Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

licking.dll

Status: finished
Submission Time: 2023-05-30 21:41:11 +02:00
Malicious
Trojan
Evader
Qbot

Comments

Tags

Details

  • Analysis ID:
    878603
  • API (Web) ID:
    1245593
  • Original Filename:
    licking.dat
  • Analysis Started:
    2023-05-30 21:41:11 +02:00
  • Analysis Finished:
    2023-05-30 22:04:31 +02:00
  • MD5:
    e9fc43dd574b57dc64eefed2f4e6ac42
  • SHA1:
    238188dea87ac33175067f63699ea32fe0f3111f
  • SHA256:
    ab9822cf40230dccf2ab7f76e4c68c0ceebb82c25ea1859fbbdca8b5cdf82212
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 80
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

IPs

IP Country Detection
27.0.48.233
 India
50.68.186.195
 Canada
186.75.95.6
 Panama
Click to see the 96 hidden entries
122.184.143.86
 India
90.78.147.141
 France
79.77.142.22
 United Kingdom
122.186.210.254
 India
89.129.109.27
 Spain
81.229.117.95
 Sweden
82.125.44.236
 France
47.149.134.231
 United States
98.145.23.67
 United States
70.28.50.223
 Canada
12.172.173.82
 United States
103.144.201.56
 unknown
80.6.50.34
 United Kingdom
78.18.105.11
 Ireland
103.42.86.42
 India
201.244.108.183
 Colombia
94.207.104.225
 United Arab Emirates
76.16.49.134
 United States
193.253.100.236
 France
69.242.31.249
 United States
89.36.206.69
 Italy
76.178.148.107
 United States
71.38.155.217
 United States
77.86.98.236
 United Kingdom
172.115.17.50
 United States
69.123.4.221
 United States
69.119.123.159
 United States
113.11.92.30
 Bangladesh
92.9.45.20
 United Kingdom
198.2.51.242
 United States
2.36.64.159
 Italy
24.198.114.130
 United States
103.123.223.133
 India
220.240.164.182
 Australia
104.35.24.154
 United States
151.65.167.77
 Italy
50.68.204.71
 Canada
65.95.141.84
 Canada
223.166.13.95
 China
58.186.75.42
 Viet Nam
78.160.146.127
 Turkey
174.58.146.57
 United States
92.154.17.149
 France
176.142.207.63
 France
86.97.55.89
 United Arab Emirates
79.168.224.165
 Portugal
213.64.33.61
 Sweden
173.88.135.179
 United States
96.56.197.26
 United States
178.175.187.254
 Moldova Republic of
64.121.161.102
 United States
82.131.141.209
 Hungary
68.203.69.96
 United States
73.29.92.128
 United States
84.35.26.14
 Netherlands
124.149.143.189
 Australia
184.181.75.148
 United States
183.87.163.165
 India
47.34.30.133
 United States
84.108.200.161
 Israel
186.64.67.30
 Argentina
14.192.241.76
 Malaysia
114.143.176.236
 India
161.142.103.187
 Malaysia
174.4.89.3
 Canada
92.186.69.229
 France
184.182.66.109
 United States
84.215.202.8
 Norway
86.195.14.72
 France
83.110.223.61
 United Arab Emirates
75.143.236.149
 United States
70.160.67.203
 United States
88.126.94.4
 France
102.159.188.125
 Tunisia
205.237.67.69
 Canada
70.112.206.5
 United States
151.62.238.176
 Italy
86.132.236.117
 United Kingdom
69.133.162.35
 United States
80.12.88.148
 France
95.45.50.93
 Ireland
47.205.25.170
 United States
85.57.212.13
 Spain
51.14.29.227
 United Kingdom
2.82.8.80
 Portugal
124.122.47.148
 Thailand
78.92.133.215
 Hungary
75.109.111.89
 United States
96.87.28.170
 United States
147.147.30.126
 United Kingdom
76.86.31.59
 United States
105.186.128.181
 South Africa
59.28.84.65
 Korea Republic of
81.101.185.146
 United Kingdom
125.99.76.102
 India
188.28.19.84
 United Kingdom

URLs

Name Detection
https://twitter.com/microsoft_ch
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"
https://d.impactradius-event.com
Click to see the 23 hidden entries
http://schema.org/Organization
https://publisher.liveperson.net
https://cdnssl.clicktale.net
https://www.xbox.com/
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
https://www.linkedin.com/company/1035
https://accdn.lpsnmedia.net
https://www.clarity.ms
https://www.instagram.com/microsoftch/
https://streams.videolan.org/upload/
https://outlook.live.com/owa/
https://analytics.tiktok.com
https://lptag.liveperson.net
https://aka.ms/yourcaliforniaprivacychoices
https://mem.gfx.ms
https://schema.org
http://upx.sf.net
https://www.youtube.com/user/MicrosoftCH
https://www.skype.com/de/
https://lpcdn.lpsnmedia.net
https://onedrive.live.com/about/de-ch/
https://js.monitor.azure.com
https://www.onenote.com/?omkt=de-CH

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91C0.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
 MS Windows registry file, NT/2000 or above
 #
C:\Windows\appcompat\Programs\Amcache.hve.tmp
 MS Windows registry file, NT/2000 or above
 #
Click to see the 22 hidden entries
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
 MS Windows registry file, NT/2000 or above
 #
C:\Windows\appcompat\Programs\Amcache.hve
 MS Windows registry file, NT/2000 or above
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\de-ch[1].htm
 HTML document, Unicode text, UTF-8 text, with very long lines (3929), with CRLF, LF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA26A.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1CD.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA19F.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA131.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FD8.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed May 31 04:42:18 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F3C.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed May 31 04:42:18 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91EF.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_13bb9ae6\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9086.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed May 31 04:42:14 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D8D.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D6D.tmp.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D2E.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D0F.tmp.WERInternalMetadata.xml
 XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BA6.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed May 31 04:42:08 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A9D.tmp.dmp
 Mini DuMP crash report, 14 streams, Wed May 31 04:42:08 2023, 0x1205a4 type
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_1cb3a815\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_1bab9b83\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_1cc7a70c\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_14339b25\Report.wer
 Unicode text, UTF-16, little-endian text, with CRLF line terminators
 #