kgVpfWk.exe

Status: finished

Submission Time: 2020-05-05 04:18:03 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
227470
API (Web) ID:
351419
Analysis Started:

2020-05-05 04:18:04 +02:00
Analysis Finished:

2020-05-05 04:31:52 +02:00
MD5:
458b8da554b473690c84663b5bf3bb65
SHA1:
5048f80e86d416742ad5bb0e86f56bf96ab2fe58
SHA256:
b38cd0e7b9885a7af5f7ffe18032920079ba1783a2b7cb46be0de65838cd3e41
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 19/72

IPs

IP	Country	Detection
91.211.245.161	Lithuania

Domains

Name	IP	Detection
respondcritique.xyz	91.211.245.161

URLs

Name	Detection
http://cert.int-x3.letsencrypt.org/0
http://cps.root-x1.letsencrypt.org0
https://respondcritique.xyz/index.htmy
Click to see the 23 hidden entries
http://www.reddit.com/
https://respondcritique.xyz/61
https://respondcritique.xyz/index.htme.xyz/index.htm
http://www.live.com/
http://www.wikipedia.com/
https://sectigo.com/CPS0C
https://respondcritique.xyz/index.htm
https://respondcritique.xyz/index.htm48
http://www.youtube.com/
https://respondcritique.xyz/
https://respondcritique.xyz/index.htmu
https://respondcritique.xyz/index.htmM
https://respondcritique.xyz/index.htmRoot
https://respondcritique.xyz
http://www.twitter.com/
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://www.amazon.com/
https://respondcritique.xyz/index.htmndary=7a943578fe29dd7c
http://ocsp.int-x3.letsencrypt.org0/
http://cps.letsencrypt.org0
http://ocsp.sectigo.com0
http://www.nytimes.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\info_48[2]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\http_404[2]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\httpErrorPagesScripts[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\errorPageStrings[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\down[2]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\bullet[2]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\background_gradient[2]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Temp\~DF4611FD7633651387.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF98BC99F9E17F7C22.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF8E5B38DD3DFC35C6.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF76AF59AD758874CF.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF72256FDAC7DFBFB0.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF6A5041CFEA7C6F61.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF69D80468CAA4286A.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF6220AD1C6863389E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF61D2739A5AD63B6C.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF60FBE264C7CFD7B1.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF58C17C84BB0EA938.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4CB0072A1B3740FC.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF49D59DC133495891.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Temp\~DF3CB851A0F3D0A84E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF39BE36E9C41D36F0.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF2C8FD70E78B41444.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF24BDD1618CA3333E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF08289B6D2E64BA7D.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF04E092338D0D2019.TMP	data	#
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C3A31140-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93BDD947-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83B1287D-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73BE7582-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{631FF5D0-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5300B56A-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43520A29-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{322BA11F-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{227607E3-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1214B1E2-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{01644EBA-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EFF07D8C-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DF47EDB2-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A3FA745C-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4D46A57-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3FA745A-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93BDD945-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83B1287B-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73BE7580-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{631FF5CE-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5300B568-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43520A27-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{322BA11D-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{227607E1-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1214B1E0-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\ErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\http_404[1]	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{01644EB8-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFF07D8E-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF47EDB4-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3A31144-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3A31142-8E76-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4D46A59-8E77-11EA-AAE6-9CC1A2A860C6}.dat	Microsoft Word Document	#

kgVpfWk.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

kgVpfWk.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

kgVpfWk.exe