flash

8XMlaeHQXZ.exe

Status: finished
Submission Time: 25.11.2021 18:35:35
Malicious

Comments

Tags

  • exe
  • RedLineStealer

Details

  • Analysis ID:
    528756
  • API (Web) ID:
    896282
  • Analysis Started:
    25.11.2021 18:35:37
  • Analysis Finished:
    25.11.2021 18:47:42
  • MD5:
    5643bf734d793e845166a228f3df83b3
  • SHA1:
    4415ad682fd64baedf5c209bc0c2a3b619cf03e2
  • SHA256:
    db79e0c2243229f8ba6a52deede597287b93801aa182af42f278542f31fb3324
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
56/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Run with higher sleep bypass

malicious
48/100

malicious
14/66

URLs

Name Detection
http://upx.sf.net

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_8XMlaeHQXZ.exe_eef3a584e8e34ce43e333fc8ab4acb864824d3c_c1f65c8e_06d2b942\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA26E.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Nov 26 02:36:51 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4C1.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 3 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA752.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
#
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
#