ZunmmW7pe5.exe

Status: finished

Submission Time: 2022-05-14 15:16:18 +02:00

Malicious

Ransomware

Rook

Comments

Details

Analysis ID:
626600
API (Web) ID:
994106
Analysis Started:

2022-05-14 15:16:18 +02:00
Analysis Finished:

2022-05-14 15:22:50 +02:00
MD5:
6d87be9212a1a0e92e58e1ed94c589f9
SHA1:
19ce538b2597da454abf835cff676c28b8eb66f7
SHA256:
c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 54/68

Open Full Report

malicious

Score: 8/29

malicious

Score: 24/27

malicious

URLs

Name	Detection
https://torproject.org/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-BH\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-AE\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\input\af-ZA\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\Low\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\PrivacIE\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Low\ESE\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\ESE\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\Low\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\DNTException\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-DZ\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\GameDVR\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Feeds\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Event Viewer\Views\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Event Viewer\Settings.Xml.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\Event Viewer\RecentViews.Rook	DOS executable (COM)	#
C:\Users\user\AppData\Local\Microsoft\Event Viewer\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Credentials\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Linguistics\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Headlights\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Flash Player\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.Rook	data	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-KW\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-JO\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-IQ\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\input\ar-EG\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Color\Profiles\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Color\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt21.lst.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst.Rook	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt21.lst.Rook	PGP\011Secret Sub-key -	#
C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\ARM\S\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Adobe\ARM\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\3D Objects\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mmc.exe.log.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\vncpassword.exe.log.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\howtorestoreyourfiles.txt.Rook	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource.Rook	data	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp.Rook	data	#
C:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v2.0_32\UsageLogs\howtorestoreyourfiles.txt.Rook (copy)	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst.Rook	data	#
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.Rook	data	#
C:\Users\user\AppData\Local\Comms\Unistore\data\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Comms\Unistore\data\AggregateCache.uca.Rook	data	#
C:\Users\user\AppData\Local\Comms\Unistore\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx.Rook	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.Rook	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.Rook	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp.Rook	data	#
C:\Users\user\AppData\Local\Comms\UnistoreDB\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Comms\HowToRestoreYourFiles.txt	ASCII text, with CRLF, LF line terminators	#

ZunmmW7pe5.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

ZunmmW7pe5.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

URLs

Dropped files

Search started

ZunmmW7pe5.exe