=
We are hiring! Windows Kernel Developer (Remote), apply here!
flash

C.dll

Status: finished
Submission Time: 2022-06-23 17:54:07 +02:00
Malicious
Trojan
Evader
CryptOne, Qbot

Comments

Tags

  • dll

Details

  • Analysis ID:
    651257
  • API (Web) ID:
    1018763
  • Analysis Started:
    2022-06-23 17:54:07 +02:00
  • Analysis Finished:
    2022-06-23 18:05:37 +02:00
  • MD5:
    8b81e6a7702f58b93fdc2b57ab401ffb
  • SHA1:
    2990b8adc8891564c404190bedab55df5027da32
  • SHA256:
    500f85201bcfc0ae49204bd31ed4f055cac1b0b7f8e74339907f5c14b8e711a8
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

URLs

Name Detection
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
http://www.borland.com/namespaces/Types-IAppServerSOAP
https://sectigo.com/CPS0
Click to see the 9 hidden entries
http://www.borland.com/namespaces/Types
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ocsp.sectigo.com0
http://schemas.xmlsoap.org/soap/encoding/
http://ocsp.sectigo.com0#
http://www.borland.com/namespaces/Typeslhttp://www.borland.com/namespaces/Types-IAppServerSOAP

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\C.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d56bdb83eb9d4cf28c9bde832a0f519ccf44d5f_82810a17_0bbf029b\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC572.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Jun 23 15:55:36 2022, 0x1205a4 type
#
Click to see the 9 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB20.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCE7.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Windows\System32\20220623\PowerShell_transcript.724536.04iY03ef.20220623175558.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Windows\System32\20220623\PowerShell_transcript.724536.4jRUxIKh.20220623175701.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Windows\Temp\__PSScriptPolicyTest_5ss0gna4.r3v.psm1
very short file (no magic)
#
C:\Windows\Temp\__PSScriptPolicyTest_cyx5weiu.qmq.psm1
very short file (no magic)
#
C:\Windows\Temp\__PSScriptPolicyTest_et0gmkgs.0m3.ps1
very short file (no magic)
#
C:\Windows\Temp\__PSScriptPolicyTest_hwx3zdj0.32k.ps1
very short file (no magic)
#