Ze8ZhOer4V.exe

Status: finished

Submission Time: 2019-11-05 17:28:27 +01:00

Malicious

Ransomware

Spreader

Trojan

Evader

Comments

Details

Analysis ID:
187597
API (Web) ID:
273570
Analysis Started:

2019-11-05 17:28:27 +01:00
Analysis Finished:

2019-11-05 17:36:27 +01:00
MD5:
e19d2c46521767f3b836e9861eecea9c
SHA1:
c1ad6c3ab06fc527c048cd15c6fc701b5a74a900
SHA256:
bd327754f879ff15b48fc86c741c4f546b9bbae5c1a5ac4c095df05df696ec4f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 38/69

Domains

Name	IP	Detection
8.8.8.8.in-addr.arpa	0.0.0.0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Roaming\GALB8B:bin	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\OBUQVT~1:bin	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 31 hidden entries
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe:0	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Windows\Temp\lT7022.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\Q6E5B.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\XF6D03.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\Xx74DD.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\aYo7675.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\avP71BC.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\gln74DC.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\i02718C.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\jSq69B2.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\l77FD.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\No6682.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\pA7344.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\rjK6CD3.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\shk63EF.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\w6681.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\OU6B4A.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\O6858.tmp	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\7324F8C.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\MOn7343.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\LZ6859.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\IFX7023.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\D7674.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\CJ6E8B.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\ASW69E2.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\5y6B7A.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\3bp7957.tmp	diff output, ASCII text, with CRLF, CR line terminators	#
C:\Windows\Temp\37956.tmp	ASCII text, with CRLF line terminators	#
C:\Windows\Temp\1UG77FC.tmp	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\OBUQVT~1	empty	#
C:\Users\user\AppData\Roaming\GALB8B	empty	#

Ze8ZhOer4V.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

Dropped files

Ze8ZhOer4V.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Domains

Dropped files

Search started

Yara Super Rule creation started

Ze8ZhOer4V.exe