top title background image
flash

_145.exe

Status: finished
Submission Time: 2023-11-06 19:41:07 +01:00
Malicious
Ransomware
Spyware
Evader
Targeted Ransomware, TrojanRansom

Comments

Tags

  • exe
  • mallox
  • ransomware

Details

  • Analysis ID:
    1337854
  • API (Web) ID:
    1337854
  • Analysis Started:
    2023-11-06 19:43:30 +01:00
  • Analysis Finished:
    2023-11-06 19:54:21 +01:00
  • MD5:
    b54d7da0fe6869006ffd3b9b470f0dc4
  • SHA1:
    5d0b9521cca0c911d49162e7f416a1463fbaefae
  • SHA256:
    df29d5c4a750663440ce76d6804ce88e03faeef9591ec0b3b9ca348a6c930b7f
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 29/38
malicious
malicious

IPs

IP Country Detection
91.215.85.142
Russian Federation
173.231.16.77
United States

Domains

Name IP Detection
api4.ipify.org
173.231.16.77
api.ipify.org
0.0.0.0

URLs

Name Detection
http://91.215.85.142/QWEwqdsvsf/ap.phpnQ
http://91.215.85.142/QWEwqdsvsf/ap.php
http://91.215.85.142/QWEwqdsvsf/ap.phpM
Click to see the 24 hidden entries
http://91.215.85.142/QWEwqdsvsf/ap.phpP
http://91.215.85.142/QWEwqdsvsf/ap.phpC:
http://91.215.85.142/QWEwqdsvsf/ap.phpE
http://91.215.85.142/QWEwqdsvsf/ap.phpx
http://91.215.85.142/QWEwqdsvsf/ap.php?
http://91.215.85.142/QWEwqdsvsf/ap.phpContent-Type:
http://91.215.85.142/QWEwqdsvsf/ap.phpr
http://91.215.85.142/RS
http://91.215.85.142/ows
http://api.ipify.org/N
https://login.windows.net/common/oauth2/authorize
https://petrol.offi;
http://91.215.85.142/QWEwqdsvsf/ap.phpata
http://91.215.85.142/QWEwqdsvsf/ap.phpj
http://api.ipify.org/
http://91.215.85.142/QWEwqdsvsf/ap.phpf
https://d.docs.live.net
http://91.215.85.142/QWEwqdsvsf/ap.php_
https://api.pJ;
http://91.215.85.142/
http://api.ipify.org
http://api.ipify.orgx32x64%s
https://login.windows-ppe.net
https://www.torproject.org/download/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst
data
#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
data
#
Click to see the 35 hidden entries
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AA3DCC85-1029-4D9F-A8D2-CD0AE28D4CCD
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D4AAED77-3A86-4390-8A8C-B5376696441B
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\HOW TO BACK FILES.txt
data
#
C:\Recovery\WindowsRE\Winre.wim
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCache\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCookies\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetHistory\HOW TO BACK FILES.txt
data
#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\HOW TO BACK FILES.txt
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpane.js.map.gz
data
#
C:\EFI\Microsoft\Recovery\BCD
OpenPGP Public Key
#
C:\EFI\Microsoft\Recovery\BCD.LOG
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Model.zip
COM executable for DOS
#
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.Controls.zip
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.zip
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\Ocomprivate.zip
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\fabric.js.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\fabric.js.map.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpane.js.gz
data
#
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\HOW TO BACK FILES.txt
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpanev2.js.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpanev2.js.map.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\vendor.js.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\vendor.js.map.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\taskpane.js.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\taskpane.js.map.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\vendor.js.gz
data
#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\vendor.js.map.gz
data
#