lock.exe

Status: finished

Submission Time: 2020-08-01 11:50:11 +02:00

Malicious

Ransomware

Evader

WastedLocker

Comments

Details

Analysis ID:
255515
API (Web) ID:
406568
Analysis Started:

2020-08-01 11:50:11 +02:00
Analysis Finished:

2020-08-01 11:58:19 +02:00
MD5:
d01fc079881dc0d33a88e4f8df1ae7ce
SHA1:
c40c8848808da12ef78c68de1e6477b862161a43
SHA256:
0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Dropped files

Name	File Type	Hashes
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml.tcwwasted_info	data	#
Click to see the 97 hidden entries
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\OFFICE\MySite.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\0__Power_Policy.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\1__Power_Policy.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\0__Power_Policy.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\0__Power_Policy.provxml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.diffbase.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\edb.log.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.tcwwasted_info	data	#
C:\ProgramData\Microsoft\MF\Pending.GRL.tcwwasted_info	data	#
C:\ProgramData\Microsoft\MF\Active.GRL.tcwwasted_info	data	#
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.tcwwasted_info	COM executable for DOS	#
C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\offlineblocklist.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\EventStore.db.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Crypto\SystemKeys\8161c532f4be2453f4e2b357fecb49ca_d06ed635-68f6-4e9a-955c-4899f5f57b9a.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.cert.json.bk.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\TELEMETRY.ASM-WINDOWSSQ.json.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml.tcwwasted_info	data	#
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico.tcwwasted_info	data	#

lock.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Dropped files

lock.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Dropped files

Search started

Yara Super Rule creation started

lock.exe