=
flash

K9jgh4owKk.exe

Status: finished
Submission Time: 31.12.2021 09:51:11
Malicious
E-Banking Trojan
Trojan
Evader
Dridex

Comments

Tags

  • Dridex
  • exe

Details

  • Analysis ID:
    546752
  • API (Web) ID:
    914274
  • Analysis Started:
    31.12.2021 09:51:13
  • Analysis Finished:
    31.12.2021 09:58:32
  • MD5:
    a5eb3426e582795b6393a328cd27bf94
  • SHA1:
    a2494b972f175cadc7e3b43d67af4c7f7efebb19
  • SHA256:
    67dd305f6e4cdfaa395ca06f30d971b8a0d4bf3926bfb140b258f0704b31f92b
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
41/68

malicious
9/35

malicious
26/43

malicious

IPs

IP Country Detection
46.101.175.170
Netherlands
103.70.29.126
Viet Nam
103.9.36.172
Indonesia

Domains

Name IP Detection
windowsupdate.s.llnwi.net
178.79.225.128

URLs

Name Detection
https://103.9.36.172/
https://46.101.175.170:10172/y
https://103.9.36.172/v$
Click to see the 51 hidden entries
https://46.101.175.170:10172/w
https://103.9.36.172/H4
https://46.101.175.170:10172/J2
https://46.101.175.170:10172/t
https://103.70.29.126:593/aphy
https://103.9.36.172/101.175.170:10172/L
https://103.70.29.126:593/ll
https://46.101.175.170:10172/_3
https://103.9.36.172/101.175.170:10172/ication
https://46.101.175.170:10172/l
https://103.9.36.172/101.175.170:10172/W
https://103.70.29.126/
https://46.101.175.170/d$
https://103.9.36.172//d$
https://103.70.29.126:593/
https://103.70.29.126:593/Q
https://463.9.36.172/
https://103.70.29.126:593/R
https://103.9.36.172/vider
https://46.101.175.170/
https://46.101.175.170:10172/
https://46.101.175.170:10172/S2
https://103.9.36.172/D4
https://46.101.175.170:10172/7
https://103.9.36.172/x$
https://103.9.36.172/101.175.170:10172/Sign
https://46.101.175.170:10172/Sign
https://46.101.175.170:10172/m3
https://103.9.36.172/rsaenh.dllx
https://46.101.175.170:10172/ication
https://46.101.175.170:10172/a2
https://46.101.175.170:10172/H
https://46.101.175.170:10172/X2
https://103.70.29.126:593/lly
https://103.9.36.172/iversal
https://103.9.36.172/ryptprimitives.dll
https://46.101.175.170:10172/E2
https://46.101.175.170:10172/W
https://103.70.29.126:593//y
https://46.101.175.170/R$
https://103.9.36.172/oY
https://46.101.175.170:10172/T
https://103.9.36.172/RY
https://46.101.175.170:10172/Q
https://103.9.36.172/5Ze(
https://46.101.175.170:10172/L
https://103.9.36.172/t
https://46.101.175.170:10172/a
https://46.101.175.170:10172/r3
https://103.9.36.172/x
https://103.9.36.172/rsaenh.dll

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61414 bytes, 1 file
#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
#