-1ZIP
Click to see the 80 hidden entries
https://iplogger.org/1TCch7
https://iplogger.org/1G7Sc7
https://iplogger.org/1OhAG
https://iplogger.org/1b4887
https://iplogger.org/1pdxr7
https://iplogger.org/1rqRg7
https://iplogger.org/1aaVp7
http://www.ecgbg.com/Home/Index/getdata
https://iplogger.org/1H3Fa7
https://iplogger.org/1OZVH
https://iplogger.org/1UpU57
https://iplogger.org/1rd8N6
https://iplogger.org/1O2BH
https://iplogger.org/1Pdet7
http://www.channelinfo.pw/index.php/Home/Index/getExeidnameexe_urlexe_namerun_valuecountry_codeaband
https://iplogger.org/1x5bg7
https://iplogger.org/1XKq97
https://iplogger.org/1XSq97
https://iplogger.org/1746b7
https://iplogger.org/19iM77
https://iplogger.org/169Bx7
https://iplogger.org/1T89i7
https://iplogger.org/1rDMq785https://iplogger.org/1rd8N686https://iplogger.org/1spuy788https://iplog
https://iplogger.org/1s4qp7
https://iplogger.org/1uS4i7
https://iplogger.org/1uW6i7
https://iplogger.org/16ajh7
https://iplogger.org/14ePy7
https://iplogger.org/16xjh7
https://iplogger.org/1wnqn7
https://iplogger.org/1X8M97
https://www.amazon.com/
https://iplogger.org/1Ghzj7
https://iplogger.org/1rDMq7
http://upx.sf.net
https://iplogger.org/1lcZz
https://iplogger.org/1TW3i7
https://iplogger.org/1Z7qd7
https://iplogger.org/1q6Jt7
https://iplogger.org/1mxKf7
https://iplogger.org/1CUGu7
https://iplogger.org/1OXFG
https://iplogger.org/1bV787
https://prntscr.com/upload.php
https://sm.ms/api/v2/upload?inajax=1
https://www.google.com/search?q=admob&oq=admob
https://iplogger.org/14Jup7
https://iplogger.org/1SWks7
https://iplogger.org/1TXch7
https://iplogger.org/1Gczj7
https://iplogger.org/1Sxzs7
https://iplogger.org/1GiLz7
https://prntscr.com/upload.phphttps://prntscr.com/upload.php
https://iplogger.org/1GaLz7
https://iplogger.org/1Smzs7
https://www.aol.com
https://iplogger.org/1CDGu7
https://iplogger.org/1yXwr7
https://iplogger.org/1KyTy7
https://iplogger.org/14Qju7
https://iplogger.org/1Gjzj7
https://iplogger.org/1756b7
https://iplogger.org/1Gbzj7
https://iplogger.org/1TBch7
https://iplogger.org/1Cr3a7
https://iplogger.org/1spuy7
https://iplogger.org/1UKG97
http://www.channelinfo.pw/index.php/Home/Index/getExe
https://iplogger.org/1fHtp7
https://iplogger.org/1XJq97
https://iplogger.org/1BBCf7
https://iplogger.org/143up7
https://iplogger.org/1DE477
https://iplogger.org/1Tkij7
https://iplogger.org/1T79i7
https://www.google.com
http://www.ecgbg.com
https://iplogger.org/1s5qp7
https://iplogger.org/1Uts87
https://iplogger.org/1GWfv7

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_duLT5gkRjy.exe_1716a7dbaca25d22b8ce403b85cf2c886155787b_b69a8483_0f8f88d3\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7933.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Nov 26 02:23:28 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER80A6.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 3 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8328.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
#
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
#