gVz4ueFL8n.exe

Status: finished

Submission Time: 2020-11-22 02:44:09 +01:00

Malicious

Ransomware

Evader

Sodinokibi

Comments

Details

Analysis ID:
321427
API (Web) ID:
544659
Analysis Started:

2020-11-22 02:44:09 +01:00
Analysis Finished:

2020-11-22 02:49:19 +01:00
MD5:
0e285f30f30dedd812295d2408f4b84c
SHA1:
24e8a7a0b9fdf929e6cc4b52b0470bf4f7b6f244
SHA256:
d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 96	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 50/72

Open Full Report

malicious

Score: 18/37

malicious

Score: 35/48

malicious

URLs

Name	Detection
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/44BE4C1AA85AD2C1
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
http://decryptor.cc/
Click to see the 2 hidden entries
https://torproject.org/
http://decryptor.cc/44BE4C1AA85AD2C1

Dropped files

Name	File Type	Hashes
C:\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\QCFWYSKMHA\EEGWXUHVUG.pdf	data	#
C:\Users\user\Desktop\QNCYCDFIJJ.pdf	data	#
Click to see the 97 hidden entries
C:\Users\user\Desktop\QNCYCDFIJJ\QNCYCDFIJJ.docx	data	#
C:\Users\user\Desktop\QCFWYSKMHA\PIVFAGEAAV.xlsx	data	#
C:\Users\user\Desktop\QCOILOQIKC.mp3	data	#
C:\Users\user\Desktop\QCFWYSKMHA\GRXZDKKVDB.jpg	data	#
C:\Users\user\Desktop\QCFWYSKMHA\EIVQSAOTAQ.mp3	data	#
C:\Users\user\Desktop\QCFWYSKMHA\DUUDTUBZFW.png	data	#
C:\Users\user\Desktop\QCFWYSKMHA\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\QCFWYSKMHA.jpg	data	#
C:\Users\user\Desktop\QCFWYSKMHA.docx	data	#
C:\Users\user\Desktop\PWCCAWLGRE\SQSJKEBWDT.xlsx	data	#
C:\Users\user\Desktop\PWCCAWLGRE\QCOILOQIKC.mp3	data	#
C:\Users\user\Desktop\PWCCAWLGRE\PWCCAWLGRE.docx	SysEx File -	#
C:\Users\user\Desktop\PWCCAWLGRE\GRXZDKKVDB.pdf	data	#
C:\Users\user\Desktop\PWCCAWLGRE\GIGIYTFFYT.png	data	#
C:\Users\user\Desktop\PWCCAWLGRE\EOWRVPQCCS.jpg	data	#
C:\Users\user\Desktop\PWCCAWLGRE\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\PWCCAWLGRE.xlsx	data	#
C:\Users\user\Desktop\PWCCAWLGRE.png	data	#
C:\Users\user\Desktop\PWCCAWLGRE.docx	data	#
C:\Users\user\Desktop\PIVFAGEAAV\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\PIVFAGEAAV.xlsx	data	#
C:\Users\user\Desktop\PIVFAGEAAV.pdf	data	#
C:\Users\user\Desktop\PALRGUCVEH\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\NVWZAPQSQL.png	data	#
C:\Users\user\Desktop\SUAVTZKNFL.mp3	data	#
C:\Users\user\Documents\CZQKSDDMWR\3pp6h54-readme.txt	data	#
C:\Users\user\Documents\BNAGMGSPLO\3pp6h54-readme.txt	data	#
C:\Users\user\Documents\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\ZQIXMVQGAH.docx	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\SUAVTZKNFL.mp3	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\QNCYCDFIJJ.pdf	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\QCFWYSKMHA.jpg	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\PWCCAWLGRE.png	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\GAOBCVIQIJ.xlsx	data	#
C:\Users\user\Desktop\ZQIXMVQGAH\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\ZQIXMVQGAH.docx	data	#
C:\Users\user\Desktop\QCFWYSKMHA\QCFWYSKMHA.docx	data	#
C:\Users\user\Desktop\SQSJKEBWDT.xlsx	data	#
C:\Users\user\Desktop\SQSJKEBWDT.jpg	data	#
C:\Users\user\Desktop\QNCYCDFIJJ\SQSJKEBWDT.jpg	64-bit XCOFF executable or object module	#
C:\Users\user\Desktop\QNCYCDFIJJ\PWCCAWLGRE.xlsx	data	#
C:\Users\user\Desktop\QNCYCDFIJJ\PIVFAGEAAV.pdf	data	#
C:\Users\user\Desktop\QNCYCDFIJJ\NVWZAPQSQL.png	data	#
C:\Users\user\Desktop\QNCYCDFIJJ\GRXZDKKVDB.mp3	data	#
C:\Users\user\Desktop\QNCYCDFIJJ\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\QNCYCDFIJJ.docx	data	#
C:\Users\user\Desktop\QCOILOQIKC\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\LIJDSFKJZG\3pp6h54-readme.txt	data	#
C:\Users\Default\Favorites\3pp6h54-readme.txt	data	#
C:\Users\Public\Desktop\3pp6h54-readme.txt	data	#
C:\Users\Public\AccountPictures\3pp6h54-readme.txt	data	#
C:\Users\Public\3pp6h54-readme.txt	data	#
C:\Users\Default\Videos\3pp6h54-readme.txt	data	#
C:\Users\Default\Saved Games\3pp6h54-readme.txt	data	#
C:\Users\Default\Pictures\3pp6h54-readme.txt	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf	data	#
C:\Users\Default\NTUSER.DAT.LOG1	data	#
C:\Users\Default\Music\3pp6h54-readme.txt	data	#
C:\Users\Default\Links\3pp6h54-readme.txt	data	#
C:\Users\Public\Documents\3pp6h54-readme.txt	data	#
C:\Users\Default\Downloads\3pp6h54-readme.txt	data	#
C:\Users\Default\Documents\3pp6h54-readme.txt	data	#
C:\Users\Default\Desktop\3pp6h54-readme.txt	data	#
C:\Users\Default\3pp6h54-readme.txt	data	#
C:\Users\3pp6h54-readme.txt	data	#
C:\Recovery\3pp6h54-readme.txt	data	#
C:\Program Files\3pp6h54-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\3pp6h54-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\110\Shared\3pp6h54-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\110\3pp6h54-readme.txt	data	#
C:\Program Files (x86)\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\BNAGMGSPLO\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\GRXZDKKVDB.pdf	data	#
C:\Users\user\Desktop\GRXZDKKVDB.mp3	data	#
C:\Users\user\Desktop\GRXZDKKVDB.jpg	data	#
C:\Users\user\Desktop\GIGIYTFFYT.png	data	#
C:\Users\user\Desktop\GAOBCVIQIJ.xlsx	data	#
C:\Users\user\Desktop\EOWRVPQCCS\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\EOWRVPQCCS.jpg	data	#
C:\Users\user\Desktop\EIVQSAOTAQ.mp3	data	#
C:\Users\user\Desktop\EEGWXUHVUG.pdf	data	#
C:\Users\user\Desktop\DUUDTUBZFW.png	data	#
C:\Users\user\Desktop\CZQKSDDMWR\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\KLIZUSIQEN\3pp6h54-readme.txt	data	#
C:\Users\user\Desktop\3pp6h54-readme.txt	data	#
C:\Users\user\Contacts\3pp6h54-readme.txt	data	#
C:\Users\user\AppData\Local\Temp\539.bmp	PC bitmap, Windows 3.x format, 1280 x 1024 x 32	#
C:\Users\user\3pp6h54-readme.txt	data	#
C:\Users\user\3D Objects\3pp6h54-readme.txt	data	#
C:\Users\Public\Videos\3pp6h54-readme.txt	data	#
C:\Users\Public\Pictures\3pp6h54-readme.txt	data	#
C:\Users\Public\Music\3pp6h54-readme.txt	data	#
C:\Users\Public\Libraries\RecordedTV.library-ms	data	#
C:\Users\Public\Libraries\3pp6h54-readme.txt	data	#
C:\Users\Public\Downloads\3pp6h54-readme.txt	data	#

gVz4ueFL8n.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

gVz4ueFL8n.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

gVz4ueFL8n.exe