Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

kdsyitkxmS.exe

Status: finished
Submission Time: 2023-05-28 11:18:06 +02:00
Malicious
Trojan
Evader
Ransomware
Glupteba

Comments

Tags

  • 32
  • exe

Details

  • Analysis ID:
    877005
  • API (Web) ID:
    1243995
  • Original Filename:
    01fe6ba28d82175d35665b3eb6ed8cea.exe
  • Analysis Started:
    2023-05-28 11:18:06 +02:00
  • Analysis Finished:
    2023-05-28 11:52:08 +02:00
  • MD5:
    01fe6ba28d82175d35665b3eb6ed8cea
  • SHA1:
    45748a6d6474f470d44e848596e0e08bce674996
  • SHA256:
    626df082c2624d9530794881921094aa100fa0a805b1544112d5a07dbe12cbc2
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301

Third Party Analysis Engines

Open Full Report
malicious
Score: 22/69
malicious
Score: 12/37
malicious

URLs

Name Detection
http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onionS-1-5-21-3853321935-2125563209-
https://duniadekho.barhttp://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onion
http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onion
Click to see the 50 hidden entries
https://duniadekho.barhttps://duniadekho.barRegQueryValueExWhttps://duniadekho.barUUIDUUIDPGDSEPGDSE
http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls:
https://duniadekho.barhttp://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onionhttps://d
http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onionhttp://vcr4vuv4sf5233btfy7xboez
http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onionC:
https://duniadekho.bar
http://localhost:3433/https://duniadekho.baridna:
https://duniadekho.barhttp://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.onionCommonPro
https://duniadekho.barMicrosoft
https://duniadekho.barhttps://duniadekho.barRegQueryValueExWUUIDPGDSE64-bitc:
http://yandex.com/bots)Opera/9.51
http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
http://www.google.com/bot.html)Mozilla/5.0
https://github.com/Pester/Pester
http://https://_bad_pdb_file.pdb
http://archive.org/details/archive.org_bot)Mozilla/5.0
https://github.com/Snawoot/opera-proxy/releases/download/v1.2.2/opera-p
http://misc.yahoo.com.cn/help.html)QueryPerformanceFrequency
http://help.yahoo.com/help/us/ysearch/slurp)SonyEricssonK550i/R1JD
http://www.avantbrowser.com
http://www.google.com/feedfetcher.html)HKLM
https://cdn.discordapp.com/attachments/1087398815188910163/1087399133926674453/LZ.zipreflect.Value.I
http://crl.g
https://blockchain.infoindex
http://www.avantbrowser.com)MOT-V9mm/00.62
http://search.msn.com/msnbot.htm)pkcs7:
http://www.alexa.com/help/webmasters;
http://www.google.com/adsbot.html)Encountered
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://yandex.com/
http://search.msn.com/msnbot.htm)net/htt
http://invalidlog.txtlookup
http://gais.cs.ccu.edu.tw/robot.php)Gulper
http://devlog.gregarius.net/docs/ua)Links
http://www.google.
http://grub.org)Mozilla/5.0
https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsonsize
https://turnitin.com/robot/crawlerinfo.html)cannot
http://www.exabot.com/go/robot)Opera/9.80
http://www.archive.org/details/archive.org_bot)Opera/9.80
http://www.bloglines.com)Frame
http://www.googlebot.com/bot.html)Links
http://search.msn.com/msnbot.htm)net/http:
http://www.alltheweb.com/help/webmaster/crawler)Mozilla/5.0
https://go.microT
http://pesterbdd.com/images/Pester.png
http://www.apache.org/licenses/LICENSE-2.0.html
http://www.google.com/bot.html)crypto/ecdh:
http://www.spidersoft.com)Wg
http://search.msn.com/msnbot.htm)msnbot/1.1

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
 data
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p030yzvi.tqg.psm1
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zon3rn2d.2u2.ps1
 very short file (no magic)
 #
Click to see the 6 hidden entries
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
 data
 #
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
 data
 #
C:\Windows\Temp\__PSScriptPolicyTest_1depap5s.43l.psm1
 very short file (no magic)
 #
C:\Windows\Temp\__PSScriptPolicyTest_fil3vomk.kwi.ps1
 very short file (no magic)
 #
C:\Windows\Temp\__PSScriptPolicyTest_mfqj4tng.2eo.psm1
 very short file (no magic)
 #
C:\Windows\Temp\__PSScriptPolicyTest_uyxuby1g.134.ps1
 very short file (no magic)
 #