SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll

Status: finished

Submission Time: 2022-11-30 00:32:06 +01:00

Malicious

Trojan

Evader

Luca Stealer

Comments

Details

Analysis ID:
756307
API (Web) ID:
1123583
Analysis Started:

2022-11-30 00:32:06 +01:00
Analysis Finished:

2022-11-30 00:48:08 +01:00
MD5:
977f29431f9233f22f51b3d27e8abc28
SHA1:
7999931d13db79b25e8660065fbbe5288dc04d7e
SHA256:
b875add23dbf8b2942af53c0610c779c4263dacdf69186a3d4c9c09c3ebebdbe
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	clean Score: 2	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
	Full Report Management Report IOC Report	malicious Score: 52	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 Run Condition: Run with higher sleep bypass

IPs

IP	Country	Detection
191.252.51.12	Brazil

Domains

Name	IP	Detection
anydesk10.hospedagemdesites.ws	191.252.51.12

URLs

Name	Detection
https://discord.com/DDiscordBot
https://docs.rs/getrandom#nodejs-es-module-supportCalling
https://discord.com/api/v10/stage-instanceshttps://discord.com/api/v10/stage-instances/
Click to see the 27 hidden entries
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-oC:
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e00630068006500
https://discord.com/api/v10/applications//commands/
https://freegeoip.app/json/
http://ip-api.com/json/
https://discord.com/api/v10/sticker-packshttps://discord.com/api/v10/users/
https://discord.com/api/v10/channels/
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e006e0061007600
https://freegeoip.app/json/X
https://discord.com/api/v10/oauth2/applications/
https://curl.se/docs/hsts.html
https://status.discord.com/api/v2/incidents/unresolved.jsonhttps://status.discord.com/api/v2/schedul
https://discord.com/api/v10/users/
http://anydesk10.hospedagemdesites.ws/UIServices.jpg
https://ipapi.co//json/
https://discord.com/api/v10/interactions//callback
https://discord.com/api/v10/guilds/iconbannerjoined_atstring
https://curl.se/docs/alt-svc.html
https://discord.com/
https://discord.com/api/v10/voice/regionshttps://discord.com/api/v10/webhooks/
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-o%temp%
http://ipwhois.app/json/
https://github.com/serenity-rs/serenity
https://discord.com/api/v10/guildshttps://discord.com/api/v10/invites/
https://discord.com/api/v10/gatewayhttps://discord.com/api/v10/gateway/bot
https://curl.se/docs/http-cookies.html
https://api.telegram.org/bot

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\UIServices.exe (copy)	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\UIServices.exe (copy)	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\UIServices.exe (copy)	PE32+ executable (GUI) x86-64, for MS Windows	#
Click to see the 53 hidden entries
C:\Windows\Temp\~DF4DE7771CC64A5A9A.TMP	data	#
C:\Windows\Installer\MSIC14D.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSIECC4.tmp	data	#
C:\Windows\Installer\MSIECF4.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\SourceHash{F73CE0E6-78CF-454D-9161-7ECE19A3E9D5}	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Logs\DPX\setupact.log	CSV text	#
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	#
C:\Windows\Temp\~DF08EC10C6FA1D2184.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF0E992ED88844D6C1.TMP	data	#
C:\Windows\Temp\~DF17A798673345C078.TMP	data	#
C:\Windows\Temp\~DF25B15AEE30697DAD.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF36464CBF16E54E06.TMP	data	#
C:\Windows\Temp\~DF49A8548405E9067B.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Installer\MSI8CB0.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Temp\~DF4F91D2AF9D4E15DB.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DF62C5956E9BC9E586.TMP	data	#
C:\Windows\Temp\~DF7B2A307C8AA17666.TMP	data	#
C:\Windows\Temp\~DF83A0503CF199010F.TMP	data	#
C:\Windows\Temp\~DF8F3DF616D8AE56F9.TMP	data	#
C:\Windows\Temp\~DFB2ED7D6DF90FC402.TMP	data	#
C:\Windows\Temp\~DFC0DF350B38604086.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFCBACE4E1BA405D3C.TMP	data	#
C:\Windows\Temp\~DFCCBD8EB92D670390.TMP	data	#
C:\Windows\Temp\~DFCE0B9ADDDB293763.TMP	Composite Document File V2 Document, Cannot read section info	#
C:\Windows\Temp\~DFF7B6CD3F78D0E5AF.TMP	data	#
\Device\ConDrv	ASCII text, with CRLF, CR, LF line terminators	#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\1305f6fe679b4fa294331bb6eb899bc4$dpx$.tmp\0eae52cd25d2e54183e98bebd14ba490.tmp	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MSIbc4f7.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files.cab	Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression	#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\537a39cd2c1b400e9f1169024b13d68d$dpx$.tmp\29b46379382ed74d83879371e86987c8.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\537a39cd2c1b400e9f1169024b13d68d$dpx$.tmp\3439ecd5563108439a8db68236176daf.tmp	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\vcruntime140.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\msiwrapper.ini	data	#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files.cab	Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression	#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\c52dbbfefebf4f3e88ce36e5881f78eb$dpx$.tmp\67fcf2e8352ef94eab64e4a4d4509680.tmp	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\c52dbbfefebf4f3e88ce36e5881f78eb$dpx$.tmp\fcfd202f570ae346b7d75b811246e386.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\vcruntime140.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\msiwrapper.ini	data	#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files.cab	Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression	#
C:\Windows\Installer\MSI931A.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\1305f6fe679b4fa294331bb6eb899bc4$dpx$.tmp\30833088ae6bfb4abc107567083083c9.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\vcruntime140.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\msiwrapper.ini	data	#
C:\Users\user\AppData\Local\Temp\spclwow78x.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)	#
C:\Windows\Installer\3bbba0.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)	#
C:\Windows\Installer\3bbba1.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)	#
C:\Windows\Installer\3bbba2.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…)	#
C:\Windows\Installer\MSI1F1E.tmp	data	#
C:\Windows\Installer\MSI1F4D.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI24FC.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Windows\Installer\MSI8C81.tmp	data	#
C:\Users\user\AppData\Local\Temp\MSIbbb33.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#

SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll