top title background image
flash

os9TZxfmTZ.exe

Status: finished
Submission Time: 2021-04-12 08:47:35 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
FormBook GuLoader

Comments

Tags

  • exe
  • GuLoader

Details

  • Analysis ID:
    385246
  • API (Web) ID:
    672591
  • Analysis Started:
    2021-04-12 08:58:09 +02:00
  • Analysis Finished:
    2021-04-12 09:13:05 +02:00
  • MD5:
    ad0c93b574bb947cff15483eda82811e
  • SHA1:
    ad379c5a86bf646c4a079e737a364ab352107e5b
  • SHA256:
    bcaac39113bd17158fe86a77328f97e9c3fa14860c9c4449a8ae0768c85243f4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 58/70
malicious
Score: 46/48
malicious

IPs

IP Country Detection
103.67.236.191
India
74.125.143.82
United States

Domains

Name IP Detection
demo.sdssoftltd.co.uk
103.67.236.191
www.slymwhite.com
0.0.0.0
vccmd03.googlecode.com
0.0.0.0
Click to see the 6 hidden entries
vccmd01.t35.com
0.0.0.0
vccmd01.googlecode.com
0.0.0.0
vccmd02.googlecode.com
0.0.0.0
vccmd01.zxq.net
0.0.0.0
www.postphenomenon.com
35.186.238.101
googlecode.l.googleusercontent.com
74.125.143.82

URLs

Name Detection
https://demo.sdssoftltd.co.uk/bin_iOxAb78.binhttp://103.141.138.118/bin_iOxAb78
https://demo.sdssoftltd.co.uk/bin_iOxAb78.bin
www.evolvekitchendesign.com/ffw/
Click to see the 32 hidden entries
http://vccmd02.googlecode.com/
http://schemas.xmlsoap.org/ws/2
http://vccmd01.t35.com/cmsys.gifusercontent.comn
http://vccmd01.zxq.net/01.zxq.net/cmsys.gifusercontent.comu
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
http://vccmd01.googlecode.com/files/cmsys.gifA
http://vccmd01.googlecode.com/files/cmsys.gif
http://vccmd01.t35.com/cmsys.gifr
http://vccmd03.googlecode.com/files/cmsys.gifP%n
http://vccmd01.zxq.net/e.com/files/cmsys.gif
http://vccmd01.zxq.net/cmsys.gifH
http://vccmd03.googlecode.com/files/cmsys.gifC%c
http://vccmd01.zxq.net/cmsys.gif
https://activity.windows.com
http://vccmd01.googlecode.com/
https://%s.dnet.xboxlive.com
http://vccmd01.zxq.net/
http://vccmd03.googlecode.com/files/cmsys.gif
http://vccmd01.zxq.net/cmsys.gift
http://vccmd01.t35.com/cmsys.gifnw
https://%s.xboxlive.com
http://vccmd01.zxq.net/cmsys.gifr
http://vccmd01.t35.com/cmsys.gif
http://vccmd01.googlecode.com/files/cmsys.gift
http://103.141.138.118/bin_iOxAb78.bin
http://vccmd02.googlecode.com/files/cmsys.gif
http://vccmd01.zxq.net/cmsys.gifVw
http://vccmd02.googlecode.com/files/cmsys.gifi%I
http://vccmd01.zxq.net/cmsys.gifllxw
http://vccmd03.googlecode.com/
https://demo.sdssoftltd.co.uk/bin_iOxAb78.binhttp://103.141.138.118/bin_iOxAb78.bin
http://vccmd01.t35.com/e.com/files/cmsys.gif

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\icsys.icn.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\stsys.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\mrsys.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 8 hidden entries
C:\Users\user\Desktop\os9tzxfmtz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\System\explorer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\System\spoolsv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Windows\System\svchost.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x2ec74ff6, page size 16384, DirtyShutdown, Windows version 10.0
#
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
#
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
#