Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

wogZe27GBB.exe

Status: finished
Submission Time: 2021-09-15 13:41:51 +02:00
Malicious
Evader

Comments

Tags

  • exe
  • MappingOOO
  • signed

Details

  • Analysis ID:
    483790
  • API (Web) ID:
    851359
  • Analysis Started:
    2021-09-15 13:43:48 +02:00
  • Analysis Finished:
    2021-09-15 14:17:22 +02:00
  • MD5:
    5efc68abd7fec415e34980d95a06a66a
  • SHA1:
    34b243a0b3e322b8983b528caa5849395360a91d
  • SHA256:
    0f655a8ac0d7fdc7ac44fdd9799129848faf9c73bfa0e108fd903de439447232
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 72
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious
Score: 20/28

IPs

IP Country Detection
185.188.32.22
 Germany
188.172.198.151
 Austria
45.153.241.148
 Germany

Domains

Name IP Detection
master12.teamviewer.com
 185.188.32.22
widolapsed.info
 45.153.241.148
ping3.dyngate.com
 0.0.0.0

URLs

Name Detection
https://widolapsed.info/vider/Resources/DisplayNamev
http://188.172.198.151/client=DynGate&rnd=78504903&p=10000001
https://widolapsed.info/-resource://Microsoft.Microsoft3DViewer4
Click to see the 97 hidden entries
https://dev.virtualearth.net/REST/v1/Routes/Transit
https://widolapsed.info/8C631A8/ources/DisplayNamev
https://widolapsed.info/B8C631A8/resource://Microso
https://dynamic.t
http://nsis.sf.net/NSIS_Error
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
https://widolapsed.info/~
https://widolapsed.info/64__8wekyb3d8bbwe?ms-resource://Microso
http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5Mko
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002l
https://widolapsed.info/B8C631A8/ources/DisplayNamev
https://widolapsed.info/apsed.info/ameCallableUI/resources/Pkg
http://www.teamviewer.com/ja/integrated/trial.aspx?ID=%1%&IC=%2%
http://www.teamviewer.com/download/beta.aspx
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
https://dev.virtualearth.net/REST/v1/Locations
https://%s.xboxlive.com
https://widolapsed.info/i
https://widolapsed.info/ervice
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
http://nsis.sf.net/NSIS_ErrorError
http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001v
http://www.teamviewer.com/CConnectionHistoryManager::createMessageString():
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
http://www.teamviewer.com/download/version_5x/TeamViewerQS.exe
https://widolapsed.info/s/StoreAppName
https://widolapsed.info/1
http://188.172.198.151/
https://widolapsed.info/apsed.info/B8C631A8/lopmentPropertiesh
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
https://dev.virtualearth.net/REST/v1/Routes/Driving
http://ocsp.sectigo.com0
https://widolapsed.info/apsed.info/3DViewer_2.1803.8022.0_x64_
https://widolapsed.info/8C631A8/al_cw5n1h2txyewy?m0
http://master12.teamviewer.com/dout.aspx?s=40082873&p=10000001&client=DynGate&data=FyQS6QChtjSytzoeq
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://www.teamviewer.com/download/version_4x/TeamViewerQS.exe
http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002er12.teamviewer.com
https://www.teamviewer.com/licensing/order.aspx?lng=ja
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
https://widolapsed.info/B8C631A8/leUI/resources/Pkg
http://www.teamviewer.com/ja/licensing/commercialuse.aspx
https://widolapsed.info/8C631A8/resource://Microso
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client
http://www.teamviewer.com/ja/company/shutdown.aspx
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
https://dev.virtualearth.net/REST/v1/Routes/Walking
https://widolapsed.info/B8C631A8/9
https://widolapsed.info/B8C631A8/8
http://mastr12.teamviewer.com/din.aspx?s=0000000&client=DynGate&rnd=7
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
http://www.TeamViewer.com/download
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
https://widolapsed.info/8C631A8/esources/StoreAppN
https://widolapsed.info/8C631A8/e
http://www.TeamViewer.com/help
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=10000002
http://188.172.198.151/din.aspx?s=00000000&m=fast&client=DynGate&rnd=78504903&p=10000001
http://master12.teamviewer.com/dout.aspx?s=40082849&p=10000001&client=DynGate&data=FyQSawCjHqkys5MkoZ6aGJqbGZocGBMkoh6YEyagoZ6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyakoh6YPDKxsxoxMRizMZqcGy+Ym5wYGpuYGRsbkyepnqu0txmXGJiTKx6YmpcYFxscG5AoqQ==
https://widolapsed.info/B8C631A8/ackageDisplayName
https://t0.tiles.ditu.live.com/tiles/gen
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
https://widolapsed.info/apsed.info/
https://widolapsed.info/apsed.info/tral_neutral_cw5n1h2txyewy?
https://widolapsed.info/apsed.info/B8C631A8/ources/DisplayNamev
https://widolapsed.info/apsed.info/B8C631A8/soft.Microsoft3DVi
https://dev.ditu.live.com/REST/v1/Routes/
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGated
http://188.172.198.151/dout.aspx?s=12418339&p=10000002&client=DynGate
https://widolapsed.info/apsed.info/s/StoreAppName
https://www.teamviewer.com/buy-now/?utm_medium=masterads&utm_source=master-commercial-use&utm_campai
https://widolapsed.info/a
http://crl.ver)
https://widolapsed.info/3DViewer_2.1803.8022.0_x64_
https://widolapsed.info/B8C631A8/d.info/B8C631A8/
https://widolapsed.info/B8C631A8/esources/StoreAppN
http://master12.teamviewer.com/dout.aspx?s=40082864&p=10000001&client=DynGate&data=FyQS8gCjHqmyuim0s7cwujq5MqWyvJMkoZ6aGJqbGZocGBMkoh6ZnJiYGJucHBwTJqSiHpg8MrGzGjExGLMxmpwbL5ibnBgam5gZGxuTKx6YmpcYFxscG5AoqZMhNLcwuTyegwEAAAASAAApKaCYgAIAAAiAAAB7ySFOURDklGN3FXhtz5fQYcmcXiwT9YXrd7SP4wIu0YyOFYq9yPUEQYpaG7+wnhbl5r+tU8j1VcHRkBZSOJG/A0Y7yY1YSgbi8gOUCGFRO/w26w+YKCZHaxwju7In6AFwX2azSetPIMUWj5HFTKPx6LGZM3a+27DQaxFWt7lD4A==
https://widolapsed.info/B8C631A8/lopmentPropertiesh
https://dev.virtualearth.net/REST/v1/Routes/
https://widolapsed.info/
http://www.teamviewer.com/favicon.ico
https://widolapsed.info/8C631A8/9
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
http://www.teamviewer.com/help/connectivity.aspx:
http://www.teamviewer.com/help/support.aspxK
https://widolapsed.info/B8C631A8/lopmentPropertiesl
http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001
https://widolapsed.info/2i
https://widolapsed.info/apsed.info/8C631A8/9
http://www.bingmapsportal.com
http://master12.teamviewer.com/din.aspx?s=00000000&client=DynGate&rnd=78504903&p=10000001&%
http://www.TeamViewer.com#http://www.TeamViewer.com/licensing
https://widolapsed.info/B8C631A8/pName
https://appexmapsappupdate.blob.core.windows.net
http://master12.teamviewer.com/din.aspx?s=40082864&client=DynGate&p=10000002
http://188.172.198.151/din.aspx?s=12418339&m=fast&client=DynGate&p=1000

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Roaming\ViberPC\Icons\UniPrint.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\ViberPC\Icons\TV.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
 data
 #
Click to see the 14 hidden entries
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
 data
 #
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Roaming\ViberPC\Icons\vpn.cab
 Microsoft Cabinet archive data, 71196 bytes, 8 files
 #
C:\Users\user\AppData\Roaming\ViberPC\Icons\Teamviewer_Resource_ja.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Roaming\ViberPC\Icons\TeamViewer.ini
 data
 #
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001cd (copy)
 data
 #
C:\ProgramData\Microsoft\Network\Downloader\edb.log
 data
 #
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001.. (copy)
 data
 #
C:\Users\user\AppData\Local\Temp\nsaF7DF.tmp
 data
 #
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
 data
 #
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
 data
 #
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
 data
 #
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
 data
 #
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
 Extensible storage engine DataBase, version 0x620, checksum 0xbcd629f4, page size 16384, DirtyShutdown, Windows version 10.0
 #