Covid21 2.0.exe

Status: finished

Submission Time: 2021-03-28 15:34:33 +02:00

Malicious

Ransomware

Evader

Comments

Details

Analysis ID:
377010
API (Web) ID:
656151
Analysis Started:

2021-03-28 15:34:33 +02:00
Analysis Finished:

2021-03-28 16:09:51 +02:00
MD5:
a7c7f5e792809db8653a75c958f82bc4
SHA1:
7ebe75db24af98efdcfebd970e7eea4b029f9f81
SHA256:
02fea9970500d498e602b22cea68ade9869aca40a5cdc79cf1798644ba2057ca
Technologies:

Engines
IOCs

Joe Sandbox

Download Report	Detection	Info
	malicious
Full Report Management Report IOC Report	malicious Score: 75	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report	malicious Score: 84	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

Open Full Report

malicious

Score: 48/69

Open Full Report

malicious

Score: 13/36

malicious

Score: 23/28

malicious

URLs

Name	Detection
http://www.rjlsoftware.com/?screenscrewopenj
http://www.rjlsoftware.com/?screenscrew
http://www.autohotkey.com
Click to see the 3 hidden entries
http://www.autohotkey.comCould
http://www.rjlsoftware.com
http://www.rjlsoftware.com(

Dropped files

Name	File Type	Hashes
\Device\Harddisk0\DR0	DOS/MBR boot sector	#
C:\Users\user\AppData\Local\Temp\2526.tmp\PayloadMBR.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\covid21\Corona.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 16 hidden entries
C:\Users\user\AppData\Local\Temp\2526.tmp\icons.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2526.tmp\inv.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2526.tmp\mlt.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2526.tmp\CLWCP.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2526.tmp\screenscrew.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2526.tmp\t.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\2526.tmp\x.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\2526.tmp\y.vbs	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\2526.tmp\z.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\2526.tmp\prompt.vbs	ASCII text, with CRLF line terminators	#
C:\covid21\covid.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1080, frames 3	#
C:\Windows\clwcp.bmp	PC bitmap, Windows 3.x format, 1920 x 1080 x 24	#
C:\Users\user\AppData\Local\Temp\2526.tmp\covid.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1080, frames 3	#
C:\Users\user\AppData\Local\Temp\2526.tmp\coronaloop.bat	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\2526.tmp\Covid21.bat	DOS batch file, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\2526.tmp\Corona.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#

Covid21 2.0.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Covid21 2.0.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

Covid21 2.0.exe