top title background image
flash

RFQ No3756368.exe

Status: finished
Submission Time: 2021-06-15 13:01:16 +02:00
Malicious
Ransomware
Trojan
Spyware
Evader
GuLoader

Comments

Tags

  • exe
  • Loki

Details

  • Analysis ID:
    434725
  • API (Web) ID:
    802329
  • Analysis Started:
    2021-06-15 13:01:16 +02:00
  • Analysis Finished:
    2021-06-15 13:07:51 +02:00
  • MD5:
    ce51f15d31008c3606729b00036fe841
  • SHA1:
    9ed0987c6a26f61afb6fa772dce9b4a6ddd9090c
  • SHA256:
    e4effdebb79bd1b3d2e3a2510a96f44cbf9ca4961340c7ca1f276bd3c527afb2
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 18/68

IPs

IP Country Detection
63.141.228.141
United States
142.250.201.193
United States

Domains

Name IP Detection
googlehosted.l.googleusercontent.com
142.250.201.193
doc-14-7g-docs.googleusercontent.com
0.0.0.0

URLs

Name Detection
http://63.141.228.141/32.php/nuldTOn9SBn3G
https://doc-14-7g-docs.googleusercontent.com/ytq
http://pki.goog/gsr2/GTS1O1.crt0
Click to see the 5 hidden entries
http://crl.pki.goog/gsr2/gsr2.crl0?
https://doc-14-7g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9u2nstv2
https://pki.goog/repository/0
https://doc-14-7g-docs.googleusercontent.com/
http://crl.pki.goog/GTS1O1core.crl0

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
very short file (no magic)
#
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
#