https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exe

Status: finished

Submission Time: 2020-04-09 18:40:56 +02:00

Malicious

Spreader

Evader

Comments

Details

Analysis ID:
221589
API (Web) ID:
339896
Analysis Started:

2020-04-09 18:59:07 +02:00
Analysis Finished:

2020-04-09 19:06:32 +02:00
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 56	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
52.216.137.156	United States
140.82.118.3	United States
140.82.118.4	United States
Click to see the 2 hidden entries
52.216.27.84	United States
185.199.108.153	Netherlands

Domains

Name	IP	Detection
s3-1-w.amazonaws.com	52.216.137.156
github.com	140.82.118.4
rufus.ie	185.199.108.153
Click to see the 1 hidden entries
github-production-release-asset-2e65be.s3.amazonaws.com	0.0.0.0

URLs

Name	Detection
https://rufus.ie/Rufus_win_x64.verer
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9_arm64.exe
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9_arm.exe
Click to see the 90 hidden entries
https://rufus.ie/files%s/%s-%s/%sGrub2%s
https://syslinux.org/
https://rufus.ie/Rufus_win_x64.verN
https://github.com/pbatard/rufus/blob/master/res/loc/ChangeLog.txt
https://github.com/pbatard/bled
https://rufus.ie//Rufus_win.ver.sig
https://www.freedos.org/
https://axialis.com/
https://goo.gl/QTobxX.;
https://www.codeguru.com/forum/showthread.php?p=1951973
http://ocsp.int-x3.letsencrypt.org0/
https://rufus.ie/Rufus_win_x64.ver:
https://rufus.ie//Rufus_win.ver.sig:
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9_arm64.exerelease_notes
https://github.com/pbatard/Fido/rels/do
https://rufus.ie/files
http://cps.letsencrypt.org0
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exe
https://www.gnu.org/software/wget
http://halamix2.pl
https://rufus.ie
https://github.com/pbatard/Fido
https://rufus.ie/Rufus_win_x64_10.verN
https://www.gnu.org/software/libcdio
https://goo.gl/QTobxX.
https://github.com/pbatard/Fido/releases/download/v1.11/Fido.ps1
https://7-zip.org/
http://freedos.sourceforge.net/freecom
https://www.7-zip.orgopen2.04rufus_filescore.imggrub%s-%s/%srbWill
http://fsf.org/
https://rufus.ie/Rufus_win_x64.verr
https://github.com/Chocobo1
https://github.com/chenall/grub4dos
https://rufus.ie/
https://github.com/pbatard/uefi-ntfs.
https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFS
https://rufus.ie/Rufus_win_x64.verZ
https://rufus.ie321Failed
https://github.com/pbatard/Fido/releases/download/v1.15/Fido.ps1.lzma
https://rufus.ie/Rufus_win_x64.verb
https://rufus.ie/Rufus_win_x64_10.0.ver
https://rufus.ie/Rufus_win_x64_10.ver
https://github-production-release-asset-2e65be.s3.amazonaws.com/2810292/b644d480-5aeb-11ea-8aab-afb6
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9_arm.exedownload_url_arm64
https://www.busybox.net/
https://rufus.ie//Rufus_win.ver.sigufus_win_x64.ver
https://www.gnu.org/licenses/gpl-3.0.htmlD
https://sourceforge.net/projects/smartmontools
https://rufus.ie/Fido.verz1https://github.com/pbatard/FidoWARNING:
https://rufus.ie).
https://rufus.ie/r
https://svn.reactos.org/reactos/trunk/reactos/dll/win32/fmifs
https://winscp.net/
https://kolibrios.org/
https://tortoisegit.org/
https://processhacker.sourceforge.io/
https://github.com/weidai11/cryptopp/
https://rufus.ie//Rufus_win.ver.sigv
https://svn.reactos.org/reactos/trunk
https://rufus.ie/Rufus_win_x64_10.0.verp
https://www.gnu.org/software/grub
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exedownload_url_arm
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeA
https://www.gnu.org/software/fdisk
https://github.com/pbatard/Fido/rel
https://github-production-release-asset-2e65be.s3.amazonaws.com/165325376/d3f30580-0e3b-11ea-964f-4c
https://tortoisesvn.net/
http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm
https://github.com/pbatard/rufus/wiki/FAQ#BSODs_with_Windows_To_Go_drives_created_from_Windows_10_18
https://rufus.ie/CheckForBetashttps://rufus.ieUsing
https://rufus.ie//Rufus_win.ver.sig4
http://cps.root-x1.letsencrypt.org0
https://www.7-zip.org
https://rufus.ie/Rufus_win_x64.ver
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeV
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeW
https://rufus.ie/Rufus_win_x64.ver.
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exeQ
https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exe9/_
https://github.com/pbatard/rufus/wiki/FAQ#Why_do_I_need_to_disable_Secure_Boot_to_use_UEFINTFSSecure
https://www.reactos.org/
https://rufus.ie/Rufus_win.ver
https://rufus.ie/Fido.ver
http://cert.int-x3.letsencrypt.org/0
http://ms-sys.sourceforge.net/
https://www.gnupg.org/
https://github.com/pbatard/rufus/issues
https://rufus.ie//Rufus_win.ver.sigT
http://e2fsprogs.sourceforge.net/
https://rufus.ie/Rufus_win_x64.ver.ver

Dropped files

Name	File Type	Hashes
C:\Users\user\Desktop\download\rufus-3.9.exe	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed	#
C:\Users\user\Desktop\download\rufus.com	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Windows\System32\GroupPolicy\gpt.ini	ASCII text, with CRLF line terminators	#
Click to see the 8 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Fido[1].ver	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Rufus_win.ver[1].sig	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Rufus_win[1].ver	ASCII text	#
C:\Users\user\AppData\Local\Temp\RufC7AD.tmp	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\Desktop\cmdline.out	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\Desktop\download\.wget-hsts	ASCII text, with CRLF line terminators	#
C:\Windows\SysWOW64\GroupPolicy\gpt.ini	ASCII text, with CRLF line terminators	#
C:\Windows\System32\GroupPolicy\Machine\Registry.pol	data	#

https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

https://github.com/pbatard/rufus/releases/download/v3.9/rufus-3.9.exe