top title background image
flash

2OmglUwx83.exe

Status: finished
Submission Time: 2022-08-05 11:21:08 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
Djvu, Vidar

Comments

Tags

  • exe
  • Stop

Details

  • Analysis ID:
    679173
  • API (Web) ID:
    1046679
  • Analysis Started:
    2022-08-05 11:21:10 +02:00
  • Analysis Finished:
    2022-08-05 11:35:29 +02:00
  • MD5:
    24b6effdd763befb6ff4a657e15c77bc
  • SHA1:
    dd09691ceccd54d7e68a9c6553a6b94452dc7c85
  • SHA256:
    d0202dee37da4da0375e0034e802e0351cf3185cc8cd6ad041ffca4c89d97797
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 39/71
malicious
Score: 13/35
malicious
Score: 21/26
malicious

IPs

IP Country Detection
151.251.24.5
Bulgaria
5.163.244.118
Saudi Arabia
49.12.9.140
Germany
Click to see the 2 hidden entries
162.0.217.254
Canada
149.154.167.99
United Kingdom

Domains

Name IP Detection
rgyui.top
151.251.24.5
acacaca.org
5.163.244.118
t.me
149.154.167.99
Click to see the 1 hidden entries
api.2ip.ua
162.0.217.254

URLs

Name Detection
http://acacaca.org/files/1/build3.exe
http://acacaca.org/files/1/build3.exed5
http://rgyui.top/dl/build2.exerunb4e97Bx
Click to see the 58 hidden entries
http://rgyui.top/dl/build2.exe$run
http://acacaca.org/test2/get.php
http://acacaca.org/test2/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200&first=true
http://rgyui.top/dl/build2.exe
http://rgyui.top/dl/build2.exe~
https://we.tl/t-QsoSRIeAK6
http://acacaca.org/files/1/build3.exe$run
http://acacaca.org/files/1/build3.exerun0d
https://we.tl/t-QsoSRIeA
http://49.12.9.140/r
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://49.12.9.140:1080/n
https://ac.ecosia.org/autocomplete?q=
https://t.me/pegasusfly1w
https://api.2ip.ua/geo.json
http://49.12.9.140:1080/a
http://49.12.9.140:1080/2277399138.zip
http://49.12.9.140/rontdesk
http://www.youtube.com/
http://49.12.9.140:1080/2277399138.zipm
https://api.2ip.ua/J
http://49.12.9.140/
http://www.wikipedia.com/
http://www.live.com/
https://t.me/&
http://49.12.9.140:1080
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
https://t.me/pegasusfly17&A
http://49.12.9.140:1080/
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://www.google.com/
http://49.12.9.140/ppData
https://duckduckgo.com/chrome_newtab
https://t.me/
https://duckduckgo.com/ac/?q=
https://web.telegram.org
http://49.12.9.140:1080/2277399138.zipF
http://49.12.9.140:1080/2277399138.zipJ
http://www.amazon.com/
http://49.12.9.140:1080/1Y
http://www.twitter.com/
https://t.me/pegasusfly11
http://49.12.9.140:1080/)
http://www.openssl.org/support/faq.html
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
https://mas.to/
https://t.me/pegasusfly1
https://api.2ip.ua/n
http://49.12.9.140:1080/nS
http://49.12.9.140:1080/C
http://49.12.9.140:1080/517
http://www.reddit.com/
http://www.nytimes.com/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://49.12.9.140:1080;Dx66
https://api.2ip.ua/geo.jsonrO
https://t.me/pegasusfly1https://mas.to/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
data
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
data
#
C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst
PostScript document text
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
data
#
C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\Resources.pri
data
#
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
data
#
C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_29_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\ECSConfig.json
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{278F5142-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
data
#
C:\Users\user\AppData\Local\IconCache.db
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
data
#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp
data
#
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst
PostScript document text
#
C:\SystemID\PersonalID.txt
ASCII text, with CRLF line terminators
#
C:\ProgramData\87748271858601039393839930
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\74995908947202801370833703
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\71094135503925161979660642
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\57030713821379500194956248
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\26935466222163289633987941
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
data
#
C:\ProgramData\05322493605623596985969059
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log
Little-endian UTF-16 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log
Little-endian UTF-16 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
data
#