Sample_5fba9b06c7da400016eb6275.exe

Status: finished

Submission Time: 2020-12-03 10:01:11 +01:00

Malicious

Ransomware

Evader

Sodinokibi

Comments

Details

Analysis ID:
326335
API (Web) ID:
554477
Analysis Started:

2020-12-03 10:02:31 +01:00
Analysis Finished:

2020-12-03 10:08:46 +01:00
MD5:
0e285f30f30dedd812295d2408f4b84c
SHA1:
24e8a7a0b9fdf929e6cc4b52b0470bf4f7b6f244
SHA256:
d91f951bdcf35012ac6b47c28cf32ec143e4269243d8c229f6cb326fd343df95
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 62/69

Open Full Report

malicious

Score: 18/37

malicious

Score: 25/29

malicious

URLs

Name	Detection
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/A7014F8C2779026F
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/
http://decryptor.cc/
Click to see the 2 hidden entries
http://decryptor.cc/A7014F8C2779026F
https://torproject.org/

Dropped files

Name	File Type	Hashes
C:\Users\user\Desktop\PWCCAWLGRE.jpg	data	#
C:\Users\user\Desktop\UOOJJOZIRH.xlsx	data	#
C:\Users\user\Desktop\ZTGJILHXQB\QCFWYSKMHA.png	data	#
Click to see the 97 hidden entries
C:\Users\user\Desktop\WKXEWIOTXI\NEBFQQYWPS.png	data	#
C:\Users\user\Desktop\WKXEWIOTXI\SFPUSAFIOL.jpg	data	#
C:\Users\user\Desktop\WKXEWIOTXI.pdf	data	#
C:\Users\user\Desktop\WKXEWIOTXI.docx	data	#
C:\Users\user\Desktop\VAMYDFPUND\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\VAMYDFPUND\ZQIXMVQGAH.pdf	data	#
C:\Users\user\Desktop\VAMYDFPUND\VAMYDFPUND.docx	data	#
C:\Users\user\Desktop\VAMYDFPUND\SQSJKEBWDT.png	data	#
C:\Users\user\Desktop\VAMYDFPUND\SFPUSAFIOL.xlsx	data	#
C:\Users\user\Desktop\VAMYDFPUND\PWCCAWLGRE.jpg	data	#
C:\Users\user\Desktop\VAMYDFPUND\GRXZDKKVDB.mp3	data	#
C:\Users\user\Desktop\VAMYDFPUND.xlsx	data	#
C:\Users\user\Desktop\VAMYDFPUND.png	data	#
C:\Users\user\Desktop\VAMYDFPUND.docx	data	#
C:\Users\user\Desktop\UOOJJOZIRH\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\UOOJJOZIRH.pdf	data	#
C:\Users\user\Desktop\SQSJKEBWDT.png	data	#
C:\Users\user\Desktop\SQRKHNBNYN.mp3	data	#
C:\Users\user\Desktop\SFPUSAFIOL.xlsx	data	#
C:\Users\user\Desktop\SFPUSAFIOL.jpg	data	#
C:\Users\user\Desktop\QNCYCDFIJJ\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\QCFWYSKMHA.png	data	#
C:\Users\user\Desktop\PWCCAWLGRE\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\ZTGJILHXQB\PIVFAGEAAV.mp3	data	#
C:\Users\user\Documents\FENIVHOIKN\FENIVHOIKN.docx	data	#
C:\Users\user\Documents\FENIVHOIKN\CURQNKVOIX.xlsx	data	#
C:\Users\user\Documents\FENIVHOIKN.docx	data	#
C:\Users\user\Documents\EOWRVPQCCS\su84mu33c1-readme.txt	data	#
C:\Users\user\Documents\EEGWXUHVUG\su84mu33c1-readme.txt	data	#
C:\Users\user\Documents\CURQNKVOIX.xlsx	data	#
C:\Users\user\Desktop\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\ZTGJILHXQB\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\ZTGJILHXQB\ZTGJILHXQB.docx	data	#
C:\Users\user\Desktop\ZTGJILHXQB\ZQIXMVQGAH.jpg	data	#
C:\Users\user\Desktop\ZTGJILHXQB\UOOJJOZIRH.xlsx	data	#
C:\Users\user\Desktop\PIVFAGEAAV.mp3	data	#
C:\Users\user\Desktop\ZTGJILHXQB\IPKGELNTQY.pdf	data	#
C:\Users\user\Desktop\ZTGJILHXQB.jpg	data	#
C:\Users\user\Desktop\ZTGJILHXQB.docx	data	#
C:\Users\user\Desktop\ZQIXMVQGAH.pdf	data	#
C:\Users\user\Desktop\ZQIXMVQGAH.mp3	data	#
C:\Users\user\Desktop\ZQIXMVQGAH.jpg	data	#
C:\Users\user\Desktop\WKXEWIOTXI\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\WKXEWIOTXI\ZQIXMVQGAH.mp3	data	#
C:\Users\user\Desktop\WKXEWIOTXI\WKXEWIOTXI.docx	data	#
C:\Users\user\Desktop\WKXEWIOTXI\VAMYDFPUND.xlsx	data	#
C:\Users\user\Desktop\WKXEWIOTXI\UOOJJOZIRH.pdf	data	#
C:\Users\Default\NTUSER.DAT.LOG1	data	#
C:\Users\Public\Libraries\RecordedTV.library-ms	data	#
C:\Users\Public\Downloads\su84mu33c1-readme.txt	data	#
C:\Users\Public\Documents\su84mu33c1-readme.txt	data	#
C:\Users\Public\Desktop\su84mu33c1-readme.txt	data	#
C:\Users\Public\AccountPictures\su84mu33c1-readme.txt	data	#
C:\Users\Default\su84mu33c1-readme.txt	data	#
C:\Users\Default\Videos\su84mu33c1-readme.txt	data	#
C:\Users\Default\Saved Games\su84mu33c1-readme.txt	data	#
C:\Users\Default\Pictures\su84mu33c1-readme.txt	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms	data	#
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf	data	#
C:\Users\Public\Libraries\su84mu33c1-readme.txt	data	#
C:\Users\Default\Music\su84mu33c1-readme.txt	data	#
C:\Users\Default\Links\su84mu33c1-readme.txt	data	#
C:\Users\Default\Favorites\su84mu33c1-readme.txt	data	#
C:\Users\Default\Downloads\su84mu33c1-readme.txt	data	#
C:\Users\Default\Documents\su84mu33c1-readme.txt	data	#
C:\Users\Default\Desktop\su84mu33c1-readme.txt	data	#
C:\Recovery\su84mu33c1-readme.txt	data	#
C:\Program Files\su84mu33c1-readme.txt	data	#
C:\Program Files (x86)\su84mu33c1-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\su84mu33c1-readme.txt	data	#
C:\Program Files (x86)\Microsoft SQL Server\110\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\FENIVHOIKN\CURQNKVOIX.xlsx	data	#
C:\Users\user\Desktop\NEBFQQYWPS.png	data	#
C:\Users\user\Desktop\MXPXCVPDVN\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\IPKGELNTQY.pdf	data	#
C:\Users\user\Desktop\GRXZDKKVDB\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\GRXZDKKVDB.mp3	data	#
C:\Users\user\Desktop\GIGIYTFFYT\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\FENIVHOIKN\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\FENIVHOIKN\ZTGJILHXQB.jpg	data	#
C:\Users\user\Desktop\FENIVHOIKN\WKXEWIOTXI.pdf	data	#
C:\Users\user\Desktop\FENIVHOIKN\VAMYDFPUND.png	data	#
C:\Users\user\Desktop\FENIVHOIKN\SQRKHNBNYN.mp3	data	#
C:\Users\user\Desktop\FENIVHOIKN\FENIVHOIKN.docx	data	#
C:\Program Files (x86)\Microsoft SQL Server\110\Shared\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\FENIVHOIKN.docx	data	#
C:\Users\user\Desktop\EOWRVPQCCS\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\EEGWXUHVUG\su84mu33c1-readme.txt	data	#
C:\Users\user\Desktop\CURQNKVOIX.xlsx	data	#
C:\Users\user\Contacts\su84mu33c1-readme.txt	data	#
C:\Users\user\AppData\Local\Temp\xa288w44oi.bmp	PC bitmap, Windows 3.x format, 1280 x 1024 x 32	#
C:\Users\user\3D Objects\su84mu33c1-readme.txt	data	#
C:\Users\Public\su84mu33c1-readme.txt	data	#
C:\Users\Public\Videos\su84mu33c1-readme.txt	data	#
C:\Users\Public\Pictures\su84mu33c1-readme.txt	data	#
C:\Users\Public\Music\su84mu33c1-readme.txt	data	#

Sample_5fba9b06c7da400016eb6275.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Sample_5fba9b06c7da400016eb6275.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

Sample_5fba9b06c7da400016eb6275.exe