_145.exe

Status: finished

Submission Time: 2023-11-06 19:41:07 +01:00

Malicious

Ransomware

Spyware

Evader

Targeted Ransomware, TrojanRansom

Comments

Details

Analysis ID:
1337854
API (Web) ID:
1337854
Analysis Started:

2023-11-06 19:43:30 +01:00
Analysis Finished:

2023-11-06 19:54:21 +01:00
MD5:
b54d7da0fe6869006ffd3b9b470f0dc4
SHA1:
5d0b9521cca0c911d49162e7f416a1463fbaefae
SHA256:
df29d5c4a750663440ce76d6804ce88e03faeef9591ec0b3b9ca348a6c930b7f
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 29/38

malicious

IPs

IP	Country	Detection
91.215.85.142	Russian Federation
173.231.16.77	United States

Domains

Name	IP	Detection
api4.ipify.org	173.231.16.77
api.ipify.org	0.0.0.0

URLs

Name	Detection
http://91.215.85.142/QWEwqdsvsf/ap.phpnQ
http://91.215.85.142/QWEwqdsvsf/ap.php
http://91.215.85.142/QWEwqdsvsf/ap.phpM
Click to see the 24 hidden entries
http://91.215.85.142/QWEwqdsvsf/ap.phpP
http://91.215.85.142/QWEwqdsvsf/ap.phpC:
http://91.215.85.142/QWEwqdsvsf/ap.phpE
http://91.215.85.142/QWEwqdsvsf/ap.phpx
http://91.215.85.142/QWEwqdsvsf/ap.php?
http://91.215.85.142/QWEwqdsvsf/ap.phpContent-Type:
http://91.215.85.142/QWEwqdsvsf/ap.phpr
http://91.215.85.142/RS
http://91.215.85.142/ows
http://api.ipify.org/N
https://login.windows.net/common/oauth2/authorize
https://petrol.offi;
http://91.215.85.142/QWEwqdsvsf/ap.phpata
http://91.215.85.142/QWEwqdsvsf/ap.phpj
http://api.ipify.org/
http://91.215.85.142/QWEwqdsvsf/ap.phpf
https://d.docs.live.net
http://91.215.85.142/QWEwqdsvsf/ap.php_
https://api.pJ;
http://91.215.85.142/
http://api.ipify.org
http://api.ipify.orgx32x64%s
https://login.windows-ppe.net
https://www.torproject.org/download/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst	data	#
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat	data	#
Click to see the 35 hidden entries
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AA3DCC85-1029-4D9F-A8D2-CD0AE28D4CCD	data	#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D4AAED77-3A86-4390-8A8C-B5376696441B	data	#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml	data	#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml	data	#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230170v1.xml	data	#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule230172v1.xml	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\HOW TO BACK FILES.txt	data	#
C:\Recovery\WindowsRE\Winre.wim	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCache\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetCookies\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\INetHistory\HOW TO BACK FILES.txt	data	#
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\HOW TO BACK FILES.txt	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpane.js.map.gz	data	#
C:\EFI\Microsoft\Recovery\BCD	OpenPGP Public Key	#
C:\EFI\Microsoft\Recovery\BCD.LOG	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Model.zip	COM executable for DOS	#
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.Controls.zip	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.zip	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\Ocomprivate.zip	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\fabric.js.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\fabric.js.map.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpane.js.gz	data	#
C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\HOW TO BACK FILES.txt	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpanev2.js.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\taskpanev2.js.map.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\vendor.js.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\vendor.js.map.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\taskpane.js.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\taskpane.js.map.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\vendor.js.gz	data	#
C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\vendor.js.map.gz	data	#

_145.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

_145.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

_145.exe