main2.dll

Status: finished

Submission Time: 2023-05-30 18:00:11 +02:00

Malicious

Trojan

Evader

Qbot

Comments

Details

Analysis ID:
878476
API (Web) ID:
1245463
Analysis Started:

2023-05-30 18:08:34 +02:00
Analysis Finished:

2023-05-30 18:23:49 +02:00
MD5:
5e107608dd00957472db2c1fcc77599d
SHA1:
d9bfa3e88ca0f86182cb84d4008ac6b346b755e9
SHA256:
185737016a01e84bf88523a4681723b4f2d0d22520e77b76740cc3c6323e38bf
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
76.16.49.134	United States
122.186.210.254	India
89.129.109.27	Spain
Click to see the 96 hidden entries
81.229.117.95	Sweden
82.125.44.236	France
98.145.23.67	United States
70.28.50.223	Canada
27.0.48.233	India
103.144.201.56	unknown
80.6.50.34	United Kingdom
78.18.105.11	Ireland
103.42.86.42	India
201.244.108.183	Colombia
79.77.142.22	United Kingdom
193.253.100.236	France
94.207.104.225	United Arab Emirates
85.104.105.67	Turkey
69.242.31.249	United States
89.36.206.69	Italy
76.178.148.107	United States
151.65.167.77	Italy
102.159.188.125	Tunisia
205.237.67.69	Canada
41.228.224.161	Tunisia
2.82.8.80	Portugal
58.186.75.42	Viet Nam
113.11.92.30	Bangladesh
92.9.45.20	United Kingdom
198.2.51.242	United States
2.36.64.159	Italy
24.198.114.130	United States
103.123.223.133	India
220.240.164.182	Australia
71.38.155.217	United States
50.68.204.71	Canada
65.95.141.84	Canada
223.166.13.95	China
70.112.206.5	United States
78.160.146.127	Turkey
92.154.17.149	France
86.173.2.12	United Kingdom
176.142.207.63	France
79.168.224.165	Portugal
213.64.33.61	Sweden
12.172.173.82	United States
50.68.186.195	Canada
186.75.95.6	Panama
122.184.143.86	India
90.78.147.141	France
14.192.241.76	Malaysia
151.62.238.176	Italy
64.121.161.102	United States
82.131.141.209	Hungary
68.203.69.96	United States
73.29.92.128	United States
84.35.26.14	Netherlands
184.181.75.148	United States
124.149.143.189	Australia
183.87.163.165	India
47.34.30.133	United States
84.108.200.161	Israel
173.88.135.179	United States
178.175.187.254	Moldova Republic of
114.143.176.236	India
161.142.103.187	Malaysia
174.4.89.3	Canada
92.186.69.229	France
105.184.103.97	South Africa
184.182.66.109	United States
84.215.202.8	Norway
86.195.14.72	France
83.110.223.61	United Arab Emirates
75.143.236.149	United States
70.160.67.203	United States
78.92.133.215	Hungary
86.132.236.117	United Kingdom
69.133.162.35	United States
81.111.108.123	United Kingdom
80.12.88.148	France
95.45.50.93	Ireland
47.205.25.170	United States
85.57.212.13	Spain
51.14.29.227	United Kingdom
88.126.94.4	France
124.122.47.148	Thailand
96.56.197.26	United States
75.109.111.89	United States
96.87.28.170	United States
147.147.30.126	United Kingdom
76.86.31.59	United States
59.28.84.65	Korea Republic of
86.176.144.234	United Kingdom
81.101.185.146	United Kingdom
125.99.76.102	India
188.28.19.84	United Kingdom
186.64.67.30	Argentina
147.154.26.35	United States
87.248.100.215	United Kingdom
54.161.105.65	United States

Domains

Name	IP	Detection
new-fp-shed.wg1.b.yahoo.com	87.248.100.215
oracle.com	147.154.26.35
yahoo.com	54.161.105.65
Click to see the 2 hidden entries
www.yahoo.com	0.0.0.0
www.oracle.com	0.0.0.0

URLs

Name	Detection
https://s.yimg.com/aaq/vzm/cs_1.4.0.js
https://www.yahoo.com/px.gif
https://www.yahoo.com/
Click to see the 71 hidden entries
https://s.yimg.com/uc/sf/0.1.322/js/safe.min.js
https://developer.oracle.com/python/what-is-python/
http://upx.sf.net
https://www.oracle.com/asset/web/favicons/favicon-152.png
https://tms.oracle.com/main/prod/utag.sync.js
http://www.yahoo.com/
https://search.oracle.com/events?q=&lang=english
https://www.oracle.com/
https://www.oracle.com/asset/web/favicons/favicon-32.png
https://tms.oracle.com/main/prod/utag.js
https://www.oracle.com/asset/web/favicons/favicon-128.png
https://www.oracle.com/corporate/accessibility/
https://s.yimg.com/aaq/hc/homepage-pwa-defer-1.1.6.js
https://dc.oracleinfinity.io
https://s.yimg.com/aaq/nel/js/spotIm.custom.SpotIMJAC.modal.9d3270fa67932556c75baaed2c09c955.js
https://c.go-mpulse.net
https://profile.oracle.com/myprofile/account/create-account.jspx
https://openweb.jac.yahoosandbox.com/1.5.0/jac.js
https://www.oracle.com/webapps/redirect/signon?nexturl=
https://s.go-mpulse.net
https://www.oracle.com/asset/web/favicons/favicon-120.png
https://blogs.oracle.com/
https://yep.video.yahoo.com/oath/js/1/oath-player.js?ypv=8.5.43&lang=en-US
https://www.linkedin.com/company/oracle/
https://tms.oracle.com/main/dev/utag.js
https://www.youtube.com/oracle/
https://s.yimg.com/nn/lib/metro/g/myy/advertisement_0.0.19.js
https://s.yimg.com/uu/api/res/1.2/_thhUXx96QwnlqajJOOzag--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=2023538075&c7=https%3A%2F%2Fwww.yahoo.com%2F&c
https://s.yimg.com/aaq/wf/wf-core-1.63.0.js
https://6.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830424%7C0%7C0%7CAdId=-41;BnId=0;ct=2070467765;st=
https://www.oracle.com/asset/web/favicons/favicon-180.png
https://go.oracle.com/subscriptions
https://oracle.112.2o7.net
https://s.yimg.com/uu/api/res/1.2/JB3oERIZNZLPfu6X4e9z6A--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
https://yahoo.com/
https://www.oracle.com/upgrade-browser/
https://www.oracle.com/asset/web/favicons/favicon-192.png
https://s.yimg.com/uu/api/res/1.2/iqJCDdqoBvMFTq393T2TJw--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
https://openweb.jac.yahoosandbox.com
https://6.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830441%7C0%7C225%7CAdId=11101911;BnId=2;ct=2070467
https://s.yimg.com/uu/api/res/1.2/gQ4w2GlaUg5XgxXVq6fU_w--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
https://fp-graviton-home-gateway.media.yahoo.com/
https://consent.trustarc.com
https://d.oracleinfinity.io
https://www.oracle.com/asset/web/fonts/redwoodicons.woff2
https://tags.tiqcdn.com/
https://s.yimg.com/uu/api/res/1.2/k6Yan1hmgAcQ_.RyIRyjKA--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
https://developer.oracle.com/
https://s2.go-mpulse.net/boomerang/
https://s.yimg.com/aaq/spotim/
https://s.yimg.com/uu/api/res/1.2/mSue5SVNN_TGu6vhxeFaIQ--~B/Zmk9c3RyaW07aD0zODg7cT05NTt3PTcyMDthcHB
https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
http://www.opensource.org/licenses/mit-license.php
https://twitter.com/oracle
https://s.yimg.com/uu/api/res/1.2/.qI7oCjOo8kDU9oJt_JGgg--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
https://developer.oracle.com/community/events/devlive-level-up-march-2023-recordings.html
https://s.yimg.com/uu/api/res/1.2/QfDZyyWWOuopF7byq4JOPw--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
https://streams.videolan.org/upload/
https://oracle.com/
https://tms.oracle.com/
https://legal.yahoo.com/us/en/yahoo/privacy/adinfo/index.html"
https://s.yimg.com/ss/rapid-3.53.38.js
http://schema.org
https://www.google.com/chrome/
https://search.yahoo.com/search?p=
https://investor.oracle.com/home/default.aspx
https://s.go-mpulse.net/boomerang/
https://academy.oracle.com/en/oa-web-overview.html
https://www.oracle.com/asset/web/fonts/oraclesansvf.woff2
https://www.ad.com/?utm_source=yahoo-home&utm_medium=referral&utm_campaign=ad-feedback"

Dropped files

Name	File Type	Hashes
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB19C.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\Windows\appcompat\Programs\Amcache.hve.LOG1	MS Windows registry file, NT/2000 or above	#
C:\Windows\appcompat\Programs\Amcache.hve	MS Windows registry file, NT/2000 or above	#
Click to see the 24 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\upgrade-browser[1].htm	HTML document, Unicode text, UTF-8 text, with very long lines (4345)	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\t5[1]	ASCII text, with very long lines (1000), with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\TBWYS6DL.htm	HTML document, ASCII text, with very long lines (64945)	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC15B.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC11D.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0FD.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0AF.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF65.tmp.dmp	Mini DuMP crash report, 14 streams, Wed May 31 01:09:46 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF27.tmp.dmp	Mini DuMP crash report, 14 streams, Wed May 31 01:09:46 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c55aaf39bde8f13d445c6aad2c0a878a5c24_82810a17_1d05b9a9\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB13D.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFA6.tmp.dmp	Mini DuMP crash report, 14 streams, Wed May 31 01:09:42 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CFB.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CEB.tmp.xml	XML 1.0 document, ASCII text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CBB.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CAC.tmp.WERInternalMetadata.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AC6.tmp.dmp	Mini DuMP crash report, 14 streams, Wed May 31 01:09:37 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AB7.tmp.dmp	Mini DuMP crash report, 14 streams, Wed May 31 01:09:37 2023, 0x1205a4 type	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c56e6db63eb6a43e45028e0a8fb2e35516856f4_82810a17_1e91c745\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c56e6db63eb6a43e45028e0a8fb2e35516856f4_82810a17_1e71ba64\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c55aaf39bde8f13d445c6aad2c0a878a5c24_82810a17_1e81c6c8\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c55aaf39bde8f13d445c6aad2c0a878a5c24_82810a17_1d1db9c8\Report.wer	Unicode text, UTF-16, little-endian text, with CRLF line terminators	#

main2.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

main2.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

main2.dll