dlawt.exe

Status: finished

Submission Time: 2022-09-28 07:22:08 +02:00

Malicious

Trojan

Evader

GuLoader, NanoCore

Comments

Details

Analysis ID:
711461
API (Web) ID:
1078916
Analysis Started:

2022-09-28 07:22:08 +02:00
Analysis Finished:

2022-09-28 07:45:00 +02:00
MD5:
cf313a27bceba36c7fa863ba1e935676
SHA1:
4ff90062880efe58e6e26ded7f166c5786e201db
SHA256:
d4fba0fc4c7c1335a5b6be72e575a2a9a400a5fd9b0aed69389d4bba8fac7527
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 52	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 96	System: Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 Run Condition: Suspected Instruction Hammering

IPs

IP	Country	Detection
137.63.71.51	Seychelles
142.250.186.174	United States
142.250.186.97	United States

Domains

Name	IP	Detection
drive.google.com	142.250.186.174
googlehosted.l.googleusercontent.com	142.250.186.97
doc-0g-38-docs.googleusercontent.com	0.0.0.0

URLs

Name	Detection
http://openoffice.org/2000/drawing
http://openoffice.org/2000/office
http://mozilla.org/MPL/2.0/.
Click to see the 16 hidden entries
http://openoffice.org/2000/datastyle
https://doc-0g-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7ccvegr5
https://doc-0g-38-docs.googleusercontent.com/
https://doc-0g-38-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/7ccvegr5baur8gb8av4io695h7c3rd6h/1664343150000/14816144373961604306/*/12kdF3UKFZK3CB9va21Q67UlQDNdJJSzV?e=download&uuid=3cf3d666-d660-416c-bcce-539871aa28db
http://openoffice.org/2000/text
http://nsis.sf.net/NSIS_ErrorError
http://openoffice.org/2000/meta
http://sun.com/2000/XMLSearch
http://jimmac.musichall.czif
http://openoffice.org/2000/table
http://openoffice.org/2000/help
http://openoffice.org/2000/style
https://doc-0g-38-docs.googleusercontent.com/c
http://openoffice.org/2000/chart
http://creativecommons.org/licenses/by-sa/4.0/
http://www.apache.org/licenses/LICENSE-2.0

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\tmp7A08.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat	ISO-8859 text, with no line terminators, with escape sequences	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\mmapwarm.c	C source, ASCII text	#
Click to see the 31 hidden entries
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-drag-accept-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-visiting.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\format-text-bold-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\format-text-direction-symbolic-rtl.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\go-previous-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\idxcaption.xsl	exported SGML document, ASCII text	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\media-playback-stop-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\media-playlist-repeat.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\drive-harddisk-solidstate-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Isdkkede\Charterrejsens\phone-apple-iphone-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\preferences-desktop-theme.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\text-x-generic.png	PNG image data, 16 x 16, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\user-offline.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\view-wrapped-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
\Device\ConDrv	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-download.png	PNG image data, 16 x 16, 8-bit colormap, non-interlaced	#
C:\Program Files (x86)\DSL Monitor\dslmon.exe	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\dialog-information-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Baggesen\changes-prevent-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Baggesen\audio-x-generic-symbolic.symbolic.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Bacin\Besjlings\network-wireless-connected-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Arbejdskraftproblemer\Lakridset.bmp	PC bitmap, Windows 3.x format, 72 x 399 x 24	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Arbejdskraftproblemer\CoverEdCtrl.manifest	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Algae62\plkkers\Reputation\network-cellular-4g-symbolic.svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\task.dat	ASCII text, with no line terminators	#
C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\catalog.dat	data	#
C:\Users\user\AppData\Local\Temp\tmp7C99.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\nsb1C0A.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\Overhumanise\Supplicatingly.exe	data	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dslmon.exe.log	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\caspol.exe.log	ASCII text, with CRLF line terminators	#

dlawt.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

dlawt.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

dlawt.exe