rUCETAnUF1.exe

Status: finished

Submission Time: 2020-07-20 20:30:31 +02:00

Malicious

Ransomware

Evader

Sodinokibi

Comments

Details

Analysis ID:
248359
API (Web) ID:
391968
Analysis Started:

2020-07-21 07:22:29 +02:00
Analysis Finished:

2020-07-21 07:29:18 +02:00
MD5:
d3808c0b73390ac85758fa35fa7f7f3a
SHA1:
c8bc0c32a7155e547773d1df419915e5bfffcf2f
SHA256:
34a813a1016a70161b66e00c628d9eddb97ecfa78e2272de2e7e86f8c981a9e9
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 54/72

malicious

Score: 43/48

malicious

URLs

Name	Detection
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/8CAA258DCE1AFC37
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
http://decryptor.cc/
Click to see the 2 hidden entries
http://decryptor.cc/8CAA258DCE1AFC37
https://torproject.org/

Dropped files

Name	File Type	Hashes
C:\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs	data	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp	PGP\011Secret Key -	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Comms\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Color\Profiles\wscRGB.icc	data	#
C:\Users\user\AppData\Local\Adobe\Color\Profiles\wsRGB.icc	data	#
C:\Users\user\AppData\Local\Adobe\Color\Profiles\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst	data	#
C:\Users\user\AppData\Local\Adobe\Color\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Comms\Unistore\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Adobe\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\InputPersonalization\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\GameDVR\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\Feeds\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D	data	#
C:\Users\user\AppData\Local\Microsoft\Credentials\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mmc.exe.log	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Microsoft\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\DBG\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp	data	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\20d6za-readme.txt	data	#
C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca	data	#
C:\Users\user\AppData\Local\Comms\Unistore\data\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Microsoft\20d6za-readme.txt	data	#
C:\Users\Default\Desktop\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Roaming\Microsoft\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Roaming\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Temp\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Microsoft\WindowsApps\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\settings.ini	data	#
C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\20d6za-readme.txt	data	#
C:\Users\Default\Documents\20d6za-readme.txt	data	#
C:\Users\Default\AppData\Local\20d6za-readme.txt	data	#
C:\Users\Default\AppData\20d6za-readme.txt	data	#
C:\Users\Default\20d6za-readme.txt	data	#
C:\Users\20d6za-readme.txt	data	#
C:\Recovery\20d6za-readme.txt	data	#
C:\Program Files\20d6za-readme.txt	data	#
C:\Program Files (x86)\20d6za-readme.txt	data	#
C:\$Recycle.Bin\S-1-5-21-58933367-3072710494-194312298-1003\20d6za-readme.txt	data	#
C:\$Recycle.Bin\S-1-5-21-58933367-3072710494-194312298-1002\20d6za-readme.txt	data	#
C:\$Recycle.Bin\S-1-5-21-58933367-3072710494-194312298-1001\20d6za-readme.txt	data	#
C:\$Recycle.Bin\S-1-5-18\20d6za-readme.txt	data	#
C:\Users\user\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Microsoft\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Adobe\Linguistics\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\Adobe\20d6za-readme.txt	data	#
C:\Users\user\AppData\LocalLow\20d6za-readme.txt	data	#
C:\Users\user\AppData\20d6za-readme.txt	data	#
C:\Users\user\3D Objects\20d6za-readme.txt	data	#
C:\$Recycle.Bin\20d6za-readme.txt	data	#
C:\Users\Default\Videos\20d6za-readme.txt	data	#
C:\Users\Default\Saved Games\20d6za-readme.txt	data	#
C:\Users\Default\Pictures\20d6za-readme.txt	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf	data	#
C:\Users\Default\NTUSER.DAT.LOG1	data	#
C:\Users\Default\Music\20d6za-readme.txt	data	#
C:\Users\Default\Links\20d6za-readme.txt	data	#
C:\Users\Default\Favorites\20d6za-readme.txt	data	#
C:\Users\Default\Downloads\20d6za-readme.txt	data	#

rUCETAnUF1.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

rUCETAnUF1.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

rUCETAnUF1.exe