top title background image
flash

CodQ8WdihD.exe

Status: finished
Submission Time: 2020-09-11 10:27:20 +02:00
Malicious
Ransomware
Spreader
Adware
Evader
Crysis Wadhrama

Comments

Tags

  • Crysis
  • Dharma
  • Ransomware

Details

  • Analysis ID:
    284406
  • API (Web) ID:
    463983
  • Analysis Started:
    2020-09-11 10:56:56 +02:00
  • Analysis Finished:
    2020-09-11 11:08:02 +02:00
  • MD5:
    c652fadd314392b61976fc226e6f6d38
  • SHA1:
    38856dcaa805178155f0314a7e0430c66cb094bb
  • SHA256:
    d4b6920e28ddba697f8e2e33f6479d16c9b92fefdc36894e3c594e3f71095e4d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 60/68
malicious
Score: 30/38
malicious
Score: 47/48
malicious

Dropped files

Name File Type Hashes Detection
C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.id-6885274D.[trizvani@aol.com].harma
data
#
Click to see the 97 hidden entries
C:\ProgramData\Microsoft\OFFICE\MySite.ico.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\edb.log.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\ARM\S\11357\AdobeARM.msi.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\ARM\S\11357\AdobeARMHelper.exe.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\ARM\S\1742\AdobeARM.msi.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\ARM\S\1742\AdobeARMHelper.exe.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\ARM\S\ARM.msi.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\0__Power_EnergyEstimationuser.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
COM executable for DOS
#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
hp300 (68020+68881) BSD
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\0__Power_EnergyEstimationuser.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\0__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
zlib compressed data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\1__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\0__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\0__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
little endian ispell 3.1 hash file, and 6472 string characters
#
C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.id-6885274D.[trizvani@aol.com].harma
data
#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Network\Downloader\edb.chk.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\MF\Pending.GRL.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\MF\Active.GRL.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Diagnosis\WindowsAnalytics\analyticsevents.dat.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\offlineblocklist.json.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.diffbase.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft\Crypto\SystemKeys\8161c532f4be2453f4e2b357fecb49ca_d06ed635-68f6-4e9a-955c-4899f5f57b9a.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\nslist.hxl.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#
C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn.id-6885274D.[trizvani@aol.com].harma
data
#