Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

C.dll

Status: finished
Submission Time: 2022-06-23 17:54:07 +02:00
Malicious
Trojan
Evader
CryptOne, Qbot

Comments

Tags

  • dll

Details

  • Analysis ID:
    651257
  • API (Web) ID:
    1018763
  • Analysis Started:
    2022-06-23 17:54:07 +02:00
  • Analysis Finished:
    2022-06-23 18:05:37 +02:00
  • MD5:
    8b81e6a7702f58b93fdc2b57ab401ffb
  • SHA1:
    2990b8adc8891564c404190bedab55df5027da32
  • SHA256:
    500f85201bcfc0ae49204bd31ed4f055cac1b0b7f8e74339907f5c14b8e711a8
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

URLs

Name Detection
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
http://www.borland.com/namespaces/Types-IAppServerSOAP
https://sectigo.com/CPS0
Click to see the 9 hidden entries
http://www.borland.com/namespaces/Types
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
http://ocsp.sectigo.com0
http://schemas.xmlsoap.org/soap/encoding/
http://ocsp.sectigo.com0#
http://www.borland.com/namespaces/Typeslhttp://www.borland.com/namespaces/Types-IAppServerSOAP

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\C.dll
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d56bdb83eb9d4cf28c9bde832a0f519ccf44d5f_82810a17_0bbf029b\Report.wer
 Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC572.tmp.dmp
 Mini DuMP crash report, 14 streams, Thu Jun 23 15:55:36 2022, 0x1205a4 type
 #
Click to see the 9 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB20.tmp.WERInternalMetadata.xml
 XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCE7.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Windows\System32\20220623\PowerShell_transcript.724536.04iY03ef.20220623175558.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Windows\System32\20220623\PowerShell_transcript.724536.4jRUxIKh.20220623175701.txt
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
 data
 #
C:\Windows\Temp\__PSScriptPolicyTest_5ss0gna4.r3v.psm1
 very short file (no magic)
 #
C:\Windows\Temp\__PSScriptPolicyTest_cyx5weiu.qmq.psm1
 very short file (no magic)
 #
C:\Windows\Temp\__PSScriptPolicyTest_et0gmkgs.0m3.ps1
 very short file (no magic)
 #
C:\Windows\Temp\__PSScriptPolicyTest_hwx3zdj0.32k.ps1
 very short file (no magic)
 #