Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

ZPGRAHNY.msi

Status: finished
Submission Time: 2025-04-09 14:55:22 +02:00
Malicious
Evader

Comments

Tags

  • cdn-jsdelivr-net
  • msi
  • werito-cyou

Details

  • Analysis ID:
    1660803
  • API (Web) ID:
    1660803
  • Analysis Started:
    2025-04-09 15:18:43 +02:00
  • Analysis Finished:
    2025-04-09 15:28:31 +02:00
  • MD5:
    c6d503e78c0dbd38dec0af6f16241218
  • SHA1:
    a7840664f13063a8215d01916a8a7603f5fad8c2
  • SHA256:
    71d41cb38fd9e583b46184cca7ee4180e804db014a2483d8ca4ec63dea5dbc79
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 14/72
malicious
Score: 13/38

IPs

IP Country Detection
104.21.96.1
 United States

Domains

Name IP Detection
bg.microsoft.map.fastly.net
 199.232.214.172
pki-goog.l.google.com
 142.251.40.99
sonorous-horizon-cfd.cfd
 104.21.96.1
Click to see the 1 hidden entries
c.pki.goog
 0.0.0.0

URLs

Name Detection
https://www.deezer.com/ajax/gw-light.php?method=deezer.getUserData&input=3&api_version=1.0&api_token
https://api.tunesmake.com/api/
https://api.joyoshare.com/api/drmarehttps://api.drmare.com/api/audfreehttps://api.audfree.com/api/tu
Click to see the 54 hidden entries
https://api.joyoshare.com/api/
https://desktop.tidal.com/v1/pages/mix?mixId=%s&countryCode=US&locale=en_US&deviceType=DESKTOP
http://www.andymatuschak.org/xml-namespaces/sparkle#version
https://api.audpat.com/api/
https://api.tuneskit.com/api/
https://open.spotify.com
https://api.audfree.com/api/
https://api.drmare.com/api/
https://api.viwizard.com/api/product/redirect?pid=97520&lang=en&page_type=help
https://api.acemovi.com/api/
https://open.spotify.com/show/
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.a
https://api.magfone.com/api/
https://api.spotify.com/v1/playlists/
https://desktop.tidal.com/v1/pages/album?albumId=%s&countryCode=US&locale=en_US&deviceType=DESKTOP
http://www.info-zip.org/
https://api.spotify.com/v1/episodes/
https://open.spotify.com/album/
https://www.spotify.com/download
https://api.audkit.com/api/
https://api.viwizard.com/api/product/redirect?pid=97520&lang=en&page_type=buy
https://api.viwizard.comViwizardmain.xmlMMMainWindowbtnMinbtnRestorebtnMaxbtnMenubtnAddFilesbtnConve
https://desktop.tidal.com/v1/
https://desktop.tidal.com/v1/pages/artist?artistId=%s&countryCode=US&locale=en_US&deviceType=DESKTOP
http://www.andymatuschak.org/xml-namespaces/sparkle#minimumSystemVersion
https://api.audfun.com/api/
https://api.viwizard.com/api/
http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString
http://sonorous-horizon-cfd.cfd/c
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink
https://api.viwizard.com/api/product/redirect?pid=97520&lang=en&page_type=buymRegistermHelphttps://a
https://open.spotify.com/episode/
https://open.spotify.com/playlist/
https://winsparkle.org).
https://open.spotify.com/token
https://api.spotify.com/v1/tracks/
https://api.spotify.com/v1/shows/
http://www.andymatuschak.org/xml-namespaces/sparkle#os
http://www.andymatuschak.org/xml-namespaces/sparkle#installerArguments
http://tuneskit.com/app_update_files/spotifyconverter/win_update.xml(
https://api.audcable.com/api/
https://api.audbite.com/api/
https://api.tunelf.com/api/
https://curl.haxx.se/docs/http-cookies.html
https://curl.haxx.se/docs/http-cookies.html#
https://open.spotify.com/track/
https://open.spotify.com/embed/
https://api.viwizard.com
https://open.spotify.com/
https://api.spotify.com/v1/albums/
https://http://127.0.0.1:1%04d%05d.spotilocal.com:%d
https://api.audkeep.com/api/
https://www.deezer.com/ajax/gw-light.php?method=
https://open.spotify.comhttps://open.spotify.com/tokenerrormessagetfaketoken/simplecsrf/token.jsonto

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Laburnum\VWSpotifyMusicConverter.exe
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Laburnum\WinSparkle.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Users\user\AppData\Local\Temp\ejdhfntki
 PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
 #
Click to see the 2 hidden entries
C:\Users\user\AppData\Local\Temp\rwqmsexyarwar
 PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
 #
C:\Users\user\AppData\Roaming\syncLoad_Ewz\VWSpotifyMusicConverter.exe
 Unknown
 #