=

We are hiring! Windows Kernel Developer (Remote), apply here!

DHL_29028263 documento de recibo de la compra,pdf.exe

Status: finished

Submission Time: 2022-05-14 15:09:31 +02:00

Malicious

Phishing

Trojan

Spyware

Exploiter

Evader

AveMaria, UACMe

Comments

Tags

Details

Analysis ID:
626596
API (Web) ID:
994103
Analysis Started:

2022-05-14 15:11:11 +02:00
Analysis Finished:

2022-05-14 15:24:19 +02:00
MD5:
87a264aa9aec9ce66f4b092363dd5adc
SHA1:
64a0954e622afb6d5e2a0256f179d14f112ec723
SHA256:
eab5b352e41de89be099054e396f61a942401ab1518186496bc11be1c857242f
Technologies:

Engines
IOCs

Full Report	Management Report	IOC Report	Engine	Info	Verdict	Score	Reports

				System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211		100/100
						23/69
						21/41

IPs

IP	Country	Detection
37.0.14.197	Netherlands

URLs

Name	Detection
37.0.14.197
https://github.com/syohex/java-simple-mine-sweeperC:
https://github.com/syohex/java-simple-mine-sweeper

Dropped files

Name	File Type	Hashes	Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL_29028263 documento de recibo de la compra,pdf.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\window defender\window defender.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\window defender\window defender.exe:Zone.Identifier	ASCII text, with CRLF line terminators	#