top title background image
flash

aTTbUbX63Q.exe

Status: finished
Submission Time: 2022-08-05 14:31:11 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
Djvu, Vidar

Comments

Tags

  • exe
  • Stop

Details

  • Analysis ID:
    679286
  • API (Web) ID:
    1046792
  • Analysis Started:
    2022-08-05 14:31:11 +02:00
  • Analysis Finished:
    2022-08-05 14:44:31 +02:00
  • MD5:
    b7ea7d444d1ed5677537a96796a496dc
  • SHA1:
    738054720787a8f80e3a4f1bd92f08b3084190aa
  • SHA256:
    0336cc8aff0e4974ede9e8901abeb10f836d50619cef1cb59aa41b447cea1ca5
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 29/71
malicious
Score: 13/35
malicious
Score: 21/26
malicious

IPs

IP Country Detection
211.40.39.251
Korea Republic of
196.200.111.5
Eritrea
49.12.9.140
Germany
Click to see the 2 hidden entries
162.0.217.254
Canada
149.154.167.99
United Kingdom

Domains

Name IP Detection
rgyui.top
211.40.39.251
acacaca.org
196.200.111.5
t.me
149.154.167.99
Click to see the 1 hidden entries
api.2ip.ua
162.0.217.254

URLs

Name Detection
http://acacaca.org/files/1/build3.exe
http://acacaca.org/files/1/build3.exe$run
http://rgyui.top/dl/build2.exe$run
Click to see the 37 hidden entries
http://acacaca.org/files/1/build3.exeX
http://acacaca.org/test2/get.php
http://acacaca.org/test2/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4&first=true
http://rgyui.top/dl/build2.exe
https://we.tl/t-QsoSRIeAK6
http://acacaca.org/files/1/build3.exe$runFf:&
https://we.tl/t-QsoSRIeA
http://rgyui.top/dl/build2.exebqX
http://acacaca.org/files/1/build3.exe:
https://mas.to/
https://duckduckgo.com/ac/?q=
https://t.me/pegasusfly1
https://api.2ip.ua/geo.jsonL
http://www.wikipedia.com/
http://www.live.com/
http://49.12.9.140:1080/517
http://49.12.9.140:1080
https://duckduckgo.com/chrome_newtab
http://www.reddit.com/
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://49.12.9.140:1080/
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://www.google.com/
http://www.youtube.com/
http://www.nytimes.com/
http://49.12.9.140:1080/6184098113.zip
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
https://api.2ip.ua/
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
https://ac.ecosia.org/autocomplete?q=
http://www.openssl.org/support/faq.html
https://t.me/pegasusfly1https://mas.to/
https://api.2ip.ua/geo.json
http://www.twitter.com/
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
http://www.amazon.com/
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst
PostScript document text
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db
data
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\build2[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\Resources.pri
data
#
C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_10_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_12_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_17_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\ECSConfig.json
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_38_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\get[1].htm
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_22_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3644736C-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_28_0.png
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_23_0.png
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log
data
#
C:\Users\user\AppData\Local\IconCache.db
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
data
#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
data
#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp
data
#
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst
PostScript document text
#
C:\SystemID\PersonalID.txt
ASCII text, with CRLF line terminators
#
C:\ProgramData\49278603839175653683571463
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\48237248951244843175973523
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\08605585310134121561576042
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\07300448190955752008461744
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\06419169774441268534573689
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png
data
#
C:\ProgramData\01952765546433309423440150
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png
data
#
C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log
Little-endian UTF-16 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log
Little-endian UTF-16 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
data
#