v1AUucMV8u.exe

Status: finished

Submission Time: 2020-09-11 10:27:03 +02:00

Malicious

Ransomware

Adware

Evader

Crysis Wadhrama

Comments

Details

Analysis ID:
284393
API (Web) ID:
463965
Analysis Started:

2020-09-11 10:45:48 +02:00
Analysis Finished:

2020-09-11 10:56:08 +02:00
MD5:
16fe3cf71768a3646d4d3bb8f2f6111f
SHA1:
48eff768bf72cfb10dd5398bf5b59bab73d01446
SHA256:
4d8ffa30554984f32eabbcb7a99699dd833ea85a8483db8753cc40bde7cee923
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 56/67

Open Full Report

malicious

Score: 31/38

malicious

Score: 47/48

malicious

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncShell.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogUploader.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LoggingPlatform.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncFALWB.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncFAL.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncApi.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSync.LocalizedResources.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileCoAuthLib.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileCoAuth.exe.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\IRMProtectors\microsoft.office.irm.pdfprotector.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\IRMProtectors\Microsoft.Office.Irm.OfcProtector.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\IRMProtectors\Microsoft.Office.Irm.MsoProtector.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\v1AUucMV8u.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ETWlog.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\AutoPlayOptIn.gif.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncViews.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSync.Resources.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncSessions.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncHelper.exe.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncClient.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\KFMHeroToast.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ErrorPage.html.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\Error.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ElevatedAppWhite.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\ElevatedAppBlue.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\CollectSyncLogs.bat.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.scale-400.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.scale-200.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.scale-150.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.scale-125.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.scale-100.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-white_scale-150.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FloodgateClientLibraryDllWin32Client.dll.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-black_scale-200.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-black_scale-150.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-black_scale-125.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\LoadingPage.html.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\KFMScanExclusionToast.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\KFMLockedFileToast.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\AppErrorWhite.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\IconCache.db.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.id-96AA5249.[decrypt@fasthelpassia.com].harma	MPEG-4 LOAS	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\3D Objects\desktop.ini.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\04_Music_played_in_the_last_month.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\AppWhite.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\AppErrorBlue.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	COM executable for DOS	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\AppBlue.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\12_All_Video.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\11_All_Pictures.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\10_All_Music.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\09_Music_played_the_most.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\08_Video_rated_at_4_or_5_stars.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\07_TV_recorded_in_the_last_week.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\06_Pictures_rated_4_or_5_stars.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\05_Pictures_taken_in_the_last_month.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\AutoPlayOptIn.png.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\03_Music_rated_at_4_or_5_stars.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\02_Music_added_in_the_last_month.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00007464\01_Music_auto_rated_at_5_stars.wpl.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{7B1657B8-990A-11E9-90DB-ECF4BB570DC9}.dat.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{71FBE94F-990A-11E9-90DB-ECF4BB570DC9}.dat.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.id-96AA5249.[decrypt@fasthelpassia.com].harma	data	#

v1AUucMV8u.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Dropped files

v1AUucMV8u.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

Dropped files

Search started

v1AUucMV8u.exe