Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

2GirCpksIO.exe

Status: finished
Submission Time: 2021-11-22 15:11:22 +01:00
Malicious
Ransomware
Trojan
Evader
Spyware
GuLoader, GuLoader Lokibot

Comments

Tags

Details

  • Analysis ID:
    526365
  • API (Web) ID:
    893891
  • Analysis Started:
    2021-11-22 15:16:43 +01:00
  • Analysis Finished:
    2021-11-22 15:39:36 +01:00
  • MD5:
    5cc619f7dd365ec061f1f385d25bea30
  • SHA1:
    5b28cb97973da18953fb284648f13257f0aba2f3
  • SHA256:
    7f5124088c09a925ad3a162b4e56391557dfc7d9950b9a55044036698d369d13
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 84
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run Condition: Suspected Instruction Hammering

Third Party Analysis Engines

Open Full Report
malicious
Score: 22/68
malicious
Score: 9/44

IPs

IP Country Detection
192.185.217.246
 United States
68.66.226.70
 United States

Domains

Name IP Detection
afrocompass.com
 68.66.226.70
karinedocesesalgados.com.br
 192.185.217.246

URLs

Name Detection
https://afrocompass.com/karinedocesesalgados_Hpi
http://karinedocesesalgados.com.br/nedo/five/fre.php
https://afrocompass.com/k
Click to see the 17 hidden entries
https://karinedocesesalgados.com.br/nedo/five/fre.php
http://schemas.xmlsoap.org/wsdl/
https://afrocompass.com/c
https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin_
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
http://docs.oasis-open.org/ws-sx/ws-trust/200512
http://schemas.xmlsoap.org/ws/2005/02/trust
http://www.msn.com
http://www.live.com
https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin0;
http://schemas.microso
http://schemas.xmlsoap.org/wsdl/soap12/
http://schemas.xmlsoap.org/wsdl/erties
http://schemas.xmlsoap.org/ws/2004/09/policy
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
https://afrocompass.com/karinedocesesalgados_HpiSWwhaod1.bin

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
 data
 #
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
 data
 #
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
 very short file (no magic)
 #
Click to see the 1 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
 data
 #