local.exe

Status: finished

Submission Time: 2021-06-16 12:18:53 +02:00

Malicious

Ransomware

Evader

Comments

Details

Analysis ID:
435327
API (Web) ID:
802919
Analysis Started:

2021-06-16 12:25:22 +02:00
Analysis Finished:

2021-06-16 12:39:42 +02:00
MD5:
d687eb9fea18e6836bd572b2d180b144
SHA1:
0e7f076d59ab24ab04200415cb35037c619d0bae
SHA256:
863e4557e550dd89e5ca0e43c57a3fc1889145c76ec9787e97f76e959fc8e1e1
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 33/67

malicious

Score: 13/46

URLs

Name	Detection
http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact
https://www.torproject.org/

Dropped files

Name	File Type	Hashes
C:\$Recycle.Bin\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf	data	#
Click to see the 97 hidden entries
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\eula.ini	DOS executable (COM, 0x8C-variant)	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\stopwords.ENU	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_received.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_sent.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_joined.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_same_reviewers.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_browser.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\open_original_form.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\main.css	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\info.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\form_responses.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\ended_review_or_form.gif	DOS executable (COM, 0x8C-variant)	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\end_review.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_initiator.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_all.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\distribute_form.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\create_form.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\br.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\bl.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\add_reviewer.gif	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Certificates_R.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\FillSign.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Menu.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp	MPEG ADTS, AAC, v2 Main, 32 kHz, monaural	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_Full.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Compare_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Home.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\$Recycle.Bin\S-1-5-18\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_extensions.pak	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\How to decrypt files.txt	ASCII text, with CRLF line terminators	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\UnifiedShare.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\en-US.pak	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Review_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Redact_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_CTX.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\InAppSign.aapp	data	#
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\How to decrypt files.txt	ASCII text, with CRLF line terminators	#

local.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

local.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

local.exe