We are hiring! Windows Kernel Developer (Remote), apply here!
flash

LgW71SpKzP.exe

Status: finished
Submission Time: 2020-09-11 10:27:14 +02:00
Malicious
Ransomware
Spreader
Adware
Evader
Crysis Wadhrama

Comments

Tags

  • Crysis
  • Ransomware

Details

  • Analysis ID:
    284400
  • API (Web) ID:
    463977
  • Analysis Started:
    2020-09-11 10:53:03 +02:00
  • Analysis Finished:
    2020-09-11 11:04:25 +02:00
  • MD5:
    a75cacc856827260166c52093a40f49b
  • SHA1:
    f357f2a0bbd1ac95d9f6c4c1396e4ab718441a99
  • SHA256:
    5837daaf4f7cf7280ec0a749e161015c1de39b35fa26710ce7bb22e352725ed4
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
63/69

malicious
31/37

malicious
46/48

malicious

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id-E1DA14A2.[btckeys@aol.com].2020
COM executable for DOS
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id-E1DA14A2.[btckeys@aol.com].2020
data
#
Click to see the 97 hidden entries
C:\ProgramData\Microsoft\Network\Downloader\edb.log.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\ARM\S\ARM.msi.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exe.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\ARM\S\1742\AdobeARM.msi.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\ARM\S\11357\AdobeARM.msi.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\OFFICE\MySite.ico.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\0__Power_EnergyEstimationuser.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\0__Power_EnergyEstimationuser.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\0__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
COM executable for DOS
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\1__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\0__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\0__Power_Policy.provxml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\MF\Pending.GRL.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\MF\Active.GRL.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Diagnosis\WindowsAnalytics\analyticsevents.dat.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\offlineblocklist.json.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.diffbase.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft\Crypto\SystemKeys\8161c532f4be2453f4e2b357fecb49ca_d06ed635-68f6-4e9a-955c-4899f5f57b9a.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\nslist.hxl.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn.id-E1DA14A2.[btckeys@aol.com].2020
data
#