flash

HSBC Payment Advice.exe

Status: finished
Submission Time: 25.11.2021 18:47:24
Malicious
Ransomware
Phishing
Trojan
Spyware
Exploiter
Evader
GuLoader AveMaria UACMe

Comments

Tags

  • exe
  • HSBC
  • signed

Details

  • Analysis ID:
    528768
  • API (Web) ID:
    896293
  • Analysis Started:
    25.11.2021 18:47:52
  • Analysis Finished:
    25.11.2021 18:57:18
  • MD5:
    a069e61b357f625a7b3595150412c42d
  • SHA1:
    5fa560d04b13db7e0216bda2ca5f1c3b94a8912e
  • SHA256:
    0fb47a47bc025991b3ed8895aa84030def6e5cc538a9cec279a73f4528d549c6
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
37/66

malicious
7/35

malicious
22/45

IPs

IP Country Detection
38.103.244.107
United States

Domains

Name IP Detection
barr2.ddns.net
194.5.97.4
spuredge.com
38.103.244.107

URLs

Name Detection
https://spuredge.com/warzone_JBBOxCEy72.bin
https://github.com/syohex/java-simple-mine-sweeperC:

Dropped files

Name File Type Hashes Detection
C:\ProgramData\images.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\images.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkoahsjv.1ht.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tubbusjo.0kz.psm1
very short file (no magic)
#
C:\Users\user\Documents\20211125\PowerShell_transcript.051829.7+5fXBbe.20211125185051.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#