voVnFsOaJK.exe

Status: finished

Submission Time: 2019-11-08 23:53:53 +01:00

Malicious

Ransomware

Evader

Comments

Details

Analysis ID:
188699
API (Web) ID:
275706
Analysis Started:

2019-11-08 23:53:54 +01:00
Analysis Finished:

2019-11-09 00:10:22 +01:00
MD5:
3be19209202a20c63d7a4112a7aada44
SHA1:
9dd11405b8d8d563afbb6cc0f54cbb4bfe158382
SHA256:
7f341ff44cbf18c1d94819012937ba5f6afea2805bc423aa52115882e2c3c36c
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 18/60

malicious

IPs

IP	Country	Detection
124.158.10.241	Viet Nam

Domains

Name	IP	Detection
update.l2vn.com	124.158.10.241

URLs

Name	Detection
http://leit.is/leit.ico
http://www.ozu.es/favicon.ico
http://schema.org/NewsArticle
Click to see the 97 hidden entries
http://ipxe.org)
http://id-sayt.ff.search.yahoo.com/gossip-id-sayt?output=fxjson&command=
http://araby.com/favicon.icohttp://araby.com/?q=
http://cl.search.yahoo.com/favicon.ico
http://nate.search.empas.com/favicon.icohttp://nate.search.empas.com/search/all.html?q=
http://sources.redhat.com/pthreads-win32/contributors.html
http://www.walla.co.il/favicon.ico
http://update.l2vn.com/l2zaken/L2vnH5/debug.log.lz
http://www.in.gr/favicon.ico
http://www.rambler.ru/favicon.ico
http://ar.search.yahoo.com/favicon.ico
http://etherx.jabber.org/streams
http://update.l2vn.com/l2zaken/L2vnH5/AnimationCombo.dat.lz
http://update.l2vn.com/l2zaken/L2vnH5/BeastTimeEnv1.int.lz
http://es.search.yahoo.com/favicon.ico
ftp://http://hrefbaseheadhtml%.20s%ddefault%d%.20scopying
http://jabber.org/protocol/chatstates
http://hg.mozilla.org/mozilla-central/tools/codesighs
http://it.search.yahoo.com/favicon.ico
http://au.search.yahoo.com/favicon.ico
http://update.l2vn.com/l2zaken/L2vnH5/BeastTimeEnv5.int.lz
http://www.symauth.com/rpa00
http://ve.search.yahoo.com/favicon.ico
http://search.delfi.lt/img/favicon.png
http://googleappengine.googlecode.com/svn/trunk/python/LICENSE):
http://img.atlas.cz/favicon.icohttp://search.atlas.cz/?q=
http://ch.search.yahoo.com/favicon.icohttp://ch.search.yahoo.com/search?ei=
http://update.l2vn.com/l2zaken/L2vnH5/DecoNPCData_client.dat.lz
http://abcsok.no/favicon.icohttp://abcsok.no/index.html?q=
http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
http://szukaj.onet.pl/favicon.icohttp://szukaj.onet.pl/query.html?qt=
http://search1.rediff.com/favicon.icohttp://search1.rediff.com/dirsrch/default.asp?MT=
http://url.handled.by.slow.download/download-unknown-size
http://sourceforge.net/projects/flac/files/flac-src/flac-1.2.1-src/flac-1.2.1.tar.gz/download
http://guruji.com/favicon.ico
http://it.ask.com/favicon.icohttp://it.ask.com/web?q=
http://llvm.org
http://crbug.com/
http://kr.search.yahoo.com/favicon.icohttp://kr.search.yahoo.com/search?ei=
https://pypi.python.org/pypi/Markdown
http://schema.org/GovernmentOrganization
http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
http://schema.org/Corporation
http://update.l2vn.com/l2zaken/L2vnH5/ColorExName-eu.dat.lz
http://update.l2vn.com/l2zaken/L2vnH5/AlterSkillData.dat.lz
http://search.yahoo.co.jp/favicon.ico
http://harfbuzz.org
http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?query=
http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?query=
http://au.search.yahoo.com/favicon.icohttp://au.search.yahoo.com/search?ei=
http://www.adel.nursat.kz/apg/
http://www.chromium.org/blink
http://schema.org/Article
http://i.dir.bg/diri/images/favicon.ico
http://dev.chromium.org/developers/design-documents/view-net-internals
http://srtp.sourceforge.net/srtp.html
http://aue-sayt.ff.search.yahoo.com/gossip-nz-sayt?output=fxjson&command=
http://gossip.mx.yahoo.com/gossip-mx-sayt?output=fxjsonp&command=
http://git.videolan.org/?p=x264.git;a=blob;f=common/x86/x86inc.asm
http://ca.search.yahoo.com/favicon.ico
http://opendns.com/
http://sqlite.org/
http://pypi.python.org/pypi/mock
http://www.pogodak.ba/favicon.icohttp://www.pogodak.ba/search.jsp?q=
http://it.search.yahoo.com/favicon.icohttp://it.search.yahoo.com/search?ei=
http://malaysia.search.yahoo.com/favicon.icohttp://malaysia.search.yahoo.com/search?ei=
http://freedesktop.org/wiki/Software/vaapi
https://github.com/chromium/dom-distiller
https://github.com/simplejson/simplejson
https://github.com/liblouis/liblouis
http://se.altavista.com/favicon.ico
http://dev.chromium.org/
http://fi.search.yahoo.com/favicon.icohttp://fi.search.yahoo.com/search?ei=
http://verizon.net/http://opendns.com/http://comcast.com/Check
http://libpng.org/
http://www.eniro.se/favicon.icohttp://www.eniro.se/query?ax=spray&search_word=
http://www.ask.com/
http://fr.search.yahoo.com/favicon.ico
http://www.symauth.com/cps0(
http://schema.org/ImageObject
https://crashpad.googlecode.com/
http://transgaming.com/business/swiftshader
http://www.voidspace.org.uk/python/mock/
http://exslt.org/common
http://www.najdi.si/master/favicon.icohttp://www.najdi.si/search.jsp?q=
http://update.l2vn.com/l2zaken/L2vnH5/EnchantedWeaponFlowEffectData.dat.lz
http://update.l2vn.com/l2zaken/L2vnH5/AdditionalNpcGrpParts.dat.lz
http://update.l2vn.com/l2zaken/L2vnH5/aegisty.bin.lz
https://github.com/jrmuizel/qcms/tree/v4
http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
https://pypi.python.org/pypi/coverage
https://boringssl.googlesource.com/boringssl
http://search.yahoo.com/search?ei=
http://protobuf.googlecode.com/svn/trunk
http://www.maktoob.com/favicon.icohttp://www.maktoob.com/searchResult.php?q=
http://modp.com/release/base64
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Engine.u[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ItemStatData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Interface.xdat[1].lz	data	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\L2CefSubProcess.exe[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\L2GameDataName.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\AdditionalItemGrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\GamePlay.u[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Fire.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\files.lst[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\libcef.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\icudtl.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\l2.exe[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\libGLESv2.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ALAudio.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\AwesomiumProcess.exe[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DefOpenAL32.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\D3DX9_40.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Core.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\d3dcompiler_43.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Awesomium.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\cef_100_percent.pak[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ffmpegsumo.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\cef.pak[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\beecrypt.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\aegisty.bin[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bdcap32.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\D3DDrv.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\L2vnH5.exe[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\LineageEffect.u[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\L2CompiledShader.bin[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\L2CrashSender.exe[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\encvag.dll[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ItemName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\HuntingZone-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Chargrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\BeastTimeEnv2.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\l2.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\AlterSkillData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\faceexgrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\l2Second.log[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GameDataBase-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\AdditionalNpcGrpParts.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\ActionName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\ALAudio.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ime.xml[1].xml	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\LineageDeco.u[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\LargeFont.gly[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\L2PreCompiledShader.bin[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\L2.ini[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Hennagrp-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Hair.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ColorExgrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\FlashConfig.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ExceptionMinimapData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\EventAlarmList-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\EnterEventgrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\EnchantStatBonus.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\DualCastTypeData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\DecoNPCData_client.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\D3DDrv.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\CreditFont.gly[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Credit-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\LargeFont-eu.gly[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GoodsIcon.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\FullArmorEnchantEffectData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\FixedTimeEnv0.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\FactionName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\EventLookChange.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Engine.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\EnchantedWeaponFlowEffectData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\EULA-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\debug.log[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\CommandName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Cloak.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\CharCreategrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\CastleName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\BeastTimeEnv5.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\BeastTimeEnv1.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\AlchemyData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\AdditionalSoulshotEffect.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\AdditionalEffect.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ColorExName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bighead.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\InstantZoneData-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\AbnormalDefaultEffect.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Hairaccessorylocgrp.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\FlyMoveName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\EventContentsGoalName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Env.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DynamicContentsName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Core.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ensoul_fee_client.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\CheckGrp.log[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\BeastTimeEnv3.int[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\AnimationCombo.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\AdditionalJewelEquipEffect.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\AbnormalEdgeEffectData.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hairExName-eu.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ensoul_stone_client.dat[1].lz	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dsetup.u[1].lz	data	#

voVnFsOaJK.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

voVnFsOaJK.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

voVnFsOaJK.exe